You are on page 1of 7

New 21 HIKO Questions with Verification.

Thursday, February 23, 2017 9:57 AM
New Question 1
Which two statements about default FHRP behavior are true? (Choose two)
A. A backup GLBP active virtual gateway can become active only of the current active virtual gateway fails
B. Preemption is enabled by default
C. Unless specifically configured, the priority of an HSRP route is 200
D. A standby HSRP route becomes active if it has a higher priority than the priority of the current active router
E. A VRRP backup virtual router becomes the master router if its priority is higher than the priority of the current master router.

Correct Answer: A, E
Explanation:
By default, the GLBP gateway preemptive scheme is disabled. A backup virtual gateway can become the AVG only if the current AVG fails,
regardless of the priorities assigned to the virtual gateways. You can enable the GLBP preemptive scheme using the glbp preempt command.
Preemption allows a backup virtual gateway to become the AVG, if the backup virtual gateway is assigned a higher priority than the current
AVG.
From <http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html>

Backup router(s) are only supposed to send multicast packets during an election process. One exception to this rule is when a physical router is
configured with a higher priority than the current master, which means that on connection to the network it will preempt the master status. This
allows a system administrator to force a physical router to the master state immediately after booting, for example when that particular router is
more powerful than others within the virtual router. The backup router with the highest priority becomes the master router by raising
its priority above that of the current master. It will then take responsibility for routing packets sent to the virtual gateway's MAC address.
In cases where backup routers all have the same priority, the backup router with the highest IP address becomes the master router.
From <https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol>

D is also wrong because
This statement is wrong because in HSRP unlike VRRP you have to assign priority along with preempt values on backup router.
You can check the INE Video on HSRP, first 13 minutes will clarify this point.
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9234-hsrpguidetoc.html

New Question 2
Which statement about HSRP, GLBP, and VRRP is true?
A. VRRP group members communicate using multicast address 224.0.0.102
B. MAC address 0000.0c07.ac0c indicates that default gateway redundancy is provided through GLBP
C. HSRP group members communicate using multicast address 224.0.0.18
D. GLBP uses UDP port 3222 (Source and destination) for hello messages

Correct Answer: D
Explanation:
GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address 224.0.0.102, User
Datagram Protocol (UDP) port 3222 (source and destination).
From <http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html>

New Question 3
Refer to the exhibit.

Collected & Created this Doc by:
Waleed M Naeem
Click Here to Join our Whatsapp Switch Group
Click here to access complete study material

If you like my work, then connect with me on
Which statement about the current configuration on port Gigabit Ethernet2/0/1 is true?
linkedin and write few words of
A. It is an access port configured for a phone and a PC recommendation to me :)

