You are on page 1of 42

3-Chapter 1

1 Which three features are commonly supported at the distribution layer of the Cisco hierarchical network
model? (Choose three.)

A. security policies
B. Power over Ethernet
C. switch port security
D. quality of service
E. Layer 3 functionality
F. end user access to network

2 Configuring communication between devices on different VLANs requires the use of which layer of the OSI

A. Layer 1
B. Layer 3
C. Layer 4
D. Layer 5


Refer to the exhibit. Beginning with HR servers and workstations, a network engineer is designing a new
security structure for the network. Which set of policies adheres to the hierarchical network model design

A. Implement Layer 3 switching on S1 to reduce the packet processing load on D1 and D2. Install all security
processing on S1 to reduce network traffic load.
B. Configure port security options on S1. Use Layer 3 access control features on D1 and D2 to limit access to
the HR servers to just the HR subnet.
C. Move all HR assets out of the data center and connect them to S1. Use Layer 3 security functions on S1 to

deny all traffic into and out of S1.
D. Perform all port access and Layer 3 security functions on C1.


Refer to the exhibit. What characteristic of hierarchical network designs is exhibited by having SW3 connected
to both SW1 and Sw2?

A. scalability
B. security
C. redundancy
D. maintainability

5 Which two characteristics are associated with enterprise level switches? (Choose two.)

A. low port density
B. high forwarding rate
C. high latency level
D. support link aggregation
E. predefined number of ports

6 A technician is attempting to explain Cisco StackWise technology to a client that is setting up three stackable
switches. Which explanation accurately describes StackWise technology?

A. StackWise technology allows up to eight ports to be bound together to increase available bandwidth.
B. StackWise technology allows the switch to deliver power to end devices by using existing Ethernet cabling.
C. StackWise technology allows the switch capabilities and ports to be expanded by the addition of line cards.
D. StackWise technology allows up to nine switches to be interconnected via the use of a fully redundant

7 For organizations that are implementing a voice over IP solution, what functionality should be enabled at all
three layers of the hierarchical network?

A. Power over Ethernet

B. quality of service
C. switch port security
D. inter-VLAN routing

8 Which layer of the hierarchical design model provides a means of connecting devices to the network and
controlling which devices are allowed to communicate on the network?

A. application
B. access
C. distribution
D. network
E. core

9 Link aggregation should be implemented at which layer of the hierarchical network?

A. core only
B. distribution and core
C. access and distribution
D. access, distribution, and core

10 At which heirarchical layer are switches normally not required to process all ports at wire speed?
A. core layer
B. distribution layer
C. access layer
D. entry layer
11 A network administrator is selecting a switch that will operate at the network core. Which three features
should the switch support for optimum network performance and reliability? (Choose three.)

A. port security
B. security policies
C. 10 Gigabit Ethernet
D. quality of service (QoS)
E. hot-swappable hardware
F. Power over Ethernet (PoE)

12 Which hierarchical design characteristic would be recommended at both the core and distribution layers to
protect the network in the case of a route failure?

A. PoE
B. redundancy
C. aggregation
D. access lists

13 Which two features are supported at all three levels of the Cisco three-layer hierarchical model? (Choose

A. Power over Ethernet
B. load balancing across redundant trunk links
C. redundant components
D. Quality of Service

E. link aggregation

14 Which feature supports higher throughput in switched networks by combining multiple switch ports?

A. convergence
B. redundant links
C. link aggregation
D. network diameter

15 Which hierarchical design model layer controls the flow of network traffic using policies and delineates
broadcast domains by performing routing functions between virtual LANs (VLANs)?
A. application
B. access
C. distribution
D. network
E. core
16 A network technician is asked to examine an existing switched network. Following this examination, the
technician makes recommendations for adding new switches where needed and replacing existing equipment
that hampers performance. The technician is given a budget and asked to proceed. Which two pieces of
information would be helpful in determining necessary port density for new switches? (Choose two.)
A. forwarding rate
B. traffic flow analysis
C. expected future growth
D. number of required core connections
E. number of hubs that are needed in the access layer to increase performance

17 What statement best describes a modular switch?
A. a slim-line chassis
B. allows interconnection of switches on redundant backplane
C. defined physical characteristics
D. flexible characteristics

18 Which layer of the hierarchical network design model is refered to as the high-speed backbone of the
internetwork, where high availability and redundancy are critical?
A. access layer
B. core layer
C. data-link layer
D. distribution layer
E. network layer
F. physical layer

19 Which layer of the OSI model does an access layer LAN switch use to make a forwarding decision?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

20 What is the likely impact of moving a conventional company architecture to a completely converged

E. 2What are two features of VTP client mode operation? (Choose two. QoS issues are greatly reduced. 3-Chapter 4 1 Refer to the exhibit.A. The lab domain has a higher revision number. C. Change S2 to client mode so the VLANs will automatically propagate. Local analog phone service can be completely outsourced to cost-effective providers. A shared infrastructure is created resulting in a single network to manage. S2 was previously used in a lab environment and has been added to the production network in server mode. What will solve the problem? Reset the revision number on S2 with either the delete VTP command or by changing the domain name and then changing it back. except VLAN 1. After S2 was added to the production network. D. B. many computers lost network connectivity. Change S1 to transparent VTP mode to reclaim all VLANs in vlan. manually on Switch1 so that they propagate throughout the network. so the network administrator made no configuration changes to S2 before adding it to the production network. Re-enter all appropriate VLANs. The lab and production networks use the same VTP domain name. The Ethernet VLAN structure is less complex. There is less bandwidth competition between voice and video streams.dat and change back to server mode.) unable to add VLANs can add VLANs of local significance forward broadcasts out all ports with no respect to VLAN information can only pass VLAN management information without adopting changes can forward VLAN information to other switches in the same VTP domain 3 .

