New 21 HIKO Questions with Verification.

Thursday, February 23, 2017 9:57 AM
New Question 1
Which two statements about default FHRP behavior are true? (Choose two)
A. A backup GLBP active virtual gateway can become active only of the current active virtual gateway fails
B. Preemption is enabled by default
C. Unless specifically configured, the priority of an HSRP route is 200
D. A standby HSRP route becomes active if it has a higher priority than the priority of the current active router
E. A VRRP backup virtual router becomes the master router if its priority is higher than the priority of the current master router.

Correct Answer: A, E
Explanation:
By default, the GLBP gateway preemptive scheme is disabled. A backup virtual gateway can become the AVG only if the current AVG fails,
regardless of the priorities assigned to the virtual gateways. You can enable the GLBP preemptive scheme using the glbp preempt command.
Preemption allows a backup virtual gateway to become the AVG, if the backup virtual gateway is assigned a higher priority than the current
AVG.
From <http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html>

Backup router(s) are only supposed to send multicast packets during an election process. One exception to this rule is when a physical router is
configured with a higher priority than the current master, which means that on connection to the network it will preempt the master status. This
allows a system administrator to force a physical router to the master state immediately after booting, for example when that particular router is
more powerful than others within the virtual router. The backup router with the highest priority becomes the master router by raising
its priority above that of the current master. It will then take responsibility for routing packets sent to the virtual gateway's MAC address.
In cases where backup routers all have the same priority, the backup router with the highest IP address becomes the master router.
From <https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol>

D is also wrong because
This statement is wrong because in HSRP unlike VRRP you have to assign priority along with preempt values on backup router.
You can check the INE Video on HSRP, first 13 minutes will clarify this point.
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9234-hsrpguidetoc.html

New Question 2
Which statement about HSRP, GLBP, and VRRP is true?
A. VRRP group members communicate using multicast address 224.0.0.102
B. MAC address 0000.0c07.ac0c indicates that default gateway redundancy is provided through GLBP
C. HSRP group members communicate using multicast address 224.0.0.18
D. GLBP uses UDP port 3222 (Source and destination) for hello messages

Correct Answer: D
Explanation:
GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address 224.0.0.102, User
Datagram Protocol (UDP) port 3222 (source and destination).
From <http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html>

New Question 3
Refer to the exhibit.

Collected & Created this Doc by:
Waleed M Naeem
Click Here to Join our Whatsapp Switch Group
Click here to access complete study material

If you like my work, then connect with me on
Which statement about the current configuration on port Gigabit Ethernet2/0/1 is true?
linkedin and write few words of
A. It is an access port configured for a phone and a PC recommendation to me :)

B. It is a trunk port and the native VLAN is VLAN1
View My Linkedin Profile

•To clear dynamically learned port security MAC in the CAM table. The EtherChannel is operational and is using no EtherChannel protocol Correct Answer: D Explanation: Note:. But if the exhibit is some thing similar to the below image then correct answer will be D If port-channel showing as SU means etherchannel is up and operational & if the Protocol is not showing any thing _ only then it means channel-group 1 mode on command was executed which is equivalent to no protocol. E Explanation: To delete a sticky secure MAC addresses from the address table. For more info:- https://learningnetwork. The EtherChannel is down because of a mismatched EtherChannel protocol C.com/thread/10163 IF exhibit showing (SU) & Protocol as PagP then correct answer will be A IF exhibit showing (SD) & Ports as (I) means there is a mismatched on either side correct answer will be B IF exhibit showing (SD) & Protocol as LACP then correct answer will be C . use the no switchport port-security sticky mac- address mac_address command. Port Security sticky is still enabled on the older network switch port Correct Answer: A.we don't have the exhibit. C. The EtherChannel is down and configured for LACP D. After the PC is moved. The address keyword enables you to clear a secure MAC addresses. The interface keyword enables you to clear all secure addresses on an interface. It is a trunk port and the native VLAN is VLAN 700 D. It is an access port in Vlan 700 Correct Answer: B Explanation: A. use the clear port-security dynamic command. A network administrator moves a PC from one office deck to another. C. use the no switchport port-security sticky interface interface-id command.html> New Question 5 An engineer has run the show EtherChannel summary command and the output is displayed.cisco. Port security sticky is disabled on the new network switch port. The EtherChannel is operational and configured for PAgP B. Port security sticky exists on the new network switch port B. Port security is still enabled on the older network E. in picture its mentioned as a trunk port 3rd command B. Port security must be disabled on all access ports D. which statement about the stasuses of the EtherChannel is true? A. there is no native vlan command in the exhibit D. To delete all the sticky addresses on an interface or a VLAN. the network administrator clears the port secuirty on the new network switch port connecting to the PC.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/20ewa/configuration/guide/conf/port_sec. Which two factors are possible causes of the issue? (Choose two) A.C. All other statements are not matching with the exhibit so we assume its correct based on the default values. but the port keeps going back into err-disabled ode. There is no switch mode access command in the exhibit New Question 4 An enterprise network has port security stick enabled on all access ports. From <http://www.