B. It is a trunk port and the native VLAN is VLAN1
View My Linkedin Profile

Port Security sticky is still enabled on the older network switch port Correct Answer: A. in picture its mentioned as a trunk port 3rd command B. use the no switchport port-security sticky interface interface-id command. The interface keyword enables you to clear all secure addresses on an interface. there is no native vlan command in the exhibit D. After the PC is moved.cisco.we don't have the exhibit. The EtherChannel is down because of a mismatched EtherChannel protocol C. The EtherChannel is down and configured for LACP D. The address keyword enables you to clear a secure MAC addresses. For more info:- https://learningnetwork. The EtherChannel is operational and is using no EtherChannel protocol Correct Answer: D Explanation: Note:.cisco. All other statements are not matching with the exhibit so we assume its correct based on the default values. C. Port security sticky exists on the new network switch port B. but the port keeps going back into err-disabled ode. The EtherChannel is operational and configured for PAgP B. Port security is still enabled on the older network E. There is no switch mode access command in the exhibit New Question 4 An enterprise network has port security stick enabled on all access ports. It is a trunk port and the native VLAN is VLAN 700 D.html> New Question 5 An engineer has run the show EtherChannel summary command and the output is displayed. It is an access port in Vlan 700 Correct Answer: B Explanation: A. E Explanation: To delete a sticky secure MAC addresses from the address table. use the clear port-security dynamic command. which statement about the stasuses of the EtherChannel is true? A. But if the exhibit is some thing similar to the below image then correct answer will be D If port-channel showing as SU means etherchannel is up and operational & if the Protocol is not showing any thing _ only then it means channel-group 1 mode on command was executed which is equivalent to no protocol.com/thread/10163 IF exhibit showing (SU) & Protocol as PagP then correct answer will be A IF exhibit showing (SD) & Ports as (I) means there is a mismatched on either side correct answer will be B IF exhibit showing (SD) & Protocol as LACP then correct answer will be C .com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/20ewa/configuration/guide/conf/port_sec. From <http://www. Port security must be disabled on all access ports D. A network administrator moves a PC from one office deck to another. •To clear dynamically learned port security MAC in the CAM table. the network administrator clears the port secuirty on the new network switch port connecting to the PC.C. Which two factors are possible causes of the issue? (Choose two) A. use the no switchport port-security sticky mac- address mac_address command. C. Port security sticky is disabled on the new network switch port. To delete all the sticky addresses on an interface or a VLAN.

cisco. Enable VTP pruning on any switch in the management domain. It supports the use of AES to encrypt VTP messaging E. The first 1005 VLANs in the VLAN database file D. Enable VTP pruning on any client switch in the domain. From <http://www. This means that a loss of connectivity is not considered as a topology change any more. It supports the propagation of private VLANs D. which two VLAN ranges are loaded on the switch?(Choose two) A. VLANs greater than 1005 are configured from the switch configuration file. Enable VTP pruning on every switch in the domain.html> New Question 8 Which two options are advantages of deploying VTPv3? (Choose two) A. From <http://www.VLANs greater than 1005 in the startup-config file C. It flushes the MAC addresses associated with all these ports.C Explanation: If the startup VTP mode is server mode. From <http://www. Making VLANs pruning-eligible or pruning- ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain). C. It stores the VTP domain password securely as a SHA. The first 1005 VLANs in the startup-config file E. if necessary.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp. VTP mode and VLAN configuration for the first 1005 VLANs are selected by VLAN database information. B.html> .1 hash B.com/c/en/us/support/docs/switches/catalyst-2940-series-switches/109304-manage-vlandat. Correct Answer: D Explanation: You can only enable VTP pruning on a switch in VTP server mode. Any loss of connectivity generates a TC BDPU Correct Answer: B Explanation: Topology Change Detection In RSTP.cisco.html> Enabling VTP pruning on a VTP server enables pruning for the entire management domain. contrary to 802. Only edge ports moving to the blocking state generate a TC BPDU E.1D (that is.dat file. If either an edge port or a nonedge port move to a block state.cisco. Any change in the state of the port generates a TC BDPU B. Only nonedge ports moving to the forwarding state generate a TC BDPU C. It adds an FCS field at the end of each VTP ftame the consistenccy checking C. D. E New Question 9 What action should a network admin take to enable VTP pruning on an entire management domain? A. or the startup VTP mode or domain names do not match the VLAN database. It can be configured to allow only one VTP server to make changes to the VTP domain Correct Answer: C. From <http://www.New Question 6 Which statement is true about RSTP topology changes? A. a port that moves to blocking no longer generates a TC).html> New Question 7 When is Cisco Catalyst switch that is configured in VTP server mode is first booted. Enable VTP pruning on a VTP server in the management domain. VLANs greater than 1005 in the VLAN database file Correct Answer: B. all VLANs are in the VLAN database B. only non-edge ports that move to the forwarding state cause a topology change. such as the vlan.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146. these occur: It starts the TC While timer with a value equal to twice the hello-time for all its non-edge designated ports and its root port. When a RSTP bridge detects a topology change. then a TC BDPU is generated D.