Transparent mode switches do not forward VTP advertisements. What is the reason for this? VLANs cannot be created on transparent mode switches. 4Which two statements are true about VTP pruning? (Choose two. Switches S2 and S3 are in client mode. Pruning will prevent unnecessary flooding of broadcasts across trunks. Each switch is labeled with its VTP mode. A new VLAN is added to Switch3. 6 . S2 will remove all VLANs from the VLAN database until the cable is reconnected. VLANs created on transparent mode switches are not included in VTP advertisements. The switches in the exhibit are connected with trunks within the same VTP management domain. An administrator accidentally disconnects the cable from F0/1 on S2. VLANs on VTP client-mode switches will not be pruned.) Pruning is enabled by default. Refer to the exhibit. S2 will automatically transition to VTP transparent mode.17. What will the effect be on S2? S2 will retain the VLANs as of the latest known revision. Server mode switches neither listen to nor forward VTP messages from transparent mode switches. Switch S1 is in VTP server mode. 5 Refer to the exhibit.99. Pruning can only be configured on VTP servers. This VLAN does not show up on the other switches.11 when the cable is reconnected. S2 will automatically send a VTP request advertisement to 172. Pruning must be configured on all VTP servers in the domain.

) If this switch is added to an established network. 9 . Change all the interfaces on the switch to access ports. Which two facts can be confirmed by this output? (Choose two. Change the VTP mode to client. Change the VTP domain name. 7 What does a client mode switch in a VTP management domain do when it receives a summary advertisement with a revision number higher than its current revision number? It suspends forwarding until a subset advertisement update arrives. What precautionary step should the administrator take on the replacement switch to avoid incorrect VLAN information from propagating through the network? Enable VTP pruning. This switch has established two-way communication with the neighboring devices. 8A network administrator is replacing a failed switch with a switch that was previously on the network. It deletes the VLANs not included in the summary advertisement. This switch shows no configuration revision errors. This switch is configured to allows the network manager to maximize bandwidth by restricting traffic to specific network devices. It issues summary advertisements to advise other switches of status changes. It increments the revision number and forwards it to other switches. the other VTP-enabled switches in the same VTP domain will consider their own VLAN information to be more recent than the VLAN information advertised by this switch. Refer to the exhibit. It issues an advertisement request for new VLAN information. This switch is configured to advertise its VLAN configuration to other VTP-enabled switches in the same VTP domain.

. Refer to the exhibit. What happens when the new switch SW2 with a default configuration and revision number of 0 is inserted in the existing VTP domain Lab_Network? The switch operates as a VTP client. Both switches must be configured with the same VTP revision number. The switch operates as a VTP server and deletes the existing VLAN configuration in the domain. The switches must be interconnected via an access link. The switch operates in VTP transparent mode. The switches must be configured with the same VTP domain name. Switches SW1 and SW2 are interconnected via a trunk link but failed to exchange VLAN information. On the basis of the provided command output. 1 0 Refer to the exhibit. The network administrator issued the show vtp status command to troubleshoot the problem. what could be done to correct the problem? Switch SW2 must be configured as a VTP client. All switches in the network participate in the same VTP domain.

. but only switch SW4 synchronizes VLAN information. Switch1 is not participating in the VTP management process with the other switches that are shown in the exhibit. The switch operates as a VTP server in the default VTP domain and does not affect the configuration in the existing VTP domain. All switches in the VTP domain are new. Only switch SW2 receives updates and synchronizes VLAN information. Switch2 is in server mode. but does not impact the existing VLAN configuration in the domain.) Switch1 is in client mode. Only switches SW3 and SW4 receive updates and synchronize VLAN information. 11 What statement describes the default propagation of VLANs on a trunked link? only the native VLAN VLANs 1 to 1005 only VLAN 1 all VLANs no VLANs 1 2 Refer to the exhibit. The switch operates as a VTP server. and switch SW3 is configured in VTP transparent mode. What are two possible explanations for this? (Choose two. Which switch or switches receive VTP updates and synchronize their VLAN configuration based on those updates? All switches receive updates and synchronize VLAN information. switches SW2 and SW4 are configured as VTP clients. SW3 and SW4 receive updates. Switch SW1 is configured as a VTP server. 13 Refer to the exhibit.

The VTP domain name is case sensitive. Switch1 has end devices that are connected to the ports. It verifies VTP advertisements are being exchanged. Transparent mode switches cannot be configured with new VLANs. It verifies the VTP domain is configured to use VTP version 2. Switches that use VTP must have the same switch name. 1 Which two statements are true about the implementation of VTP? (Choose two. Switch1 is in a different management domain.) 7 Switches must be connected via trunks. 16 What causes a VTP configured switch to issue a summary advertisement? A five-minute update timer has elapsed. A new host has been attached to a switch in the management domain. A port on the switch has been shutdown. Switch2 is in transparent mode. The switch is changed to the transparent mode. Switch1 is using VTP version 1. It verifies the VTP domain name is V1. 18 Which statement is true when VTP is configured on a switched network that incorporates VLANs? . and Switch2 is using VTP version 2. 1 How are VTP messages sent between switches in a domain? 4 Layer 2 broadcast Layer 2 multicast Layer 2 unicast Layer 3 broadcast Layer 3 multicast Layer 3 unicast 15 Refer to the exhibit. What information can be learned from the output provided? It verifies the configured VTP password. The VTP password is mandatory and case sensitive.

