3-Chapter 1

1 Which three features are commonly supported at the distribution layer of the Cisco hierarchical network model? (Choose three.) A. B. C. D. security policies Power over Ethernet switch port security quality of service E. Layer 3 functionality F. end user access to network 2 Configuring communication between devices on different VLANs requires the use of which layer of the OSI model? A. B. C. D. 3 Layer 1 Layer 3 Layer 4 Layer 5

Refer to the exhibit. Beginning with HR servers and workstations, a network engineer is designing a new security structure for the network. Which set of policies adheres to the hierarchical network model design principles? A. Implement Layer 3 switching on S1 to reduce the packet processing load on D1 and D2. Install all security processing on S1 to reduce network traffic load. B. Configure port security options on S1. Use Layer 3 access control features on D1 and D2 to limit access to the HR servers to just the HR subnet. C. Move all HR assets out of the data center and connect them to S1. Use Layer 3 security functions on S1 to

deny all traffic into and out of S1. D. Perform all port access and Layer 3 security functions on C1. 4

Refer to the exhibit. What characteristic of hierarchical network designs is exhibited by having SW3 connected to both SW1 and Sw2? A. B. C. D. scalability security redundancy maintainability

5 Which two characteristics are associated with enterprise level switches? (Choose two.) A. B. C. D. E. low port density high forwarding rate high latency level support link aggregation predefined number of ports

6 A technician is attempting to explain Cisco StackWise technology to a client that is setting up three stackable switches. Which explanation accurately describes StackWise technology? A. B. C. D. StackWise technology allows up to eight ports to be bound together to increase available bandwidth. StackWise technology allows the switch to deliver power to end devices by using existing Ethernet cabling. StackWise technology allows the switch capabilities and ports to be expanded by the addition of line cards. StackWise technology allows up to nine switches to be interconnected via the use of a fully redundant backplane.

7 For organizations that are implementing a voice over IP solution, what functionality should be enabled at all three layers of the hierarchical network? A. Power over Ethernet

B. quality of service C. switch port security D. inter-VLAN routing 8 Which layer of the hierarchical design model provides a means of connecting devices to the network and controlling which devices are allowed to communicate on the network? A. B. C. D. E. application access distribution network core

9 Link aggregation should be implemented at which layer of the hierarchical network? A. B. C. D. core only distribution and core access and distribution access, distribution, and core

10 At which heirarchical layer are switches normally not required to process all ports at wire speed? A. core layer B. distribution layer C. access layer D. entry layer 11 A network administrator is selecting a switch that will operate at the network core. Which three features should the switch support for optimum network performance and reliability? (Choose three.) A. B. C. D. E. F. port security security policies 10 Gigabit Ethernet quality of service (QoS) hot-swappable hardware Power over Ethernet (PoE)

12 Which hierarchical design characteristic would be recommended at both the core and distribution layers to protect the network in the case of a route failure? A. B. C. D. PoE redundancy aggregation access lists

13 Which two features are supported at all three levels of the Cisco three-layer hierarchical model? (Choose two.) A. B. C. D. Power over Ethernet load balancing across redundant trunk links redundant components Quality of Service

E. link aggregation 14 Which feature supports higher throughput in switched networks by combining multiple switch ports? A. B. C. D. convergence redundant links link aggregation network diameter

15 Which hierarchical design model layer controls the flow of network traffic using policies and delineates broadcast domains by performing routing functions between virtual LANs (VLANs)? A. application B. access C. distribution D. network E. core 16 A network technician is asked to examine an existing switched network. Following this examination, the technician makes recommendations for adding new switches where needed and replacing existing equipment that hampers performance. The technician is given a budget and asked to proceed. Which two pieces of information would be helpful in determining necessary port density for new switches? (Choose two.) A. forwarding rate B. traffic flow analysis C. expected future growth D. number of required core connections E. number of hubs that are needed in the access layer to increase performance 17 What statement best describes a modular switch? A. a slim-line chassis B. allows interconnection of switches on redundant backplane C. defined physical characteristics D. flexible characteristics 18 Which layer of the hierarchical network design model is refered to as the high-speed backbone of the internetwork, where high availability and redundancy are critical? A. access layer B. core layer C. data-link layer D. distribution layer E. network layer F. physical layer 19 Which layer of the OSI model does an access layer LAN switch use to make a forwarding decision? A. B. C. D. Layer 1 Layer 2 Layer 3 Layer 4

20 What is the likely impact of moving a conventional company architecture to a completely converged network?

many computers lost network connectivity.dat and change back to server mode. What will solve the problem? Reset the revision number on S2 with either the delete VTP command or by changing the domain name and then changing it back. Change S1 to transparent VTP mode to reclaim all VLANs in vlan. The Ethernet VLAN structure is less complex. The lab domain has a higher revision number.) unable to add VLANs can add VLANs of local significance forward broadcasts out all ports with no respect to VLAN information can only pass VLAN management information without adopting changes can forward VLAN information to other switches in the same VTP domain 3 . A shared infrastructure is created resulting in a single network to manage. S2 was previously used in a lab environment and has been added to the production network in server mode. The lab and production networks use the same VTP domain name. 3-Chapter 4 1 Refer to the exhibit. C. After S2 was added to the production network. There is less bandwidth competition between voice and video streams. Local analog phone service can be completely outsourced to cost-effective providers. except VLAN 1. QoS issues are greatly reduced. manually on Switch1 so that they propagate throughout the network. E.A. 2What are two features of VTP client mode operation? (Choose two. so the network administrator made no configuration changes to S2 before adding it to the production network. Re-enter all appropriate VLANs. Change S2 to client mode so the VLANs will automatically propagate. B. D.

