You are on page 1of 11

Implementing Cisco IP Switched Networks - exam 300-115

1 of 11

‫ﺗﻤﺎس ﺑﺎ ﻣﺎ‬

‫درﺑﺎره ﻣﺎ‬

‫داﻧﻠﻮد ﮐﺘﺎب و ﻧﺮم اﻓﺰار‬

http://datis-arad.com/network/exams/cisco/ccnp/300-115/exam-ccnp-300...

‫آﻣﻮزش‬

VoIP ‫ﻣﺤﺼﻮﻻت‬

‫ﻧﻤﻮﻧﻪ ﺳﻮاﻻت آزﻣﻮن‬
Implementing Cisco IP Switched Networks - exam 300-115

‫راھﮑﺎرھﺎ‬

‫ﺧﺎﻧﻪ‬

‫ﻧﻤﻮﻧﻪ ﺳﻮاﻻت آزﻣﻮن ھﺎی ﺳﯿﺴﮑﻮ‬
CCNA Routing & Switching - exam 200-120
Implementing Cisco IP Routing - exam 300-101

Topic 1, Layer 2 Technologies

Implementing Cisco IP Switched - exam 300-115
Troubleshooting Cisco Networks - exam 300-135

QUESTION NO: 101

CCIE Written - exam 400-101

You have been asked to install and configure a new switch in a customer network. Use the console access to

CCNA Voice - exam 640-461

the existing and new switches to configure and verify correct device configuration.

‫ﻧﻤﻮﻧﻪ ﺳﻮاﻻت آزﻣﻮن ھﺎی ﻣﺎﯾﮑﺮوﺳﺎﻓﺖ‬
Configuring Windows Server 2012 - exam 70-410
Administering Windows Server 2012 - exam 70-411
Advanced Windows Server 2012 - exam 70-412
Designing a Server Infrastructure - exam 70-413
Implementing Server Infrastructure - exam 70-414

‫ ﺑﺮای‬.‫ ﺑﻪ زﺑﺎن ﻓﺎرﺳﯽ ﻣﻨﺘﺸﺮ ﺷﺪ‬CCNA Voice ‫اوﻟﯿﻦ ﮐﺘﺎب‬
You are connecting the New_Switch to the LAN topology; the switch has been partially configured and you

‫ ﺑﺮ روی ﻟﯿﻨﮏ‬,‫اطﻼﻋﺎت ﺑﯿﺸﺘﺮ و درﯾﺎﻓﺖ ﺑﺨﺸﯽ از ﮐﺘﺎب‬

need to complete the rest of configuration to enable PC1 communication with PC2. Which of the configuration

.‫ﮐﻠﯿﮏ ﮐﻨﯿﺪ‬

is correct?

9/4/2015 10:17 PM

Use the console access to the existing and new switches to configure and verify correct device configuration. QUESTION NO: 102 You have been asked to install and configure a new switch in a customer network. leaving only choice D as correct. step one is to find the correct VTP name on the other switches. 3 so either VTP version 2 or 3 can be configured on the new switch. so we know that this port must be an access port in VLAN 100. Option D E.. Note that the VTP versions supported in this network are 1. the VTP domain name must match. Option A B. Option E Answer: D Explanation: Within any VTP. This leaves only choice D and E.exam 300-115 2 of 11 http://datis-arad. We also see from the topology diagram that eth 0/0 of the new switch connects to a PC in VLNA 100. 9/4/2015 10:17 PM . Option B C.. So. Option C D. Logging in to SW1 and using the “show vtp status” command we see this: So we know that the VTP domain must be CCNP.Implementing Cisco IP Switched Networks .com/network/exams/cisco/ccnp/300-115/exam-ccnp-300. A. 2.

Use the console access to the existing and new switches to configure and verify correct device configuration.com/network/exams/cisco/ccnp/300-115/exam-ccnp-300. VLAN 99 C. 9/4/2015 10:17 PM . VLAN1 B. VLAN 200 G. VLAN 40 E. For which configured VLAN are untagged frames sent over trunk between SW1 and SW2? A. By issuing the “show interface trunk” command on SW1 and SW2 we see the native VLAN is 99. QUESTION NO: 103 You have been asked to install and configure a new switch in a customer network. VLAN 300 Answer: B Explanation: The native VLAN is used for untagged frames sent along a trunk. VLAN 50 F.. Refer to the configuration.Implementing Cisco IP Switched Networks . VLAN 999 D.exam 300-115 3 of 11 http://datis-arad..