VTP adds to the complexity of managing a switched network.) revision number domain name pruning mode domain password version number 20 Which two statements describe VTP transparent mode operation? (Choose two. Transparent mode switches pass any VLAN management information that they receive to other switches. 1 Which three VTP parameters must be identical on all switches to participate in the same VTP 9 domain? (Choose three. VTP allows a switch to be configured to belong to more than one VTP domain.) Transparent mode switches can create VLAN management information. VTP dynamically communicates VLAN changes to all switches in the same VTP domain.1Q standard. Transparent mode switches can adopt VLAN management changes that are received from other switches. Transparent mode switches originate updates about the status of their VLANS and inform other switches about that status. Transparent mode switches can add VLANs of local significance only. . VTP is only compatible with the 802.

Server sends an ARP request for the MAC address of its default gateway. Switch_A will reply with the MAC address of the Router_1 E0 interface.) . The message will cycle around the network until its TTL is exceeded. If STP is not enabled. Switch_A and Switch_B will continuously flood the message onto the network. what will be the result of this ARP request? Router_1 will drop the broadcast and reply with the MAC address of the next hop router.) one root bridge per network all non-designated ports forwarding one root port per non-root bridge multiple designated ports per segment one designated port per network 4In which STP state does a port record MAC addresses but not forward user data? blocking learning disabling listening forwarding 5 In which two ways is the information that is contained in BPDUs used by switches? (Choose two. 3 What two elements will exist in a converged network with one spanning tree? (Choose two. 3-Chapter 5 1 What Rapid Spanning Tree Protocol (RSTP) role is assigned to the forwarding port elected for every Ethernet LAN segment that links two switches? alternate backup designated edge 2 Refer to the exhibit.

S4 is already the root bridge. What is the effect of the command? Spanning tree blocks Gi0/1 on S3. The spanning-tree port priority of each interface is at the default setting.) the max-age timer the spanning-tree hold down timer the forward delay the spanning-tree path cost the blocking delay 7 Refer to the exhibit. Gi0/2 on S3 transitions to a root port. 8What three link types have been defined for Rapid Spanning-Tree Protocol? (Choose three. Port priority makes Gi0/2 on S1 a root port. The network administrator enters the spanning-tree vlan 1 root primary command on S4.) . so there are no port changes. to negotiate a trunk between switches to set the duplex mode of a redundant link to identify the shortest path to the root bridge to prevent loops by sharing bridging tables between connected switches to determine which ports will forward frames as part of the spanning tree 6What two features of the Spanning-Tree Protocol contribute to the time it takes for a switched network to converge after a topology change occurs? (Choose two.) shared end-to-end edge-type boundary-type point-to-many point-to-point 9 Which two items are true regarding the spanning-tree portfast command? (Choose two.

All switches in the network have empty MAC tables. If an access port is configured with PortFast. 1 4 Refer to the exhibit. STP port states are independent of port roles. and designated ports. STP specifies backup ports. They consist of a bridge priority and MAC address. STP waits for the network to converge before placing ports into forwarding state. PortFast is used to more quickly prevent and eliminate bridging loops. They are used by the switches in a spanning tree topology to elect the root bridge. PortFast can negatively effect DHCP services. it immediately transitions from a blocking to a forwarding state. 1 Which two criteria does a switch use to select the root bridge? (Choose two. Enabling PortFast on trunks that connect to other switches improves convergence. STP has been disabled on . RSTP places designated ports into forwarding state immediately. PortFast is Cisco proprietary. The switch with the fastest processor will have the lowest BID. alternate ports. 1 What is the first step in the process of convergence in a spanning tree topology? 2 election of the root bridge blocking of the non-designated ports selection of the designated trunk port determination of the designated port for each segment 13 Which statement or set of paired statements correctly compares STP with RSTP? STP and RSTP have the same BPDU format and flag field information.) They are sent out by the root bridge only after the inferior BPDUs are sent.) 0 bridge priority switching speed number of ports base MAC address switch location memory size 11 Which two statements describe the BIDs used in a spanning tree topology? (Choose two. Only the root bridge will send out a BID. RSTP has only root ports. RSTP ties together the port state and port role.

) immediately loses its edge status inhibits the generation of a TCN goes immediately to a learning state disables itself becomes a normal spanning-tree port 16 How can a network administrator influence which STP switch becomes the root bridge? Configure all the interfaces on the switch as the static root ports. Decisions on which port to block when two ports have equal cost depend on the port priority and identity. except the originating port. 1 9 . the switches in the network. Change the BPDU to a lower value than that of the other switches in the network. Switch SW1 will forward the traffic out all switch ports except the originating port as a unicast frame. All hosts in the network will reply with a unicast frame sent to host PC1. the Bridge ID was modified to include which information? 7 bridge priority MAC address protocol VLAN ID 18 Which two statements are true about the default operation of STP in a Layer 2 switched environment that has redundant connections between switches? (Choose two. All hosts in the network will reply with a unicast frame sent to switch SW1. This will generate an endless loop in the network. except the originating port. 1 When PVST+ was developed. Assign a lower IP address to the switch than that of the other switches in the network. All trunking ports are designated and not blocked. Switch SW1 will forward the broadcast out all switch ports. 15 Which two actions does an RSTP edge port take if it receives a BPDU? (Choose two.) The root switch is the switch with the highest speed ports. Switch SW1 will forward the broadcast out all switch ports. How will a broadcast frame that is sent by host PC1 be handled on the network? Switch SW1 will block the broadcast and drop the frame. Set the switch priority to a smaller value than that of the other switches in the network. Non-root switches each have only one root port. Root switches have all ports set as root ports.