4Which two statements are true about VTP pruning? (Choose two. Pruning must be configured on all VTP servers in the domain.99. 5 Refer to the exhibit. Transparent mode switches do not forward VTP advertisements. VLANs created on transparent mode switches are not included in VTP advertisements. What is the reason for this? VLANs cannot be created on transparent mode switches. The switches in the exhibit are connected with trunks within the same VTP management domain. A new VLAN is added to Switch3. What will the effect be on S2? S2 will retain the VLANs as of the latest known revision. S2 will automatically transition to VTP transparent mode. S2 will remove all VLANs from the VLAN database until the cable is reconnected. Server mode switches neither listen to nor forward VTP messages from transparent mode switches. Switch S1 is in VTP server mode. S2 will automatically send a VTP request advertisement to 172. Pruning can only be configured on VTP servers.17.) Pruning is enabled by default. Pruning will prevent unnecessary flooding of broadcasts across trunks. VLANs on VTP client-mode switches will not be pruned.Refer to the exhibit. 6 . Each switch is labeled with its VTP mode. This VLAN does not show up on the other switches. Switches S2 and S3 are in client mode. An administrator accidentally disconnects the cable from F0/1 on S2.11 when the cable is reconnected.

Refer to the exhibit. 9 . 8A network administrator is replacing a failed switch with a switch that was previously on the network. What precautionary step should the administrator take on the replacement switch to avoid incorrect VLAN information from propagating through the network? Enable VTP pruning. the other VTP-enabled switches in the same VTP domain will consider their own VLAN information to be more recent than the VLAN information advertised by this switch.) If this switch is added to an established network. It increments the revision number and forwards it to other switches. This switch has established two-way communication with the neighboring devices. It issues an advertisement request for new VLAN information. It deletes the VLANs not included in the summary advertisement. This switch is configured to allows the network manager to maximize bandwidth by restricting traffic to specific network devices. This switch is configured to advertise its VLAN configuration to other VTP-enabled switches in the same VTP domain. This switch shows no configuration revision errors. Change all the interfaces on the switch to access ports. Change the VTP domain name. Change the VTP mode to client. Which two facts can be confirmed by this output? (Choose two. It issues summary advertisements to advise other switches of status changes. 7 What does a client mode switch in a VTP management domain do when it receives a summary advertisement with a revision number higher than its current revision number? It suspends forwarding until a subset advertisement update arrives.

The switches must be configured with the same VTP domain name. . what could be done to correct the problem? Switch SW2 must be configured as a VTP client.Refer to the exhibit. Switches SW1 and SW2 are interconnected via a trunk link but failed to exchange VLAN information. The switches must be interconnected via an access link. What happens when the new switch SW2 with a default configuration and revision number of 0 is inserted in the existing VTP domain Lab_Network? The switch operates as a VTP client. The switch operates in VTP transparent mode. The switch operates as a VTP server and deletes the existing VLAN configuration in the domain. On the basis of the provided command output. 1 0 Refer to the exhibit. All switches in the network participate in the same VTP domain. Both switches must be configured with the same VTP revision number. The network administrator issued the show vtp status command to troubleshoot the problem.

Switch SW1 is configured as a VTP server. switches SW2 and SW4 are configured as VTP clients. Only switch SW2 receives updates and synchronizes VLAN information. . SW3 and SW4 receive updates. What are two possible explanations for this? (Choose two. Switch1 is not participating in the VTP management process with the other switches that are shown in the exhibit. and switch SW3 is configured in VTP transparent mode. but does not impact the existing VLAN configuration in the domain. Which switch or switches receive VTP updates and synchronize their VLAN configuration based on those updates? All switches receive updates and synchronize VLAN information. Switch2 is in server mode.The switch operates as a VTP server. 13 Refer to the exhibit. All switches in the VTP domain are new. Only switches SW3 and SW4 receive updates and synchronize VLAN information. 11 What statement describes the default propagation of VLANs on a trunked link? only the native VLAN VLANs 1 to 1005 only VLAN 1 all VLANs no VLANs 1 2 Refer to the exhibit. but only switch SW4 synchronizes VLAN information. The switch operates as a VTP server in the default VTP domain and does not affect the configuration in the existing VTP domain.) Switch1 is in client mode.

A port on the switch has been shutdown. It verifies the VTP domain is configured to use VTP version 2. A new host has been attached to a switch in the management domain. Switch1 is in a different management domain. Switch1 is using VTP version 1. The switch is changed to the transparent mode. Switch1 has end devices that are connected to the ports. 1 How are VTP messages sent between switches in a domain? Layer 2 broadcast 4 Layer 2 multicast Layer 2 unicast Layer 3 broadcast Layer 3 multicast Layer 3 unicast 15 16 Refer to the exhibit.) Switches must be connected via trunks.Switch2 is in transparent mode. and Switch2 is using VTP version 2. What causes a VTP configured switch to issue a summary advertisement? A five-minute update timer has elapsed. It verifies the VTP domain name is V1. It verifies VTP advertisements are being exchanged. Switches that use VTP must have the same switch name. 7 18 Which statement is true when VTP is configured on a switched network that incorporates VLANs? . Transparent mode switches cannot be configured with new VLANs. The VTP password is mandatory and case sensitive. What information can be learned from the output provided? It verifies the configured VTP password. The VTP domain name is case sensitive. 1 Which two statements are true about the implementation of VTP? (Choose two.