com/network/exams/cisco/ccnp/300-115/exam-ccnp-300.Implementing Cisco IP Switched Networks . Configure VLAN 500 and VLAN 600 on SW1 only C. 9/4/2015 10:17 PM ... You are adding new VLANs. so we will need to add both VLANs to SW1 and SW2. SW2. but SW4 is a client. VLAN500 and VLAN600 to the topology in such way that you need to configure SW1 as primary root for VLAN 500 and secondary for VLAN 600 and SW2 as primary root for VLAN 600 and secondary for VLAN 500. Answer: A Explanation: By issuing the “show vtp status command on SW2.exam 300-115 4 of 11 http://datis-arad. Which configuration step is valid? A. Configure VLAN 500 and VLAN 600 on SW1 . On SW2. configure vtp mode as off and configure VLAN 500 and VLAN 600. Configure VLAN 500 and VLAN 600 on SW2 only D. configure back to vtp server mode. Configure VLAN 500 & VLAN 600 on both SW1 & SW2 B.SW2 and SW4 E. and SW4 we see that both SW1 and SW2 are operating in VTP server mode.

com/network/exams/cisco/ccnp/300-115/exam-ccnp-300.. Use the console access to the existing and new switches to configure and verify correct device configuration.Implementing Cisco IP Switched Networks ..exam 300-115 5 of 11 http://datis-arad. 9/4/2015 10:17 PM . QUESTION NO: 104 You have been asked to install and configure a new switch in a customer network.

In this case. only SW4 will connect to servers in a private VLAN.exam 300-115 6 of 11 http://datis-arad. Apply ip dhcp snooping trust on all interfaces with dynamic addresses. By default. 5.com/network/exams/cisco/ccnp/300-115/exam-ccnp-300. Disable VTP pruning on SW1 only B. DHCP snooping is inactive on all VLANs. Which of the following configuration steps will allow creating private VLANs? A. A DHCP snooping database agent should be configured. This step ensures that database entries are restored after a restart or switchover. authentication C. Answer: A Explanation: Minimum DHCP Snooping Configuration The minimum configuration steps for the DHCP snooping feature are as follows: 1. Enable DHCP snooping on at least one VLAN. Disable VTP pruning on New_Switch and SW4 only. C. authorization B. Disable VTP pruning on SW2 only C. Use IP Source Guard to protect the DHCP binding table entries from being lost upon rebooting. Infrastructure Security QUESTION NO: 105 A Cisco Catalyst switch that is prone to reboots continues to rebuild the DHCP snooping database. 2. which is a standards based protocol. you will need to only disable pruning on the switch that contains the private VLANs. Topic 2. QUESTION NO: 106 Which portion of AAA looks at what a user has access to? A. auditing Answer: A Explanation: These three ports show that they are in Port Channel 1. E.Implementing Cisco IP Switched Networks . D. Enable DHCP snooping for all VLANs that are associated with the switch. The protocol used for this port channel shows as LACP. Disable Option 82 for DHCP data insertion. Examine the VTP configuration. 9/4/2015 10:17 PM . Disable VTP pruning on SW2.. Ensure that DHCP server is connected through a trusted interface. accounting D. By default. B.. Configure the DHCP snooping database agent. Answer: C Explanation: To create private VLANs. Enable DHCP snooping globally. as opposed to PAgP. What is the solution to avoid the snooping database from being rebuilt after every device reboot? A. SW4 and New_Switch E. and the (SU) means they are in use and operating at layer 2. which is Cisco proprietary. 3. Define and configure the DHCP server. You are required to configure private VLANs for a new server deployment connecting to the SW4 switch. 4. Disable VTP pruning on SW4 only D. the trust state of all interfaces is untrusted.