The timers have been altered to reduce convergence time. What can be determined from the output shown? Two hosts communicating between ports Fa0/2 and Fa0/4 have a cost of 38. Both RSTP and STP use the portfast command to allow ports to immediately transition to forwarding state. Like STP PortFast. Configuration commands to establish primary and secondary root bridges are identical for STP and RSTP. STP is disabled on this switch. The priority was statically configured to identify the root. Because of the format of the BPDU packet. Refer to the exhibit. RSTP introduced the extended system ID to allow for more than 4096 VLANs. an RSTP edge port that receives a BPDU loses its edge port status immediately and becomes a normal spanning-tree port.) RSTP uses a faster algorithm to determine root ports. 3-Chapter 6 1 . RSTP is backward compatible with STP. 20 Which three statements are accurate regarding RSTP and STP? (Choose three.

What is causing this failure? PC1 and PC3 are not in the same VLAN.30.168. The S1 interface F0/11 should be assigned to VLAN30. but cannot ping PC3.54.2 tagged for VLAN 60. A packet is received from IP address 192.1.10. 3 . The router will forward the packet out interface FastEthernet 0/1. The commands for a router to connect to a trunked uplink are shown in the exhibit.168. The F0/0 and F0/1 interfaces on R1 must be configured as trunks.120. R1 is routing between networks 192.168.168. Refer to the exhibit. The router will drop the packet since no network that includes the source address is attached to the router.1.0/28 and 192. What will the router do with this packet? The router will forward the packet out interface FastEthernet 0/1.3 tagged for VLAN 120. The router will not process the packet since the source and destination are on the same subnet. The packet destination address is 192. 2 Refer to the exhibit. The router will forward the packet out interface FastEthernet 0/1.0/28.1 tagged for VLAN 10. The PC3 network address configuration is incorrect. PC1 can ping R1 interface F0/1.

The configuration that is shown was applied to RTA to allow for interVLAN connectivity between hosts attached to Switch1. Why are hosts connected to Fa0/1 through Fa0/5 unable to communicate with hosts in different VLANs? The router interface is shut down. 4 . Hosts in VLAN5 and VLAN33 are able to communicate with each other. The physical interface. FastEthernet0/0. was not configured with an IP address. After testing the network. Switch1 is correctly configured for the VLANs that are displayed in the graphic. the administrator logged the following report: Hosts within each VLAN can communicate with each other. The router was not configured to forward traffic for VLAN2. All of the subinterface addresses on the router are in the same subnet. Refer to the exhibit. Hosts connected to Fa0/1 through Fa0/5 do not have connectivity to host in other VLANs. The VLAN IDs do not match the subinterface numbers.

When traditional inter-VLAN routing is in use. the router returns the MAC address of the physical interface in response to ARP requests. When VLANs are in use. 7 . When router-on-a-stick inter-VLAN routing is in use. The encapsulation is missing on the R1 interface F0/0. What could account for this failure? PC1 and R1 interface F0/0. An IP address has not been assigned to the R1 physical interface. the switch responds to ARP requests with the MAC address of the port to which the PC is connected. PC1 has attempted to ping PC2 but has been unsuccessful.) one subinterface per VLAN one physical interface for each subinterface one IP network or subnetwork for each subinterface one trunked link per VLAN a management domain for each subinterface a compatible trunking protocol encapsulation for each subinterface 6Which statement is true about ARP when inter-VLAN routing is being used on the network? When router-on-a-stick inter-VLAN routing is in use.1 are on different subnets. The encapsulation command on the R1 F0/0. each subinterface has a separate MAC address to send in response to ARP requests. Refer to the exhibit.3 interface is incorrect. devices on all VLANs use the same physical router interface as their source of proxy ARP responses. 5 Which three elements must be used when configuring a router interface for VLAN trunking? (Choose three.

Port 0/4 is configured in access mode. Port 0/4 is using the wrong trunking protocol. . Refer to the exhibit.1q protocol on the links between the switch and the router. Which three statements describe the network design shown in the exhibit? (Choose three. This design requires the use of the ISL or 802. the devices on the different VLANs can communicate through the router. 8 Refer to the exhibit. This design exceeds the maximum number of VLANs that can be attached to a switch. The router merges the VLANs into a single broadcast domain. but inter-VLAN routing does not work. The administrator connects RTA to port 0/4 on SW2. If the physical interfaces between the switch and router are operational. What could be the possible cause of the problem with the SW2 configuration? Port 0/4 is not active. Port 0/4 is not a member of VLAN1. The network administrator correctly configures RTA to perform inter-VLAN routing. This design uses more switch and router ports than are necessary.) This design will not scale easily.

2. 11 Which two statements are true about the interface fa0/0. instead of a router-on-a-stick configuration? a network with more than 100 subnetworks a network with a limited number of VLANs a network with experienced support personnel a network using a router with one LAN interface 1 0 Refer to the exhibit.) The command applies VLAN 10 to router interface fa0/0.9 In which situation could individual router physical interfaces be used for InterVLAN routing. depending on the VLAN from which the traffic originated. Incoming traffic with VLAN ID 0 is processed by interface fa0/0. Both subinterfaces remain up with line protocol up. Traffic inbound on this router is processed by different subinterfaces.10 command? (Choose two. Reliability of both subinterfaces is poor because ARP is timing out. . Subinterfaces use unique MAC addresses by adding the 802.1Q VLAN ID to the hardware address. The command is used in the configuration of router-on-a-stick inter-VLAN routing. Which two statements are true about the operation of the subinterfaces? (Choose two. even if fa0/0 line protocol is down. The command configures a subinterface.) Incoming traffic that has a VLAN ID of 2 is processed by subinterface fa0/0.