1Q standard. VTP allows a switch to be configured to belong to more than one VTP domain.) 9 revision number domain name pruning mode domain password version number 20 Which two statements describe VTP transparent mode operation? (Choose two. Transparent mode switches originate updates about the status of their VLANS and inform other switches about that status. Transparent mode switches can adopt VLAN management changes that are received from other switches. Transparent mode switches can add VLANs of local significance only. 1 Which three VTP parameters must be identical on all switches to participate in the same VTP domain? (Choose three. VTP adds to the complexity of managing a switched network. Transparent mode switches pass any VLAN management information that they receive to other switches.) Transparent mode switches can create VLAN management information. . VTP dynamically communicates VLAN changes to all switches in the same VTP domain.VTP is only compatible with the 802.

3-Chapter 5 1 What Rapid Spanning Tree Protocol (RSTP) role is assigned to the forwarding port elected for every Ethernet LAN segment that links two switches? alternate backup designated edge 2 Refer to the exhibit. what will be the result of this ARP request? Router_1 will drop the broadcast and reply with the MAC address of the next hop router.) . Server sends an ARP request for the MAC address of its default gateway. Switch_A will reply with the MAC address of the Router_1 E0 interface. Switch_A and Switch_B will continuously flood the message onto the network. The message will cycle around the network until its TTL is exceeded. 3 What two elements will exist in a converged network with one spanning tree? (Choose two.) one root bridge per network all non-designated ports forwarding one root port per non-root bridge multiple designated ports per segment one designated port per network 4In which STP state does a port record MAC addresses but not forward user data? blocking learning disabling listening forwarding 5 In which two ways is the information that is contained in BPDUs used by switches? (Choose two. If STP is not enabled.

so there are no port changes.) shared end-to-end edge-type boundary-type point-to-many point-to-point 9 Which two items are true regarding the spanning-tree portfast command? (Choose two. Gi0/2 on S3 transitions to a root port. 8What three link types have been defined for Rapid Spanning-Tree Protocol? (Choose three.) the max-age timer the spanning-tree hold down timer the forward delay the spanning-tree path cost the blocking delay 7 Refer to the exhibit. S4 is already the root bridge. What is the effect of the command? Spanning tree blocks Gi0/1 on S3. The spanning-tree port priority of each interface is at the default setting. The network administrator enters the spanning-tree vlan 1 root primary command on S4.to negotiate a trunk between switches to set the duplex mode of a redundant link to identify the shortest path to the root bridge to prevent loops by sharing bridging tables between connected switches to determine which ports will forward frames as part of the spanning tree 6What two features of the Spanning-Tree Protocol contribute to the time it takes for a switched network to converge after a topology change occurs? (Choose two.) . Port priority makes Gi0/2 on S1 a root port.

) They are sent out by the root bridge only after the inferior BPDUs are sent. They consist of a bridge priority and MAC address. STP port states are independent of port roles. alternate ports.) bridge priority switching speed number of ports base MAC address switch location memory size 11 Which two statements describe the BIDs used in a spanning tree topology? (Choose two. 1 4 Refer to the exhibit. it immediately transitions from a blocking to a forwarding state. PortFast can negatively effect DHCP services. and designated ports. PortFast is used to more quickly prevent and eliminate bridging loops. 1 What is the first step in the process of convergence in a spanning tree topology? election of the root bridge 2 blocking of the non-designated ports selection of the designated trunk port determination of the designated port for each segment 13 Which statement or set of paired statements correctly compares STP with RSTP? STP and RSTP have the same BPDU format and flag field information. All switches in the network have empty MAC tables. They are used by the switches in a spanning tree topology to elect the root bridge. 0 1 Which two criteria does a switch use to select the root bridge? (Choose two. Enabling PortFast on trunks that connect to other switches improves convergence. If an access port is configured with PortFast. STP waits for the network to converge before placing ports into forwarding state. STP has been disabled on .PortFast is Cisco proprietary. STP specifies backup ports. RSTP ties together the port state and port role. RSTP has only root ports. The switch with the fastest processor will have the lowest BID. Only the root bridge will send out a BID. RSTP places designated ports into forwarding state immediately.

1 9 . Switch SW1 will forward the traffic out all switch ports except the originating port as a unicast frame. Decisions on which port to block when two ports have equal cost depend on the port priority and identity. Set the switch priority to a smaller value than that of the other switches in the network. How will a broadcast frame that is sent by host PC1 be handled on the network? Switch SW1 will block the broadcast and drop the frame.the switches in the network. Non-root switches each have only one root port. All hosts in the network will reply with a unicast frame sent to host PC1. Switch SW1 will forward the broadcast out all switch ports. Switch SW1 will forward the broadcast out all switch ports.) The root switch is the switch with the highest speed ports. Root switches have all ports set as root ports. This will generate an endless loop in the network. All hosts in the network will reply with a unicast frame sent to switch SW1. except the originating port. Assign a lower IP address to the switch than that of the other switches in the network. Change the BPDU to a lower value than that of the other switches in the network.) immediately loses its edge status inhibits the generation of a TCN goes immediately to a learning state disables itself becomes a normal spanning-tree port How can a network administrator influence which STP switch becomes the root bridge? Configure all the interfaces on the switch as the static root ports. 15 Which two actions does an RSTP edge port take if it receives a BPDU? (Choose two. the Bridge ID was modified to include which information? bridge priority 7 MAC address protocol VLAN ID 18 Which two statements are true about the default operation of STP in a Layer 2 switched environment that has redundant connections between switches? (Choose two. 16 1 When PVST+ was developed. All trunking ports are designated and not blocked. except the originating port.

The timers have been altered to reduce convergence time. an RSTP edge port that receives a BPDU loses its edge port status immediately and becomes a normal spanning-tree port. RSTP introduced the extended system ID to allow for more than 4096 VLANs.Refer to the exhibit. RSTP is backward compatible with STP. 20 Which three statements are accurate regarding RSTP and STP? (Choose three. 3-Chapter 6 1 . Because of the format of the BPDU packet. Like STP PortFast. STP is disabled on this switch. What can be determined from the output shown? Two hosts communicating between ports Fa0/2 and Fa0/4 have a cost of 38. The priority was statically configured to identify the root. Both RSTP and STP use the portfast command to allow ports to immediately transition to forwarding state. Configuration commands to establish primary and secondary root bridges are identical for STP and RSTP.) RSTP uses a faster algorithm to determine root ports.