Disable DHCP snooping information option. B.. On untrusted interfaces. Enable VTP version 3. Configure a static DHCP snooping binding entry on the switch. (config)# aaa authentication login default radius local B. C. Configure VTP Transparent Mode. To ensure network reachability to the server. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. QUESTION NO: 108 A server with a statically assigned IP address is attached to a switch that is provisioned for DHCP snooping. B. so it will primarily use RADIUS for authentication and fail over to the local user database only if the RADIUS server is unreachable. (config)# aaa authentication login radius local Answer: B Explanation: In the command “aaa authentication login login radius local” the second login is the name of the AAA method. Which configuration must be made before the private VLAN is configured? A. QUESTION NO: 110 A DHCP configured router is connected directly to a switch that has been provisioned with DHCP snooping. Ensure all switches are configured as VTP server mode. the DHCP snooping binding database. and discards ARP packets with invalid IP-to-MAC address bindings. Private VLANs also carry TLVs that are not known to all types of Cisco switches. Verify the source MAC address of all untrusted interfaces with ip dhcp snooping verify macaddress command. the switch forwards the packet only if it is valid. Answer: B Explanation: Dynamic ARP inspection is a security feature that validates ARP packets in a network. the network team is considering enabling dynamic ARP inspection alongside DHCP snooping. Answer: C Explanation: You must configure VTP to transparent mode before you can create a private VLAN. D.exam 300-115 7 of 11 http://datis-arad. logs. For more protection against malicious attacks. Which solution ensures that the server maintains network reachability in the future? A. If the ARP packet is received on a trusted interface. The switch performs these activities: • Intercepts all ARP requests and responses on untrusted ports • Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination. This capability protects the network from certain man-in-the-middle attacks. It intercepts.com/network/exams/cisco/ccnp/300-115/exam-ccnp-300. Disable VTP and manually assign VLANs. QUESTION NO: 109 A network engineer wants to ensure Layer 2 isolation of customer traffic using a private VLAN. Trust the interface that is connected to the server with the ip dhcp snooping trust command. IP 9/4/2015 10:17 PM . the switch forwards the packet without any checks.. Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. configure a static DHCP snooping binding entry on the switch. Private VLANs are configured in the context of a single switch and cannot have members on other switches. It also lists radius first then local. • Drops invalid ARP packets Dynamic ARP inspection determines the validity of an ARP packet based on valid IP-to MAC address bindings stored in a trusted database. QUESTION NO: 107 Which command creates a login authentication method named "login" that will primarily use RADIUS and fail over to the local user database? A. C. (config)# aaa authentication login default local radius D. D. (config)# aaa authentication login login radius local C.Implementing Cisco IP Switched Networks .

specify the rising threshold level for broadcast. The DHCP client interfaces have storm control configured. except for DHCP packets allowed by DHCP snooping. multicast.Implementing Cisco IP Switched Networks . The DHCP server does not support information option 82. An entry in this table has an IP address. F. but is unable to configure ip verify source under several of the interfaces. Which option is the cause of the problem? A. there are two caveats: • The DHCP server must support option 82. The interfaces are configured as Layer 3 using the no switchport command.) A.You can configure IP source guard with source IP address filtering or with source IP and MAC address filtering. The switchport is disabled when unicast traffic reaches 75% of the total interface bandwidth. The IP source binding table has bindings that are learned by DHCP snooping or are manually configured (static IP source bindings). E.00 to 100. A port access control list (ACL) is applied to the interface.D. E. specify the falling threshold level as a percentage (up to two decimal places) of the 9/4/2015 10:17 PM . You can enable IP source guard when DHCP snooping is enabled on an untrusted interface. QUESTION NO: 112 The command storm-control broadcast level 75 65 is configured under the switch port connected to the corporate mail server. D. Which option is the cause of this issue? A.exam 300-115 8 of 11 http://datis-arad. B. multicast. Layer 2 interfacesby filtering traffic based on the DHCP snooping binding database and on manually configured IP source bindings. The switch is configured for sdm prefer routing as the switched database management template. C. The MAC address of the DHCP client is learned as a secure address only when the switch receives non-DHCP data traffic. B.. SNMP traps are sent by default when broadcast traffic reaches 65% of the lower-level threshold. After IP source guard is enabled on an interface.com/network/exams/cisco/ccnp/300-115/exam-ccnp-300. C. Answer: C. Answer: B Explanation: IP source guard is a security feature that restricts IP traffic on nonrouted. B. The port blocks traffic when the rising threshold is reached. DHCP snooping must be enabled on all VLANs. even if they are not utilized for dynamic address allocation. or unicast traffic as a percentage (up to two decimal places) of the bandwidth. The switch drops broadcasts when they reach 75% of bandwidth. However. including access and trunk ports. the switch blocks all IP traffic received on the interface. C. QUESTION NO: 111 A switch is added into the production network to increase port capacity.. using the ip verify source port-security interface configuration command. D. D. or the client is not assigned an IP address. The local DHCP server is disabled prior to enabling IP Source Guard. By default. Multicast traffic is dropped at 65% and broadcast traffic is dropped at 75% of the total interface bandwidth. and its associated VLAN number. A network engineer is configuring the switch for DHCP snooping and IP Source Guard.F Explanation: storm-control{broadcast|multicast|unicast}level{level[level-low] |ppspps[pps-low]} Configure broadcast. storm control is disabled. or unicast storm control. The configured SVIs on the switch have been removed for the associated interfaces. The keywords have these meanings: • For level. • The MAC address in the DHCP packet is not learned as a secure address. The port ACL allows only IP traffic with a source IP address in the IP source binding table and denies all other traffic. No VLANs exist on the switch and/or the switch is configured in VTP transparent mode. The switch uses the IP source binding table only when IP source guard is enabled. Answer: A Explanation: When you enable both IP Source Guard and Port Security. clients are not receiving an IP address via the DHCP server. You can use IP source guard to prevent traffic attacks caused when a host tries to use the IP address of its neighbor. its associated MAC address. In which three ways does this command impact the traffic? (Choose three. The switch resumes forwarding broadcasts when they are below 65% of bandwidth. Static DHCP bindings are not configured on the switch. Source Guard with the ip verify source port-security command is configured under the interfaces that connect to all DHCP clients on the switch. IP source guard is supported only on Layer 2 ports. The range is 0. • (Optional) For level-low.00. Only broadcast traffic is limited by this particular storm control configuration.