Interface Gi5/1 is using an industry standard trunking protocol E. spanning-tree mst 1 root primary C.20 priority root .New Question 10 Refer to the exhibit. Interface Gi6/2 is the root port for VLAN 30 F. spanning-tree mst vlan 10. Which two statements about SW1 are true? (Choose two) A. all untagged traffic is tagged with VLAN 113 C. F Explanation: New Question 11 Refer to the exhibit. Which two commands ensure that DSW1 becomes root bridge for VLAN 10 and 20? (Choose two) A. On interface Gi5/1. On interface Gi6/2. Interface Gi5/1 is using a Cisco proprietary trunking protocol B. spanning-tree mstp1 priority 0 B. The device is configured with the defailt MST region D. all untagged traffic is tagged with VLAN 600 Correct Answer: D.

D Explanation: Di st ribution1( config) #spanni ng-tree mst configur ation Di st ribution1( config. or a series of instances separated by a comma.html> New Question 13 If StormControl is enabled on a port and the traffic reaches the configured level. spanning-tree mst 1 prioirty 1 F spanning-tree mst vlan 10. A lower number indicates that the switch will most likely be chosen as the root bridge. Trap B. The range is from 1 to 4094. 200 Di st ribution1( config.html> witch(config)#spanning-tree Configures a switch priority as follows: mstinstance-id prioritypriority-value For instance-id. To reenable ports.mst )#i nst ance 1 vl an 10. a range of instances separated by a hyphen.20 root primary Correct Answer: B. E Explanation: • Shutdown—When a traffic storm occurs. Priority values are 0.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/storm. 16384. 53248. • Trap—When a traffic storm occurs. redirect traffic D. traffic storm control generates an SNMP trap. 28672. the SDM configuration that is stored on the stack master overrides the t emplate configured on an individual switch From <http://www.cisco. the default is 32768. 100 Di st ribution1( config. Another Correct Answer: B Explanation: In a Catalyst 3750-X-only or a mixed hardware switch stack. 36864. 45056. all stack members must use the same SDM desktop template that is stored on the stack master. Flash memory D. you can specify a single instance. All switches in stack B.cisco. 8192.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/72844-MST. which two actions can be configured to occ ur? (Choose two.1 root pri mar y Di st ribution1( config) #spanni ng-tree mst 2 root secondar y From <http://www.mst )#name regi on1 Di st ribution1( config. Master switch C.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/MST. 30. use the error- disable detection and recovery feature or the shutdown and no shutdown commands.cisco. shut down Correct Answer: A. When a new switch is added to a stack. 57344. and 61440. The system rejects all other values.cisco. log E.mst )#exi t Di st ribution1( config) #spanni ng-tree mst 0. 4096. 20480.mst )#i nst ance 2 vl an 20. For priority. From <http://www. 40. 24576.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12 -2_53_se/configuration/guide/3750xscg/swsdm.html > New Question 12 In a switch stack where is the the SDM template stored? A. 32768.html> . spanning-tree mst 1 prioirty 4096 E. 12288. From <http://www.mst )#r evi si on 10 Di st ribution1( config.) A. traffic storm control puts the port into the error-disabled state. 40960. the range is from 0 to 61440 in increments of 4096. notify admin C. 49152. D.