168.1. 3 .Refer to the exhibit.120.2 tagged for VLAN 60.3 tagged for VLAN 120.30. The packet destination address is 192.0/28 and 192.10. PC1 can ping R1 interface F0/1. R1 is routing between networks 192. The router will forward the packet out interface FastEthernet 0/1. The PC3 network address configuration is incorrect.168. A packet is received from IP address 192. The S1 interface F0/11 should be assigned to VLAN30.0/28.1 tagged for VLAN 10.1. The router will forward the packet out interface FastEthernet 0/1.54. The commands for a router to connect to a trunked uplink are shown in the exhibit. The router will not process the packet since the source and destination are on the same subnet. The F0/0 and F0/1 interfaces on R1 must be configured as trunks. What will the router do with this packet? The router will forward the packet out interface FastEthernet 0/1. 2 Refer to the exhibit. but cannot ping PC3. The router will drop the packet since no network that includes the source address is attached to the router. What is causing this failure? PC1 and PC3 are not in the same VLAN.168.168.

Hosts connected to Fa0/1 through Fa0/5 do not have connectivity to host in other VLANs. After testing the network. 4 . All of the subinterface addresses on the router are in the same subnet. was not configured with an IP address. FastEthernet0/0. The router was not configured to forward traffic for VLAN2.Refer to the exhibit. The VLAN IDs do not match the subinterface numbers. Switch1 is correctly configured for the VLANs that are displayed in the graphic. Hosts in VLAN5 and VLAN33 are able to communicate with each other. The configuration that is shown was applied to RTA to allow for interVLAN connectivity between hosts attached to Switch1. Why are hosts connected to Fa0/1 through Fa0/5 unable to communicate with hosts in different VLANs? The router interface is shut down. the administrator logged the following report: Hosts within each VLAN can communicate with each other. The physical interface.

1 are on different subnets. each subinterface has a separate MAC address to send in response to ARP requests.3 interface is incorrect. What could account for this failure? PC1 and R1 interface F0/0. 7 . the router returns the MAC address of the physical interface in response to ARP requests. When VLANs are in use. An IP address has not been assigned to the R1 physical interface. When traditional inter-VLAN routing is in use. When router-on-a-stick inter-VLAN routing is in use. The encapsulation command on the R1 F0/0. devices on all VLANs use the same physical router interface as their source of proxy ARP responses. 5 Which three elements must be used when configuring a router interface for VLAN trunking? (Choose three.Refer to the exhibit. the switch responds to ARP requests with the MAC address of the port to which the PC is connected. PC1 has attempted to ping PC2 but has been unsuccessful.) one subinterface per VLAN one physical interface for each subinterface one IP network or subnetwork for each subinterface one trunked link per VLAN a management domain for each subinterface a compatible trunking protocol encapsulation for each subinterface 6Which statement is true about ARP when inter-VLAN routing is being used on the network? When router-on-a-stick inter-VLAN routing is in use. The encapsulation is missing on the R1 interface F0/0.

Refer to the exhibit. Which three statements describe the network design shown in the exhibit? (Choose three. but inter-VLAN routing does not work. If the physical interfaces between the switch and router are operational. The router merges the VLANs into a single broadcast domain. . the devices on the different VLANs can communicate through the router. This design exceeds the maximum number of VLANs that can be attached to a switch. What could be the possible cause of the problem with the SW2 configuration? Port 0/4 is not active. Port 0/4 is not a member of VLAN1.1q protocol on the links between the switch and the router. Port 0/4 is using the wrong trunking protocol.) This design will not scale easily. The network administrator correctly configures RTA to perform inter-VLAN routing. The administrator connects RTA to port 0/4 on SW2. This design uses more switch and router ports than are necessary. Port 0/4 is configured in access mode. This design requires the use of the ISL or 802. 8 Refer to the exhibit.

2. Subinterfaces use unique MAC addresses by adding the 802. 11 Which two statements are true about the interface fa0/0. Incoming traffic with VLAN ID 0 is processed by interface fa0/0. instead of a router-on-a-stick configuration? a network with more than 100 subnetworks a network with a limited number of VLANs a network with experienced support personnel a network using a router with one LAN interface 1 0 Refer to the exhibit. . Reliability of both subinterfaces is poor because ARP is timing out. Which two statements are true about the operation of the subinterfaces? (Choose two. even if fa0/0 line protocol is down. depending on the VLAN from which the traffic originated. The command is used in the configuration of router-on-a-stick inter-VLAN routing.1Q VLAN ID to the hardware address.) The command applies VLAN 10 to router interface fa0/0.9 In which situation could individual router physical interfaces be used for InterVLAN routing. Traffic inbound on this router is processed by different subinterfaces. Both subinterfaces remain up with line protocol up. The command configures a subinterface.10 command? (Choose two.) Incoming traffic that has a VLAN ID of 2 is processed by subinterface fa0/0.