10.) The no shutdown command has not been issued on the FastEthernet 0/0 interface. Add a second router to handle the inter-VLAN traffic. Router-on-a- stick does not provide multiple connections and therefore eliminates the need for STP. What two conclusions can be drawn from the output that is shown? (Choose two. and ports 0/9 to 0/12 are assigned to VLAN 30. Obtain a router with multiple LAN interfaces and configure each interface for a separate subnet. thereby allowing communication between VLANs. Add a router to the topology and configure one FastEthernet interface on the router with multiple subinterfaces for VLANs 1. 4 How can this be accomplished using the fewest number of physical interfaces without unnecessarily decreasing network performance? Implement a router-on-a-stick configuration. Which solution allows all VLANs to communicate between each other while minimizing the number of ports necessary to connect the VLANs? Configure ports 0/13 to 0/16 with the appropriate IP addresses to perform routing between VLANs. Both of the directly connected routes that are shown will share the same physical interface of the router. Switch ports 0/2 to 0/4 are assigned to VLAN 10. 13 Devices on the network are connected to a 24-port Layer 2 switch that is configured with VLANs. Router-on-a-stick can use multiple switch interfaces. and 30. Traditional routing uses one port per logical network. The command configures interface fa0/0 as a trunk link. 20. Ports 0/5 to 0/8 are assigned to VLAN 20. 15 Refer to the exhibit. Traditional routing requires a routing protocol. Obtain a Layer 3 switch and configure a trunk link between the switch and router. and configure the router physical interface with an IP address on the native VLAN. Because the IP address is applied to the physical interface. All other ports are assigned to the default VLAN. A routing protocol must be configured on the network in order for the inter-VLAN routing to be successful. Traditional routing uses multiple paths to the router and therefore requires STP. . 1 What distinguishes traditional routing from router-on-a-stick? 2 Traditional routing is only able to use a single switch interface. Interconnect the VLANs via the two additional FastEthernet interfaces. 1 A router has two FastEthernet interfaces and needs to connect to four VLANs in the local network. Router-on-a-stick uses subinterfaces to connect multiple logical networks to a single router port. Use a hub to connect the four VLANS with a FastEthernet interface on the router. the command does not include an IP address. Router-on-a-stick only needs to route directly connected networks.

0/24 and 172. 18 . Create the VLANs on the switch to include port membership assignment and configure subinterfaces on the router matching the VLANs. What might be the reason for this failure? R1 interface F0/1 has not been configured for subinterface operation.17. S1 port F0/6 is not in VLAN10. Create the VLANs on the router and define the port membership assignments on the switch. Create the VLANs on the switch to include port membership assignment and enable a routing protocol on the router. PC2 cannot ping PC1. All devices are configured as shown in the exhibit. S1 interface F0/6 needs to be configured for operation in VLAN10.17. S1 interface F0/8 is in the wrong VLAN.30. 16 What are the steps which must be completed in order to enable inter-VLAN routing using router-on- a-stick? Configure the physical interfaces on the router and enable a routing protocol. Inter-VLAN routing between hosts on the 172.0/24 networks is successful on this network.10. 1 7 Refer to the exhibit. Hosts in this network must be configured with the IP address that is assigned to the router physical interface as their default gateway. PC2 can successfully ping the F0/0 interface on R1.

Refer to the exhibit. The subinterfaces on R1 have not been brought up with the no shutdown command yet. The subinterface numbers must match the VLAN ID number. What is the likely problem? R1 is configured for router-on-a-stick. The IP address of each subinterface must be the default gateway address for each VLAN subnet. 1 What is important to consider while configuring the subinterfaces of a router when implementing 9 inter-VLAN routing? The physical interface must have an IP address configured. the network administrator determines that the devices on VLAN 2 are unable to ping the devices on VLAN 1. R1 does not have the VLANs entered in the VLAN database.) subinterfaces have no contention for bandwidth more switch ports required than in traditional inter-VLAN routing fewer router ports required than in traditional inter-VLAN routing simpler Layer 3 troubleshooting than with traditional inter-VLAN routing less complex physical connection than in traditional inter-VLAN routing 3-Chapter 7 1 Which access method does a wireless access point use to allow for multiple user connectivity and distributed access? CSMA/CD token passing CSMA/CA polling 2 Which two statements concerning network security are accurate? (Choose two. but S1 is not configured for trunking. Spanning Tree Protocol is blocking port Fa0/0 on R1. Port Fa0/0 on router R1 is connected to port Fa0/1 on switch S1. After the commands shown are entered on both devices. The no shutdown command must be given on each subinterface. 20 What two statements are true regarding the use of subinterfaces for inter-VLAN routing? (Choose two.) .

Open authentication uses no client or AP verification. 3 What procedure can prevent man-in-the-middle attacks? Force all devices on a WLAN to authenticate and monitor for any unknown devices. Enable access points to send an SSID to each device wanting to use the network. When configuring the wireless access point. which setting does the network administrator use to configure the unique identifier that client devices use to distinguish this wireless network from others? . 802.11i protocol is functionally identical to WPA.11i incorporates a RADIUS server for enterprise authentication. Configure MAC filtering on all authorized access points. 4 Refer to the exhibit. A wireless client first associates with an AP and then authenticates for network access. The 802.11i uses 3DES for encryption. Disable SSID broadcasts.802.

) MAC address filtering prevents the contents of wireless frames from being viewable. . Increase the RF output power on all wireless access points. Manually adding a network and setting the known SSID on a wireless client makes the network visible even if the SSID is not being broadcast. Moving away from this area in any direction improves performance dramatically. Wireless networks broadcast data over a medium that allows easy access.Network Mode Network Name (SSID) Radio Band Wide Channel Standard Channel 5 Why is security so important in wireless networks? Wireless networks are typically slower than wired networks. 6 Wireless users on a network complain about poor performance within a small area of a room. Verify that the wireless access points have sufficient in-line power and connectivity to the wired network. Environmental factors such as thunderstorms can affect wireless networks. Install a new wireless access point in this center area to provide coverage. so the technician should verify the channels in use on each wireless access point and change to non-overlapping channels. Providing a wireless client with the network key allows an available network to be visible. The RF power settings might be set too low on the wireless access points servicing the room. Disabling an access point from broadcasting the SSID prevents the access point from being discovered. 7 What purpose does authentication serve in a WLAN? converts clear text data before transmission indicates which channel the data should flow on determines that the correct host is utilizing the network allows the host to choose which channel to use 8 Which two statements are true regarding wireless security? (Choose two. What is the first step in designing a solution to this problem? This might be RF channel overlap. Televisions and other devices can interfere with wireless signals. Default SSIDs on specific manufacturer APs are generally known and may permit hostile wireless connections.