Errors in the protocol-stack implementation. Dynamic ARP Inspection Answer: A Explanation: Storm control prevents traffic on a LAN from being disrupted by a broadcast. This is the default mode. Cisco IOS parser D. the network team has been overwhelmed with port reset requests. This value must be less than or equal to the rising suppression value.E Explanation: QUESTION NO: 115 While troubleshooting a network outage. switch# show mac address-table address <mac address> Answer: A. QUESTION NO: 114 The network monitoring application alerts a network engineer of a client PC that is acting as a rogue DHCP server. unicast. switch(config)# switchport port-security protect D. you can also use clear errdisable interface name vlan range command to re-enable the VLAN on the port. switch(config)# errdisable recovery cause psecure-violation C. or unicast storm on a port..) A.exam 300-115 9 of 11 http://datis-arad. or multicast packets. By default. If you do not configure a falling suppression level.00. mistakes in network configuration. You can also set the switch to shut down the port when the rising threshold is reached. switch# show port-security C. the broadcast keyword was used so only broadcast traffic is limited. switch# show mac address-table B. You can also customize the time to recover from the specified error disable cause (default is 300 seconds) by entering the errdisable recovery interval interval command. storm control is disabled. The range is 0. storm control B.com/network/exams/cisco/ccnp/300-115/exam-ccnp-300.. switch# show ip arp inspection E. If a port is in per-VLAN errdisable mode. multicast. In this case. 9/4/2015 10:17 PM . Which two commands help trace this PC when the MAC address is known? (Choose two. SDM routing C. The port forwards traffic when traffic drops below this level. Which command accomplishes this task? A. Which option decreases consumption of bandwidth used by broadcast traffic? A. A LAN storm occurs when packets flood the LAN. QUESTION NO: 113 After port security is deployed throughout an enterprise campus. you can bring it out of this state automatically by configuring the errdisable recovery cause psecure-violation global configuration command or you can manually reenable it by entering the shutdown and no shut down interface configuration commands. bandwidth. switch(config)# switchport port-security aging type inactivity E.00 to 100. Storm control uses rising and falling thresholds to block and then restore the forwarding of broadcast. switch# show ip verify source D.Implementing Cisco IP Switched Networks . integrated routing and bridging E. switch(config)# errdisable recovery interval 180 B. a network engineer discovered an unusually high level of broadcast traffic coming from one of the switch interfaces. Storm control is configured for the switch as a whole but operates on a per-port basis. They decide to configure the network to automate the process of re-enabling user ports. or users issuing a denial-of-service attack can cause a storm. switch(config)# errdisable recovery cause security-violation Answer: B Explanation: When a secure port is in the error-disabled state. creating excessive traffic and degrading network performance. it is set to the rising suppression level.