which two VLAN ranges are loaded on the switch?(Choose two) A. B. Only edge ports moving to the blocking state generate a TC BPDU E. a port that moves to blocking no longer generates a TC). Correct Answer: D Explanation: You can only enable VTP pruning on a switch in VTP server mode.html> New Question 7 When is Cisco Catalyst switch that is configured in VTP server mode is first booted. Enable VTP pruning on any client switch in the domain.html> . When a RSTP bridge detects a topology change. VLANs greater than 1005 in the VLAN database file Correct Answer: B.1 hash B. only non-edge ports that move to the forwarding state cause a topology change.dat file.New Question 6 Which statement is true about RSTP topology changes? A. Enable VTP pruning on every switch in the domain. Any change in the state of the port generates a TC BDPU B.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146. then a TC BDPU is generated D. all VLANs are in the VLAN database B.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp. Enable VTP pruning on any switch in the management domain.cisco. This means that a loss of connectivity is not considered as a topology change any more. C. It flushes the MAC addresses associated with all these ports. contrary to 802. or the startup VTP mode or domain names do not match the VLAN database. VLANs greater than 1005 are configured from the switch configuration file. Only nonedge ports moving to the forwarding state generate a TC BDPU C. Making VLANs pruning-eligible or pruning- ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). Enable VTP pruning on a VTP server in the management domain.html> Enabling VTP pruning on a VTP server enables pruning for the entire management domain.com/c/en/us/support/docs/switches/catalyst-2940-series-switches/109304-manage-vlandat.cisco. these occur: It starts the TC While timer with a value equal to twice the hello-time for all its non-edge designated ports and its root port. such as the vlan.cisco.1D (that is. It adds an FCS field at the end of each VTP ftame the consistenccy checking C. It supports the use of AES to encrypt VTP messaging E. The first 1005 VLANs in the VLAN database file D. From <http://www. E New Question 9 What action should a network admin take to enable VTP pruning on an entire management domain? A. VTP mode and VLAN configuration for the first 1005 VLANs are selected by VLAN database information. if necessary. It stores the VTP domain password securely as a SHA. The first 1005 VLANs in the startup-config file E. It can be configured to allow only one VTP server to make changes to the VTP domain Correct Answer: C. From <http://www. Any loss of connectivity generates a TC BDPU Correct Answer: B Explanation: Topology Change Detection In RSTP.html> New Question 8 Which two options are advantages of deploying VTPv3? (Choose two) A.C Explanation: If the startup VTP mode is server mode.cisco. If either an edge port or a nonedge port move to a block state. D. From <http://www.VLANs greater than 1005 in the startup-config file C.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp. From <http://www. It supports the propagation of private VLANs D.

Interface Gi5/1 is using an industry standard trunking protocol E. F Explanation: New Question 11 Refer to the exhibit. On interface Gi5/1. On interface Gi6/2. spanning-tree mst 1 root primary C. all untagged traffic is tagged with VLAN 600 Correct Answer: D. The device is configured with the defailt MST region D. all untagged traffic is tagged with VLAN 113 C. Interface Gi6/2 is the root port for VLAN 30 F. Interface Gi5/1 is using a Cisco proprietary trunking protocol B. Which two statements about SW1 are true? (Choose two) A. spanning-tree mst vlan 10. Which two commands ensure that DSW1 becomes root bridge for VLAN 10 and 20? (Choose two) A.20 priority root .New Question 10 Refer to the exhibit. spanning-tree mstp1 priority 0 B.

The range is from 1 to 4094. 40960. redirect traffic D.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12 -2_53_se/configuration/guide/3750xscg/swsdm.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/MST. 100 Di st ribution1( config. and 61440. From <http://www. the range is from 0 to 61440 in increments of 4096.mst )#exi t Di st ribution1( config) #spanni ng-tree mst 0. 30.20 root primary Correct Answer: B. When a new switch is added to a stack. A lower number indicates that the switch will most likely be chosen as the root bridge. Priority values are 0. traffic storm control generates an SNMP trap. From <http://www. 32768. All switches in stack B. the SDM configuration that is stored on the stack master overrides the t emplate configured on an individual switch From <http://www. spanning-tree mst 1 prioirty 1 F spanning-tree mst vlan 10.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/storm.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/72844-MST. all stack members must use the same SDM desktop template that is stored on the stack master. 12288. 40.mst )#i nst ance 2 vl an 20. 57344. D Explanation: Di st ribution1( config) #spanni ng-tree mst configur ation Di st ribution1( config. 53248. 20480.cisco. 36864. 24576.mst )#name regi on1 Di st ribution1( config. which two actions can be configured to occ ur? (Choose two.html> . 4096. 49152.html > New Question 12 In a switch stack where is the the SDM template stored? A.) A. E Explanation: • Shutdown—When a traffic storm occurs. notify admin C. Trap B. 45056. 8192. For priority. use the error- disable detection and recovery feature or the shutdown and no shutdown commands. shut down Correct Answer: A. or a series of instances separated by a comma. Flash memory D. 200 Di st ribution1( config. Master switch C.cisco. traffic storm control puts the port into the error-disabled state. a range of instances separated by a hyphen.mst )#r evi si on 10 Di st ribution1( config. 28672. Another Correct Answer: B Explanation: In a Catalyst 3750-X-only or a mixed hardware switch stack. spanning-tree mst 1 prioirty 4096 E.html> New Question 13 If StormControl is enabled on a port and the traffic reaches the configured level.cisco. log E. 16384. the default is 32768.html> witch(config)#spanning-tree Configures a switch priority as follows: mstinstance-id prioritypriority-value For instance-id. you can specify a single instance. • Trap—When a traffic storm occurs. The system rejects all other values.1 root pri mar y Di st ribution1( config) #spanni ng-tree mst 2 root secondar y From <http://www.cisco.mst )#i nst ance 1 vl an 10. To reenable ports. D.