11b 802.11g 802. With SSID broadcast disabled. Using encryption prevents unauthorized clients from associating with an access point.9 Which function is provided by a wireless access point? dynamically assigns an IP address to the host provides local DHCP services converts data from 802.11 to 802. Wireless networks offer the same security features as wired networks.11a 802. 12 Which network design process identifies where to place access points? site survey risk assessment scalability design network protocol analysis 13 Which major problem does CSMA/CA overcome in wireless networks? bandwidth saturation privacy concerns .3 frame encapsulation provides a gateway for connecting to other networks 10 Which wireless technology standard provides the most compatibility with older wireless standards.) A rogue access point represents a security risk for the local network. but has greater performance? 802. an attacker must sniff the SSID before being able to connect.11n 11 Which two statements characterize wireless network security? (Choose two. An attacker needs physical access to at least one network device to launch an attack.

Unauthorized users can gain access to internal servers. The 2. All traffic that uses the same channel as the rogue access point will be encrypted.11a is more susceptible to RF interference from common commercial items.11a suffers from a shorter range than 802.11a is not.11a uses a more expensive modulation technique than 802. 802.11g. 802. 802. but 802.11b.) 802. 17 What occurs when a rogue access point is added to a WLAN? Authorized access points can transmit excess traffic to rogue access points to help alleviate congestion.11g over 802. why should wireless access points be implemented with each access point using a different channel? to keep users segregated on separate subnets to control the amount of bandwidth that is utilized to keep signals from interfering with each other to keep traffic secure 16 Which two conditions have favored adoption of 802. thus causing a security contention device interoperability 14 What will a wireless client transmit to discover the available WLAN networks? beacon password probe request association request 15 In a WLAN network. All traffic that uses the same channel as the rogue access point will be required to authenticate.11g is backward compatible with 802.11a? (Choose two.) gateway for connecting to other network infrastructures built-in Ethernet switch network management station VTP server wireless access point . 18 Which three devices do many wireless routers incorporate? (Choose three.4 GHz frequency band is not as crowded as the 5 GHz band.

such as the hostname and password? user EXEC mode privileged EXEC mode global configuration mode interface configuration mode 2 .VPN concentrator 19 What wireless security feature allows a network administrator to configure an access point with wireless NIC unique identifiers so that only these NICs can connect to the wireless network? authentication SSID broadcasting MAC address filtering EAP (Extensible Authentication Protocol) Radius (Remote Authentication Dial-In User Service) 20 Which installation method will allow connectivity for a new wireless network? set up WEP on the access point only set up open access on both the access point and each device connected to it set up full encryption on the access point while leaving each device connected to the network open set up full encryption on each device of the WLAN while leaving the access point settings open 21 What does a wireless access point use to allow WLAN clients to learn which networks are available in a given area? association response beacon key probe request 3-Chapter 2 1 Which command line interface (CLI) mode allows users to configure switch parameters.

3 When a collision occurs in a network using CSMA/CD. the administrator is able to connect to Switch1 using both Secure Shell and Telnet. The hosts creating the collision have priority to send data. how do hosts with data to transmit respond after the backoff period has expired? The hosts return to a listen-before-transmit mode. The enable password on this switch is "cisco. The network administrator has decided to allow only Secure Shell connections to Switch1. After the commands are applied. An MD5 hashing algorithm was used on all encrypted passwords. The hosts extend their delay period to allow for rapid transmission. The exhibit shows partial output of the show running-config command. Any configured line mode passwords will be encrypted in this configuration. 4 Refer to the exhibit." What can be determined from the output shown? The enable password is encrypted by default. What is most likely the problem? incorrect vty lines configured incorrect default gateway address incompatible Secure Shell version missing transport input ssh command .Refer to the exhibit. This line represents most secure privileged EXEC mode password possible. The hosts creating the collision retransmit the last 16 frames.

The enable password and enable secret password protect access to privileged EXEC mode. and Telnet attacks? . The switch ends an acknowledgement frame to the source MAC of this incoming frame. The switch will map the source MAC address to the port on which it was received. A username/password combination is no longer needed to establish a secure remote connection to the switch. 6 Which two statements are true about EXEC mode passwords? (Choose two.vty lines that are configured to allow only Telnet 5 What happens when the transport input ssh command is entered on the switch vty lines? The SSH client on the switch is enabled. The service password-encryption command is required to encrypt the enable secret password. CDP attacks. 7 When a switch receives a frame and the source MAC address is not found in the switching table. The switch requires remote connections via proprietary client software. Communication between the switch and remote users is encrypted. what action will be taken by the switch to process the incoming frame? The switch will request that the sending node resend the frame. The switch will issue an ARP request to confirm that the source exists. Best practices require both the enable password and enable secret password to be configured and used simultaneously. 8 A network administrator uses the CLI to enter a command that requires several parameters. The switch responds with "% Incomplete command". What can the administrator do to get the parameter information? append ? to the last parameter append a space and then ? to the last parameter use Ctrl-P to show a parameter list use the Tab key to show which options are available 9 What are two ways to make a switch less vulnerable to attacks like MAC address flooding. The enable secret password command provides better security than the enable password. The administrator cannot remember the missing parameters.) The enable secret password command stores the configured password in plain text.