Router-on-astick does not provide multiple connections and therefore eliminates the need for STP. 20. Switch ports 0/2 to 0/4 are assigned to VLAN 10. Ports 0/5 to 0/8 are assigned to VLAN 20. 15 Refer to the exhibit. Use a hub to connect the four VLANS with a FastEthernet interface on the router. 13 1 A router has two FastEthernet interfaces and needs to connect to four VLANs in the local network. Router-on-a-stick uses subinterfaces to connect multiple logical networks to a single router port. Obtain a router with multiple LAN interfaces and configure each interface for a separate subnet. Obtain a Layer 3 switch and configure a trunk link between the switch and router. Both of the directly connected routes that are shown will share the same physical interface of the router. Add a second router to handle the inter-VLAN traffic. Traditional routing uses multiple paths to the router and therefore requires STP. A routing protocol must be configured on the network in order for the inter-VLAN routing to be successful. Traditional routing requires a routing protocol. and 30. thereby allowing communication between VLANs.The command configures interface fa0/0 as a trunk link. Which solution allows all VLANs to communicate between each other while minimizing the number of ports necessary to connect the VLANs? Configure ports 0/13 to 0/16 with the appropriate IP addresses to perform routing between VLANs.) The no shutdown command has not been issued on the FastEthernet 0/0 interface. 10. Router-on-a-stick can use multiple switch interfaces. . the command does not include an IP address. What two conclusions can be drawn from the output that is shown? (Choose two. and configure the router physical interface with an IP address on the native VLAN. How can this be accomplished using the fewest number of physical interfaces without unnecessarily 4 decreasing network performance? Implement a router-on-a-stick configuration. Devices on the network are connected to a 24-port Layer 2 switch that is configured with VLANs. Add a router to the topology and configure one FastEthernet interface on the router with multiple subinterfaces for VLANs 1. Interconnect the VLANs via the two additional FastEthernet interfaces. Traditional routing uses one port per logical network. Router-on-a-stick only needs to route directly connected networks. 2 1 What distinguishes traditional routing from router-on-a-stick? Traditional routing is only able to use a single switch interface. All other ports are assigned to the default VLAN. and ports 0/9 to 0/12 are assigned to VLAN 30. Because the IP address is applied to the physical interface.

Create the VLANs on the switch to include port membership assignment and enable a routing protocol on the router. S1 port F0/6 is not in VLAN10. Create the VLANs on the switch to include port membership assignment and configure subinterfaces on the router matching the VLANs. 18 . S1 interface F0/8 is in the wrong VLAN.Inter-VLAN routing between hosts on the 172.17.10. 16 What are the steps which must be completed in order to enable inter-VLAN routing using router-ona-stick? Configure the physical interfaces on the router and enable a routing protocol. Create the VLANs on the router and define the port membership assignments on the switch. Hosts in this network must be configured with the IP address that is assigned to the router physical interface as their default gateway.0/24 networks is successful on this network. PC2 cannot ping PC1. S1 interface F0/6 needs to be configured for operation in VLAN10.30.17.0/24 and 172. 1 7 Refer to the exhibit. What might be the reason for this failure? R1 interface F0/1 has not been configured for subinterface operation. All devices are configured as shown in the exhibit. PC2 can successfully ping the F0/0 interface on R1.

but S1 is not configured for trunking. After the commands shown are entered on both devices. The subinterfaces on R1 have not been brought up with the no shutdown command yet. 1 What is important to consider while configuring the subinterfaces of a router when implementing inter-VLAN routing? 9 The physical interface must have an IP address configured. Spanning Tree Protocol is blocking port Fa0/0 on R1. Port Fa0/0 on router R1 is connected to port Fa0/1 on switch S1. The IP address of each subinterface must be the default gateway address for each VLAN subnet. R1 does not have the VLANs entered in the VLAN database.) .) subinterfaces have no contention for bandwidth more switch ports required than in traditional inter-VLAN routing fewer router ports required than in traditional inter-VLAN routing simpler Layer 3 troubleshooting than with traditional inter-VLAN routing less complex physical connection than in traditional inter-VLAN routing 3-Chapter 7 1 Which access method does a wireless access point use to allow for multiple user connectivity and distributed access? CSMA/CD token passing CSMA/CA polling 2 Which two statements concerning network security are accurate? (Choose two.Refer to the exhibit. the network administrator determines that the devices on VLAN 2 are unable to ping the devices on VLAN 1. 20 What two statements are true regarding the use of subinterfaces for inter-VLAN routing? (Choose two. The no shutdown command must be given on each subinterface. What is the likely problem? R1 is configured for router-on-a-stick. The subinterface numbers must match the VLAN ID number.

11i incorporates a RADIUS server for enterprise authentication.11i uses 3DES for encryption. Configure MAC filtering on all authorized access points. Open authentication uses no client or AP verification.11i protocol is functionally identical to WPA. The 802. Disable SSID broadcasts. 4 Refer to the exhibit. which setting does the network administrator use to configure the unique identifier that client devices use to distinguish this wireless network from others? . 802. A wireless client first associates with an AP and then authenticates for network access. Enable access points to send an SSID to each device wanting to use the network. When configuring the wireless access point. 3 What procedure can prevent man-in-the-middle attacks? Force all devices on a WLAN to authenticate and monitor for any unknown devices.802.

7 What purpose does authentication serve in a WLAN? converts clear text data before transmission indicates which channel the data should flow on determines that the correct host is utilizing the network allows the host to choose which channel to use 8 Which two statements are true regarding wireless security? (Choose two.Network Mode Network Name (SSID) Radio Band Wide Channel Standard Channel 5 Why is security so important in wireless networks? Wireless networks are typically slower than wired networks. Verify that the wireless access points have sufficient in-line power and connectivity to the wired network. Wireless networks broadcast data over a medium that allows easy access. Environmental factors such as thunderstorms can affect wireless networks. What is the first step in designing a solution to this problem? This might be RF channel overlap. 6 Wireless users on a network complain about poor performance within a small area of a room. Increase the RF output power on all wireless access points. Providing a wireless client with the network key allows an available network to be visible. so the technician should verify the channels in use on each wireless access point and change to non-overlapping channels. Default SSIDs on specific manufacturer APs are generally known and may permit hostile wireless connections. Moving away from this area in any direction improves performance dramatically. Install a new wireless access point in this center area to provide coverage. Disabling an access point from broadcasting the SSID prevents the access point from being discovered. The RF power settings might be set too low on the wireless access points servicing the room. Manually adding a network and setting the known SSID on a wireless client makes the network visible even if the SSID is not being broadcast. Televisions and other devices can interfere with wireless signals.) MAC address filtering prevents the contents of wireless frames from being viewable. .