if that method fails to respond. A method list is simply a named list describing the authorization methods to be queried (such as RADIUS or TACACS+). you are defining a particular list of authorization methods for the indicated authorization type. network B. Method lists are specific to the authorization type requested: • Auth-proxy—Applies specific security policies on a per-user basis. QUESTION NO: 116 Which command globally enables AAA on a device? A. Because the switch acts as the proxy. 9/4/2015 10:17 PM . QUESTION NO: 119 Refer to the exhibit. • Network—Applies to network connections. refer to the chapter "Configuring Authentication Proxy" in the "Traffic Filtering and Firewalls" part of this book.1x? A.com/network/exams/cisco/ccnp/300-115/exam-ccnp-300. SLIP. the authentication service is transparent to the client. RADIUS with CoA D. • EXEC—Applies to the attributes associated with a user EXEC terminal session. Cisco IOS software uses the first method listed to authorize users for specific network services.Implementing Cisco IP Switched Networks . including global configuration commands. associated with a specific privilege level. thus ensuring a backup system in case the initial method fails. aaa new-model B. aaa authorization D. aaa authentication C.. or all methods defined are exhausted. or ARAP connection. enable AAA by using the aaa new-model global configuration command. This process continues until there is successful communication with a listed authorization method. auth-proxy Answer: A Explanation: Method lists for authorization define the ways that authorization will be performed and the sequence in which these methods will be performed. SLIP. QUESTION NO: 118 Which authentication service is needed to configure 802. and ARAP connections? A. RADIUS using VSA Answer: A Explanation: With 802. QUESTION NO: 117 Which AAA Authorization type includes PPP. • Reverse Access—Applies to reverse Telnet sessions. • Commands—Applies to the EXEC mode commands a user issues. RADIUS with EAP Extension B. the authentication server—performs the actual authentication of the client.. This can include a PPP.The Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server. EXEC D. TACACS+ C. Method lists enable you to designate one or more security protocols to be used for authorization. For detailed information on the authentication proxy feature. The authentication server validates the identity of the client and notifies the switch whether or not theclient is authorized to access the LAN and switch services. in sequence. When you create a named method list.exam 300-115 10 of 11 http://datis-arad. aaa accounting Answer: A Explanation: To configure AAA authentication. AAA features are not available for use until you enable AAA globally by issuing the aaa new-model command.1x. the Cisco IOS software selects the next method listed in the method list. Command authorization attempts authorization for all EXEC mode commands. IP mobile C.

login authentication default Answer: A Explanation: Here the console has been configured with the NO_AUTH name. if that fails use the line password. in which order does the device check the login credentials? A. Line password. local username Answer: A Explanation: SSH sessions use the vty lines. . QUESTION NO: 120 Refer to the exhibit.” The AAA default login preference is stated in order from first to last. Which login credentials are required when connecting to the console port in this output? A. RADIUS server. meaning that credentials are not required and all sessions are allowed access immediately. RADIUS server. username cisco with password cisco C. RADIUS server. then if that fails use the local user database. RADIUS server D. local username. local username.‫ﮐﻠﯿﻪ ﺣﻘﻮق ﻣﺎدی و ﻣﻌﻨﻮی اﯾﻦ ﺳﺎﯾﺖ ﻣﺮﺑﻮط ﺑﻪ ﺷﺮﮐﺖ داﺗﯿﺲ آراد ﺳﭙﻨﺘﺎ ﺑﻮده و ﺗﻨﮫﺎ ﮐﭙﯽ ﺑﺮداری از ﻣﻄﺎﻟﺐ آﻣﻮزﺷﯽ آن ﺑﺎ ذﮐﺮ ﻣﻨﺒﻊ‬ ‫ﺗﻤﺎس ﺑﺎ ﻣﺎ‬ ‫دﻋﻮت ﺑﻪ ھﻤﮑﺎری‬ ‫درﺑﺎره ﻣﺎ‬ ‫آﻣﻮزش‬ ‫راھﮑﺎرھﺎ‬ ‫ﺧﺎﻧﻪ‬ 9/4/2015 10:17 PM . line password. where the configured authentication method is named “default. Finally.‫ ﺑﻼﻣﺎﻧﻊ ﻣﯿﺒﺎﺷﺪ‬. so here the “aaa authentication login default group radius local line” means to use RADIUS first.. When a network administrator is attempting an SSH connection to the device. line password B.Implementing Cisco IP Switched Networks . local username C. which lists none as the authentication method. Line password.exam 300-115 11 of 11 http://datis-arad. no username with password linepass D.com/network/exams/cisco/ccnp/300-115/exam-ccnp-300.. none required B. None means no authentication.