Change passwords regularly. 11 Refer to the exhibit. 10 Refer to the exhibit. What action does SW1 take on a frame sent from PC_A to PC_C if the MAC address table of SW1 is empty? SW1 drops the frame. Turn off unnecessary services. SW1 floods the frame on all ports on the switch. Use the enable password rather than the enable secret password.(Choose two. except port Fa0/1. SW1 floods the frame on all ports on SW1. What happens when Host 1 attempts to send data? . SW1 uses the CDP protocol to synchronize the MAC tables on both switches and then forwards the frame to all ports on SW2. Enable the HTTP server on the switch.) Enable CDP on the switch. except Fa0/23 and Fa0/1.

only MAC addresses subsequently learned are converted to secure MAC addresses. If fewer than the maximum number of MAC addresses for a port are configured statically. Frames from Host 1 will remove all MAC address entries in the address table. Dynamically learned secure MAC addresses are lost when the switch reboots. The three configurable violation modes all require user intervention to re-enable ports. How many collision domains are depicted in the network? 1 2 4 6 7 8 13 Which two statements are true regarding switch port security? (Choose two.) The three configurable violation modes all log violations via SNMP.Frames from Host 1 cause the interface to shut down. dynamically learned addresses are added to CAM until the maximum number is reached. After entering the sticky parameter. Frames from Host 1 create a MAC address entry in the running-config. Frames from Host 1 are dropped and no log message is sent. 12 Refer to the exhibit. 14 .

D. The switch and the hub have default configurations.Refer to the exhibit. B. and C hosts B. and F 15 Where is the startup configuration stored? DRAM NVRAM ROM startup-config. and E hosts A. D. E. C. and the switch has built its CAM table. B.text 16 Refer to the exhibit. Which hosts will receive a broadcast frame sent from Host A? hosts A and B hosts B and C hosts D and E hosts A. Which of the hosts will capture a copy of the frame when workstation A sends a unicast packet to workstation C? workstation C . C.

Only one of the devices can transmit at a time. The switch will have priority for transmitting data. . D. 18 If a network administrator enters these commands on a switch. B. and the interfaces of the router workstations B. Layer 2 switches have multiple collision domains. The switch and workstation are administratively configured for full-duplex operation. C. and interfaces of the router 17 Refer to the exhibit. Which statement accurately reflects the operation of this link? No collisions will occur on this link. C. Layer 2 switches route traffic between different networks.) Layer 2 switches prevent broadcasts. F. what will be the result? Switch1(config-line)# line console 0 Switch1(config-line)# password cisco Switch1(config-line)# login to secure the console port with the password "cisco" to deny access to the console port by specifying 0 lines are available to gain access to line configuration mode by supplying the required password to configure the privilege exec password that will be used for remote access 19 Which two statements about Layer 2 Ethernet switches are true? (Choose two.workstations B and C workstations A. E. The devices will default back to half duplex if excessive collisions occur.

The command will cause the message End with the character “%” to be displayed after the command is entered into the switch. Computer D does not have a proper address for the VLAN 3 address space. VLAN 3 is not an allowed VLAN to enter the trunk between the switches. 20 Which statement is true about the command banner login "Authorized personnel Only" issued on a switch? The command is entered in privileged EXEC mode. Why did this command generate an error? VLAN 1 can never be deleted. . The router is not properly configured to route traffic between the VLANs. VLAN 1 can not be deleted until all ports have been removed from it. VLAN 1 can not be deleted until another VLAN has been assigned its responsibilities. When the administrator enters the no vlan 1 command. VLAN 1 can only be deleted by deleting the vlan. The command will cause the message Authorized personnel Only to display before a user logs in.dat file. Computer B is unable to communicate with computer D. 3 Chapter 3 1 A network administrator is removing several VLANs from a switch. an error is received.Layer 2 switches decrease the number of broadcast domains. 3 The network administrator wants to separate hosts in Building A into two VLANs numbered 20 and 30. 2 Refer to the exhibit. What is the most likely cause of this problem? The link between the switches is up but not trunked. Layer 2 switches can send traffic based on the destination MAC address. The command will generate the error message % Ambiguous command: "banner motd" ” to be displayed.

VLAN information is saved in the startup configuration. Interface Fa0/1 on switch SW1 has been configured with trunk mode “on”. Which two statements are true concerning VLAN configuration? (Choose two. computer C. 4 Refer to the exhibit. computer G.) The VLANs may be named. The network administrator may create the VLANs in either global configuration mode or VLAN database mode. computer I 5 Refer to the exhibit. computer D. computer C computer D. computer D. computer H. SW1 and SW2 are new switches being installed in the topology shown in the exhibit. . computer G computer A. Non-default VLANs created manually must use the extended range VLAN numbers. Both VLANs may be named BUILDING_A to distinguish them from other VLANs in different geographical locations. computer F. computer C computer A. Which statement is true about forming a trunk link between the switches SW1 and SW2? Interface Fa0/2 on switch SW2 will negotiate to become a trunk link if it supports DTP. How far is a broadcast frame that is sent by computer A propagated in the LAN domain? none of the computers will receive the broadcast frame computer A. Interface Fa0/2 on switch SW2 can only become a trunk link if statically configured as a trunk. computer E. computer B. computer B. computer G computer B.