Wireless networks offer the same security features as wired networks. 12 Which network design process identifies where to place access points? site survey risk assessment scalability design network protocol analysis 13 Which major problem does CSMA/CA overcome in wireless networks? bandwidth saturation privacy concerns .3 frame encapsulation provides a gateway for connecting to other networks 10 Which wireless technology standard provides the most compatibility with older wireless standards. Using encryption prevents unauthorized clients from associating with an access point. An attacker needs physical access to at least one network device to launch an attack. an attacker must sniff the SSID before being able to connect.11g 802. but has greater performance? 802.11a 802.) A rogue access point represents a security risk for the local network.11b 802. With SSID broadcast disabled.9 Which function is provided by a wireless access point? dynamically assigns an IP address to the host provides local DHCP services converts data from 802.11n 11 Which two statements characterize wireless network security? (Choose two.11 to 802.

) 802.11a? (Choose two. 17 What occurs when a rogue access point is added to a WLAN? Authorized access points can transmit excess traffic to rogue access points to help alleviate congestion.11a is not. thus causing a security hole.4 GHz frequency band is not as crowded as the 5 GHz band.11g is backward compatible with 802. All traffic that uses the same channel as the rogue access point will be encrypted.11g over 802. 18 Which three devices do many wireless routers incorporate? (Choose three. but 802.11g.11g.11a uses a more expensive modulation technique than 802.11a suffers from a shorter range than 802. 802.11b.11a is more susceptible to RF interference from common commercial items. Unauthorized users can gain access to internal servers. The 2. why should wireless access points be implemented with each access point using a different channel? to keep users segregated on separate subnets to control the amount of bandwidth that is utilized to keep signals from interfering with each other to keep traffic secure 16 Which two conditions have favored adoption of 802.) gateway for connecting to other network infrastructures built-in Ethernet switch network management station VTP server wireless access point . 802. 802.media contention device interoperability 14 What will a wireless client transmit to discover the available WLAN networks? beacon password probe request association request 15 In a WLAN network. All traffic that uses the same channel as the rogue access point will be required to authenticate.

such as the hostname and password? user EXEC mode privileged EXEC mode global configuration mode interface configuration mode 2 .VPN concentrator 19 What wireless security feature allows a network administrator to configure an access point with wireless NIC unique identifiers so that only these NICs can connect to the wireless network? authentication SSID broadcasting MAC address filtering EAP (Extensible Authentication Protocol) Radius (Remote Authentication Dial-In User Service) 20 Which installation method will allow connectivity for a new wireless network? set up WEP on the access point only set up open access on both the access point and each device connected to it set up full encryption on the access point while leaving each device connected to the network open set up full encryption on each device of the WLAN while leaving the access point settings open 21 What does a wireless access point use to allow WLAN clients to learn which networks are available in a given area? association response beacon key probe request 3-Chapter 2 1 Which command line interface (CLI) mode allows users to configure switch parameters.

4 Refer to the exhibit. The hosts extend their delay period to allow for rapid transmission. This line represents most secure privileged EXEC mode password possible." What can be determined from the output shown? The enable password is encrypted by default. 3 When a collision occurs in a network using CSMA/CD. the administrator is able to connect to Switch1 using both Secure Shell and Telnet. An MD5 hashing algorithm was used on all encrypted passwords. Any configured line mode passwords will be encrypted in this configuration. The hosts creating the collision have priority to send data. The network administrator has decided to allow only Secure Shell connections to Switch1. After the commands are applied. The exhibit shows partial output of the show running-config command. The enable password on this switch is "cisco. The hosts creating the collision retransmit the last 16 frames.Refer to the exhibit. What is most likely the problem? incorrect vty lines configured incorrect default gateway address incompatible Secure Shell version missing transport input ssh command . how do hosts with data to transmit respond after the backoff period has expired? The hosts return to a listen-before-transmit mode.

what action will be taken by the switch to process the incoming frame? The switch will request that the sending node resend the frame. and Telnet attacks? . The switch requires remote connections via proprietary client software. The administrator cannot remember the missing parameters. What can the administrator do to get the parameter information? append ? to the last parameter append a space and then ? to the last parameter use Ctrl-P to show a parameter list use the Tab key to show which options are available 9 What are two ways to make a switch less vulnerable to attacks like MAC address flooding. The switch will issue an ARP request to confirm that the source exists. 7 When a switch receives a frame and the source MAC address is not found in the switching table. The enable secret password command provides better security than the enable password. 8 A network administrator uses the CLI to enter a command that requires several parameters. A username/password combination is no longer needed to establish a secure remote connection to the switch. 6 Which two statements are true about EXEC mode passwords? (Choose two. The switch will map the source MAC address to the port on which it was received. Communication between the switch and remote users is encrypted. CDP attacks. The service password-encryption command is required to encrypt the enable secret password. The switch responds with "% Incomplete command". The switch ends an acknowledgement frame to the source MAC of this incoming frame.) The enable secret password command stores the configured password in plain text.vty lines that are configured to allow only Telnet 5 What happens when the transport input ssh command is entered on the switch vty lines? The SSH client on the switch is enabled. The enable password and enable secret password protect access to privileged EXEC mode. Best practices require both the enable password and enable secret password to be configured and used simultaneously.