11. then a TC BDPU is generated D. When the switch loses power and reboots E.11.16.16.11. If either an edge port or a nonedge port move to a block state. When the phone previously on Fa0/2 is now connect to Fa0/5 Correct Answer: C.112 is preferred over the router with IP address 172. The IP address 172. which three statements about HSRP are true? (Choose Three) A. Routing should occur at the access layer if voice VLANs is utilized. routing should occur at the distribution layer. Otherwise. Correct Answer: BD . Routing may be performed at all layers but is most commonly done at the core and distribution layers C. Vlans should ne localized to a single switch unless voice VLANs are being utilized.111 B. Any loss of connectivity generates a TC BDPU Correct Answer: B New Question 16 Refer to the exhibit.11.11. B. The priority of the router with IP address 172. D New Question 17 Which two statements are true about recommended practices that are to be used in a local VLAN solution design where layer 2 traffic is to be kept to a minimum? (Choose two) A. B.115 is the virtual HSRP IP address E. When 61 MAC address are in the switch C.11.16.112 has nonpreempt configured F.16. Only edge ports moving to the blocking state generate a TC BPDU E. The router with IP address 172. E New Question 15 Which statement is true about RSTP topology changes? A.16. Vlans should be local to a Switch E. Routing should not be performed between VLANs located on separate switches.111 has preempt configured C. Correct Answer: A.16.112 is using default HSRP priority.New Question 14 Refer to the exhibit Switch(config)#snamp-server enable traps mac-notification Switch(config)#mac address-table notification threshold Switch(config)#mac address-table notification threshold limit 60 Switch(config)#mac address-table notification mac-move Which two statements correctly indicate when an SNMP trap is set to the switch? (Choose two) A. The final active router is the router with IP address 172. The router with IP address 172.111 D. When a new workstation connects to port F0/1 B.16. D. The router with IP address 172. Any change in the state of the port generates a TC BDPU B.11. Only nonedge ports moving to the forwarding state generate a TC BDPU C. Based on the debug output. When 61 percent of the Address table capacity is used D.

based on the output what is the problem: A. Waleed M Naeem A. If a BPDU is received on a Port Fast-enabled interface. As we know Vtp transparent mode supports private vlans. From <http://www. then PortFast is disabled and the BPDUs are processed normally. the interface loses its Port Fast-operational status. If there is a question asking which mode then we will select Transparent.cisco. version 2 Correct Answer: B Explanation: This question asking for which version not which mode. the etherchannel protocol on switch 1 is not correct D. then connect with me on linkedin and write few words of D. The interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. Spanning tree port priority Click Here to Join our Whatsapp Switch Group Click here to access complete study material B. Spanning tree cost C.New Question 18 What is the effect of configuring the following command on a switch? Switch(config)# spanning-tree portfast bdpufilter default A. he notices the error message on Switch 2 (error message channel- missconfiguring error).html> New Question 19 To provide security. version 3 C. VTP does not support private VLANs D. Trunk allow vlan Correct Answer: D. The command enables BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt. E View My Linkedin Profile . the etherchannel on the switch 1 using incorrect member port B. so most probably its coming from next switch. a service porvider configured various private VLANs in its backbone network infrastructure to prevent certain VLAN communicating to each other. If BPDUs are received by a port configured for PortFast. D. Which version of VTP supports the use of private VLANs? A. they are ignored and none are sent. you can enable BPDU filtering on Port Fast-enabled interfaces by using thespanning-tree portfast bpdufilter default global configuration command. and BPDU filtering is disabled. But on VTPv3 it’s a default feature to support private vlans. C. This command prevents interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. If BPDUs are received by a port configured for PortFast. Interface Description If you like my work. the etherchannel interface of switch 2 is not configured Correct Answer: C Explanation: Switch 2 is receiving the error msg. the etherchannel interface of switch 1 is not configured C. If BPDUs are received by a port configured for PortFast. If on one side etherchannel protocol is lacp and on the other side is pagp or uncompatible modes active/on etc then channel-missconfiguring errror msg will be generated. Correct Answer: A Explanation: At the global level. You should globally enable BPDU filtering on a switch so that hosts connected to these interfaces do not receive BPDUs. New Question 21 Collected & Created this Doc by: What condition must match during etherchannel configuration. the port transitions to the forwarding state. version 1 B. New Question 20 Refer to the exhibit (Do not have the exhibit) An engineer is configuring an etherchannel between two switches. B. Trunk mode recommendation to me :) E.