D. E. F 8Which two statements describe the benefits of VLANs? (Choose two. G A. VLANs enable switches to route packets to remote networks via VLAN ID filtering. On which links along the path between computer 1 and computer 4 will a VLAN ID tag be included with the frame? A A. Interface Fa0/1 converts the neighboring link on the adjacent switch into a trunk link if the neighboring interface is configured in nonegotiate mode. Restricting trunk connections between switches to a single VLAN will improve efficiency of port usage. B. VLANs divide a network into smaller logical networks. VLANs improve network security by isolating users that have access to sensitive data and applications. The remote connected interface cannot negotiate a trunk unless it is also configured as dynamic desirable. The connected devices dynamically determine when data for multiple VLANs must be transmitted across the link and bring the trunk up as needed. D. Computer 1 sends a frame to computer 4. 7 Refer to the exhibit. .) VLANs improve network performance by regulating flow control and window size. Interface Fa0/1 converts the neighboring link on the adjacent switch into a trunk link automatically with no consideration of the configuration on the neighboring interface. 6What is a valid consideration for planning VLAN traffic across multiple switches? Configuring interswitch connections as trunks will cause all hosts on any VLAN to receive broadcasts from the other VLANs. A trunk link is formed if the remote connected device is configured with the switchport mode dynamic auto or switchport mode trunk commands. E C. B A. Carrying all required VLANs on a single access port will ensure proper traffic separation. A trunk connection is affected by broadcast storms on any particular VLAN that is carried by that trunk. F C. resulting in lower susceptibility to broadcast storms. VLANs reduce network cost by reducing the number of physical ports required on switches. 9 What is the effect of the switchport mode dynamic desirable command? DTP cannot negotiate the trunk since the native VLAN is not the default VLAN.

17. The new PC is on a different subnet so Fa0/2 on S3 must be configured as a trunk port. PC4 must use the same subnet as PC1. The company will add a switch. A single VLAN cannot span multiple switches. VLAN 10. a specialized application workstation. 1 0 Refer to the exhibit. users on PC1 are unable to access shares on PC4.0/24 subnet. connected via a trunk link to S2. What is the likely cause? The switch to switch connection must be configured as an access port to permit access to VLAN 10 on S3. Company HR is adding PC4. The new office will use the 172. For security reasons the new PC will reside in the HR VLAN. 11 . another switch. to a new company office. After installation.11. S3.

1 What are two characteristics of VLAN1 in a default switch configuration? (Choose two.0/24 subnet range.1. What is the most likely cause of this problem? There is a native VLAN mismatch. but now it will be used to connect a host to the network. but not with computer C or computer D. The router is not properly configured for inter-VLAN routing. Administratively shut down and re-enable the interface to return it to default.50. Computer A can communicate with computer B. The link between Switch1 and Switch2 is up but not trunked. Which statement is true concerning interface Fa0/5? The default native VLAN is being used. The trunking mode is set to auto. 15 Refer to the exhibit.) 2 VLAN1 should renamed. How should the network administrator reconfigure switch port Fa0/1? Disable DTP. Hosts on different VLANs should be in the same IP network. Links between switches must be members of VLAN1. Only switch port 0/1 is assigned to VLAN1. Trunking can occur with non-Cisco switches. The network administrator has just added VLAN 50 to Switch1 and Switch2 and assigned hosts on the IP addresses of the VLAN in the 10. VLAN 1 is the management VLAN. Enter the switchport mode access command in interface configuration mode. Delete any VLANs currently being trunked through port Fa0/1. Mo Hosts on different VLANs examine VLAN ID in the frame tagging to determine if the frame for their network. 1 What statements describe how hosts on VLANs communicate? 4 Hosts on different VLANs use VTP to negotiate a trunk. VLAN information about the interface encapsulates the Ethernet frames. 16 . Refer to the exhibit. All switch ports are members of VLAN1. 13 Switch port fa0/1 was manually configured as a trunk. VLAN 50 is not allowed to entering the trunk between Switch1 and Switch2. Hosts on different VLANs communicate through routers.

dynamic desirable. Enter the switchport trunk native vlan 3 command in interface configuration mode. They then become members of the management VLAN. Refer to the exhibit. auto. or dynamic desirable mode on. A common native VLAN should have been configured on the switches. 1 What happens to the member ports of a VLAN when the VLAN is deleted? 9 The ports cannot communicate with other ports. The ports automatically become a part of VLAN1. 1 What switch port modes will allow a switch to successfully form a trunking link if the neighboring 7 switch port is in "dynamic desirable" mode? dynamic desirable mode on or dynamic desirable mode on. The trunk cannot be negotiated with both ends set to auto. What is the most likely cause of this problem? Cisco switches only support the ISL trunking protocol. The ports default back to the management VLAN. Enter the no shutdown in interface configuration mode to return it to the default configuration and then configure the port for VLAN 3. auto. . By default. Enter the switchport access vlan 3 command in interface configuration mode. The ports remain a part of that VLAN until the switch is rebooted. The exhibited configurations do not allow the switches to form a trunk. Switch1 will only allow VLAN 5 across the link. or nonegotiate mode 18 What must the network administrator do to remove Fast Ethernet port fa0/1 from VLAN 2 and assign it to VLAN 3? Enter the no vlan 2 and the vlan 3 commands in global configuration mode.

1q is Cisco proprietary. . 802. Which two conclusions can be drawn regarding the switch that produced the output shown? (Choose two.) The network administrator configured VLANs 1002-1005.1q will not perform operations on frames that are forwarded out access ports.20 Refer to the exhibit. The command switchport access vlan 20 was entered in interface configuration mode for Fast Ethernet interface 0/1.1q does NOT require the FCS of the original frame to be recalculated. 802. 802. A FDDI trunk has been configured on this switch. The VLANs are in the active state and are in the process of negotiating configuration parameters.1q frames are mapped to VLANs by MAC address.1q trunking protocol is true? 1 802. Devices attached to ports fa0/5 through fa0/8 cannot communicate with devices attached to ports fa0/9 through fa0/12 without the use of a Layer 3 device. 2 What statement about the 802.