SW1 uses the CDP protocol to synchronize the MAC tables on both switches and then forwards the frame to all ports on SW2. SW1 floods the frame on all ports on the switch. SW1 floods the frame on all ports on SW1. Turn off unnecessary services.(Choose two. 11 Refer to the exhibit. except port Fa0/1. 10 Refer to the exhibit. What action does SW1 take on a frame sent from PC_A to PC_C if the MAC address table of SW1 is empty? SW1 drops the frame. What happens when Host 1 attempts to send data? . Change passwords regularly. Use the enable password rather than the enable secret password. except Fa0/23 and Fa0/1.) Enable CDP on the switch. Enable the HTTP server on the switch.

only MAC addresses subsequently learned are converted to secure MAC addresses. After entering the sticky parameter.Frames from Host 1 cause the interface to shut down. Frames from Host 1 create a MAC address entry in the running-config. Frames from Host 1 are dropped and no log message is sent. The three configurable violation modes all require user intervention to re-enable ports. Dynamically learned secure MAC addresses are lost when the switch reboots. 14 . Frames from Host 1 will remove all MAC address entries in the address table.) The three configurable violation modes all log violations via SNMP. dynamically learned addresses are added to CAM until the maximum number is reached. If fewer than the maximum number of MAC addresses for a port are configured statically. How many collision domains are depicted in the network? 1 2 4 6 7 8 13 Which two statements are true regarding switch port security? (Choose two. 12 Refer to the exhibit.

D. B. Which of the hosts will capture a copy of the frame when workstation A sends a unicast packet to workstation C? workstation C . and C hosts B. E.Refer to the exhibit. C. The switch and the hub have default configurations. C. B.text 16 Refer to the exhibit. D. Which hosts will receive a broadcast frame sent from Host A? hosts A and B hosts B and C hosts D and E hosts A. and F 15 Where is the startup configuration stored? DRAM NVRAM ROM startup-config. and the switch has built its CAM table. and E hosts A.

workstations B and C workstations A. and interfaces of the router 17 Refer to the exhibit. F. The devices will default back to half duplex if excessive collisions occur. Only one of the devices can transmit at a time. B. 18 If a network administrator enters these commands on a switch. Layer 2 switches have multiple collision domains. . C. D. and the interfaces of the router workstations B.) Layer 2 switches prevent broadcasts. E. The switch and workstation are administratively configured for full-duplex operation. Layer 2 switches route traffic between different networks. Which statement accurately reflects the operation of this link? No collisions will occur on this link. what will be the result? Switch1(config-line)# line console 0 Switch1(config-line)# password cisco Switch1(config-line)# login to secure the console port with the password "cisco" to deny access to the console port by specifying 0 lines are available to gain access to line configuration mode by supplying the required password to configure the privilege exec password that will be used for remote access 19 Which two statements about Layer 2 Ethernet switches are true? (Choose two. The switch will have priority for transmitting data. C.

VLAN 1 can only be deleted by deleting the vlan. Layer 2 switches can send traffic based on the destination MAC address. 2 Refer to the exhibit. Computer D does not have a proper address for the VLAN 3 address space. 3 Chapter 3 1 A network administrator is removing several VLANs from a switch. When the administrator enters the no vlan 1 command.Layer 2 switches decrease the number of broadcast domains. Computer B is unable to communicate with computer D. 20 Which statement is true about the command banner login "Authorized personnel Only" issued on a switch? The command is entered in privileged EXEC mode. Why did this command generate an error? VLAN 1 can never be deleted. The command will cause the message Authorized personnel Only to display before a user logs in. 3 The network administrator wants to separate hosts in Building A into two VLANs numbered 20 and 30. VLAN 1 can not be deleted until all ports have been removed from it. . VLAN 3 is not an allowed VLAN to enter the trunk between the switches. an error is received. VLAN 1 can not be deleted until another VLAN has been assigned its responsibilities. The command will cause the message End with the character “%” to be displayed after the command is entered into the switch.dat file. The command will generate the error message % Ambiguous command: "banner motd" ” to be displayed. What is the most likely cause of this problem? The link between the switches is up but not trunked. The router is not properly configured to route traffic between the VLANs.

Non-default VLANs created manually must use the extended range VLAN numbers. computer H. Interface Fa0/1 on switch SW1 has been configured with trunk mode “on”. computer G. computer B. computer G computer A. computer D. computer E. Interface Fa0/2 on switch SW2 can only become a trunk link if statically configured as a trunk. computer I 5 Refer to the exhibit. computer C computer A. 4 Refer to the exhibit. . How far is a broadcast frame that is sent by computer A propagated in the LAN domain? none of the computers will receive the broadcast frame computer A. SW1 and SW2 are new switches being installed in the topology shown in the exhibit.Which two statements are true concerning VLAN configuration? (Choose two. The network administrator may create the VLANs in either global configuration mode or VLAN database mode. computer F. Which statement is true about forming a trunk link between the switches SW1 and SW2? Interface Fa0/2 on switch SW2 will negotiate to become a trunk link if it supports DTP. computer G computer B. computer C. VLAN information is saved in the startup configuration.) The VLANs may be named. computer D. computer C computer D. Both VLANs may be named BUILDING_A to distinguish them from other VLANs in different geographical locations. computer B.