Otherwise.112 has nonpreempt configured F.111 has preempt configured C. Only edge ports moving to the blocking state generate a TC BPDU E. When the phone previously on Fa0/2 is now connect to Fa0/5 Correct Answer: C. The IP address 172. Correct Answer: A. B. Routing should not be performed between VLANs located on separate switches. routing should occur at the distribution layer.111 D. Based on the debug output.16. The router with IP address 172.11. The priority of the router with IP address 172. Correct Answer: BD .16. Vlans should ne localized to a single switch unless voice VLANs are being utilized.11.16. B.115 is the virtual HSRP IP address E. Any loss of connectivity generates a TC BDPU Correct Answer: B New Question 16 Refer to the exhibit. D. Routing may be performed at all layers but is most commonly done at the core and distribution layers C.New Question 14 Refer to the exhibit Switch(config)#snamp-server enable traps mac-notification Switch(config)#mac address-table notification threshold Switch(config)#mac address-table notification threshold limit 60 Switch(config)#mac address-table notification mac-move Which two statements correctly indicate when an SNMP trap is set to the switch? (Choose two) A.112 is using default HSRP priority. The final active router is the router with IP address 172. When 61 percent of the Address table capacity is used D.11. D New Question 17 Which two statements are true about recommended practices that are to be used in a local VLAN solution design where layer 2 traffic is to be kept to a minimum? (Choose two) A.111 B. When 61 MAC address are in the switch C. If either an edge port or a nonedge port move to a block state.11.112 is preferred over the router with IP address 172. E New Question 15 Which statement is true about RSTP topology changes? A. then a TC BDPU is generated D. Only nonedge ports moving to the forwarding state generate a TC BDPU C. Routing should occur at the access layer if voice VLANs is utilized.11.16. The router with IP address 172. Any change in the state of the port generates a TC BDPU B. When a new workstation connects to port F0/1 B. Vlans should be local to a Switch E. When the switch loses power and reboots E. The router with IP address 172.11.16.16.11. which three statements about HSRP are true? (Choose Three) A.16.

If BPDUs are received by a port configured for PortFast. If there is a question asking which mode then we will select Transparent. You should globally enable BPDU filtering on a switch so that hosts connected to these interfaces do not receive BPDUs. D. Spanning tree cost C. and BPDU filtering is disabled. B. version 3 C. then connect with me on linkedin and write few words of D. The command enables BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level. version 1 B. the interface loses its Port Fast-operational status. If a BPDU is received on a Port Fast-enabled interface.New Question 18 What is the effect of configuring the following command on a switch? Switch(config)# spanning-tree portfast bdpufilter default A. If BPDUs are received by a port configured for PortFast. Trunk mode recommendation to me :) E. the etherchannel protocol on switch 1 is not correct D. he notices the error message on Switch 2 (error message channel- missconfiguring error). Spanning tree port priority Click Here to Join our Whatsapp Switch Group Click here to access complete study material B. Which version of VTP supports the use of private VLANs? A. based on the output what is the problem: A. But on VTPv3 it’s a default feature to support private vlans.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt. From <http://www. they are ignored and none are sent. VTP does not support private VLANs D. New Question 20 Refer to the exhibit (Do not have the exhibit) An engineer is configuring an etherchannel between two switches. the etherchannel interface of switch 2 is not configured Correct Answer: C Explanation: Switch 2 is receiving the error msg. If BPDUs are received by a port configured for PortFast. If on one side etherchannel protocol is lacp and on the other side is pagp or uncompatible modes active/on etc then channel-missconfiguring errror msg will be generated. C. The interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. E View My Linkedin Profile . then PortFast is disabled and the BPDUs are processed normally. version 2 Correct Answer: B Explanation: This question asking for which version not which mode. This command prevents interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. Correct Answer: A Explanation: At the global level.cisco. the port transitions to the forwarding state. the etherchannel interface of switch 1 is not configured C. a service porvider configured various private VLANs in its backbone network infrastructure to prevent certain VLAN communicating to each other. so most probably its coming from next switch. Interface Description If you like my work.html> New Question 19 To provide security. you can enable BPDU filtering on Port Fast-enabled interfaces by using thespanning-tree portfast bpdufilter default global configuration command. the etherchannel on the switch 1 using incorrect member port B. Waleed M Naeem A. New Question 21 Collected & Created this Doc by: What condition must match during etherchannel configuration. As we know Vtp transparent mode supports private vlans. Trunk allow vlan Correct Answer: D.