Carrying all required VLANs on a single access port will ensure proper traffic separation. B A. A trunk connection is affected by broadcast storms on any particular VLAN that is carried by that trunk. VLANs divide a network into smaller logical networks. F 8Which two statements describe the benefits of VLANs? (Choose two. resulting in lower susceptibility to broadcast storms. The connected devices dynamically determine when data for multiple VLANs must be transmitted across the link and bring the trunk up as needed. B.) VLANs improve network performance by regulating flow control and window size. 7 Refer to the exhibit.Interface Fa0/1 converts the neighboring link on the adjacent switch into a trunk link if the neighboring interface is configured in nonegotiate mode. . E. D. Computer 1 sends a frame to computer 4. Interface Fa0/1 converts the neighboring link on the adjacent switch into a trunk link automatically with no consideration of the configuration on the neighboring interface. VLANs reduce network cost by reducing the number of physical ports required on switches. Restricting trunk connections between switches to a single VLAN will improve efficiency of port usage. D. A trunk link is formed if the remote connected device is configured with the switchport mode dynamic auto or switchport mode trunk commands. The remote connected interface cannot negotiate a trunk unless it is also configured as dynamic desirable. F C. VLANs improve network security by isolating users that have access to sensitive data and applications. VLANs enable switches to route packets to remote networks via VLAN ID filtering. 6What is a valid consideration for planning VLAN traffic across multiple switches? Configuring interswitch connections as trunks will cause all hosts on any VLAN to receive broadcasts from the other VLANs. On which links along the path between computer 1 and computer 4 will a VLAN ID tag be included with the frame? A A. E C. 9 What is the effect of the switchport mode dynamic desirable command? DTP cannot negotiate the trunk since the native VLAN is not the default VLAN. G A.

users on PC1 are unable to access shares on PC4. a specialized application workstation. VLAN 10. connected via a trunk link to S2. to a new company office. 11 . After installation.0/24 subnet. Company HR is adding PC4.11. S3. A single VLAN cannot span multiple switches. What is the likely cause? The switch to switch connection must be configured as an access port to permit access to VLAN 10 on S3. For security reasons the new PC will reside in the HR VLAN. The new PC is on a different subnet so Fa0/2 on S3 must be configured as a trunk port.1 0 Refer to the exhibit. The company will add a switch. PC4 must use the same subnet as PC1.17. The new office will use the 172. another switch.

The router is not properly configured for inter-VLAN routing. VLAN information about the interface encapsulates the Ethernet frames.) VLAN1 should renamed. Enter the switchport mode access command in interface configuration mode. 1 What are two characteristics of VLAN1 in a default switch configuration? (Choose two.Refer to the exhibit. Links between switches must be members of VLAN1. 4 15 Refer to the exhibit. Trunking can occur with non-Cisco switches. but now it will be used to connect a host to the network. The network administrator has just added VLAN 50 to Switch1 and Switch2 and assigned hosts on the IP addresses of the VLAN in the 10. 1 What statements describe how hosts on VLANs communicate? Hosts on different VLANs use VTP to negotiate a trunk. How should the network administrator reconfigure switch port Fa0/1? Disable DTP. VLAN 50 is not allowed to entering the trunk between Switch1 and Switch2. Delete any VLANs currently being trunked through port Fa0/1. Hosts on different VLANs should be in the same IP network. Mo Hosts on different VLANs examine VLAN ID in the frame tagging to determine if the frame for their network.0/24 subnet range.50. 16 . The trunking mode is set to auto. 2 VLAN 1 is the management VLAN. Administratively shut down and re-enable the interface to return it to default. Computer A can communicate with computer B. but not with computer C or computer D.1. Only switch port 0/1 is assigned to VLAN1. What is the most likely cause of this problem? There is a native VLAN mismatch. Which statement is true concerning interface Fa0/5? The default native VLAN is being used. The link between Switch1 and Switch2 is up but not trunked. All switch ports are members of VLAN1. Hosts on different VLANs communicate through routers. 13 Switch port fa0/1 was manually configured as a trunk.

The ports automatically become a part of VLAN1. The trunk cannot be negotiated with both ends set to auto. 9 . Enter the no shutdown in interface configuration mode to return it to the default configuration and then configure the port for VLAN 3. The exhibited configurations do not allow the switches to form a trunk. or dynamic desirable mode on. auto. By default. dynamic desirable. 1 What switch port modes will allow a switch to successfully form a trunking link if the neighboring switch port is in "dynamic desirable" mode? 7 dynamic desirable mode on or dynamic desirable mode on. They then become members of the management VLAN. A common native VLAN should have been configured on the switches. Switch1 will only allow VLAN 5 across the link. Enter the switchport trunk native vlan 3 command in interface configuration mode. Enter the switchport access vlan 3 command in interface configuration mode. 1 What happens to the member ports of a VLAN when the VLAN is deleted? The ports cannot communicate with other ports. auto. The ports remain a part of that VLAN until the switch is rebooted. or nonegotiate mode 18 What must the network administrator do to remove Fast Ethernet port fa0/1 from VLAN 2 and assign it to VLAN 3? Enter the no vlan 2 and the vlan 3 commands in global configuration mode. What is the most likely cause of this problem? Cisco switches only support the ISL trunking protocol.Refer to the exhibit. The ports default back to the management VLAN.

20 Refer to the exhibit. The VLANs are in the active state and are in the process of negotiating configuration parameters.1q is Cisco proprietary. . A FDDI trunk has been configured on this switch. Which two conclusions can be drawn regarding the switch that produced the output shown? (Choose two. The command switchport access vlan 20 was entered in interface configuration mode for Fast Ethernet interface 0/1. 802. 802.1q does NOT require the FCS of the original frame to be recalculated.1q frames are mapped to VLANs by MAC address.) The network administrator configured VLANs 1002-1005. 2 What statement about the 802.1q will not perform operations on frames that are forwarded out access ports. Devices attached to ports fa0/5 through fa0/8 cannot communicate with devices attached to ports fa0/9 through fa0/12 without the use of a Layer 3 device. 1 802.1q trunking protocol is true? 802.