Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/160

Click to flip

160 Cards in this Set

  • Front
  • Back

What plane on a network device is accessed using SSH or SNMP?





management plane


control plane


forwarding plane


CAM

management plane



Which layer 3 switching method used by Catalyst switches offers the greatest performance?




process switching


CEF


fast switching


TCAM

CEF

A user needs to access a file server that is located in another department. Which layer of the Cisco Hierarchical Network Model will process the traffic first?




access


core


distribution


control

access

Which portion of the enterprise network provides access to network communication services for the end users and devices that are spread over a single geographic location?




enterprise edge


campus module


WAN module


Internet edge


data center

campus module

Which statement is true about the CEF forwarding process?





The FIB table contains the Layer 2 rewrite information.




Adjacency table lookups use the closest Layer 3 prefix match.




The adjacency table eliminates the need for the ARP protocol.




After an IP prefix match is made, the process determines the associated Layer 2 header rewrite information from the adjacency table.

After an IP prefix match is made, the process determines the associated Layer 2 header rewrite information from the adjacency table.

In terms of design, which layer of the hierarchical model is the most complex?




access Layer




distribution Layer




collapsed core Layer




core Layer

distribution Layer

At what layer of the hierarchical model are MAC-based security controls implemented?




access layer




distribution layer




collapsed core layer




core layer

access layer

What are two responsibilities of devices that are located at the core layer of the hierarchical design model? (Choose two.)




access list filtering




packet manipulation




high-speed backbone switching




interconnection of distribution layer devices




redundancy between the core devices only

high-speed backbone switching



interconnection of distribution layer devices

What is the purpose of the Cisco Enterprise Architecture and the hierarchical desgin?




It replaces the three-layer hierarchical model with a flat network approach




Each element in the hierarchy has a specific set of functions and services that it offers and specific role.




It provides services and functionality to the core layer by grouping various components into a single component that is located in the access layer.




It reduces overall network traffic by grouping server farms, the management server, corporate intranet, and e-commerce routers in the same layer.













Each element in the hierarchy has a specific set of functions and services that it offers and specific role

At what layer of the hierarchical design model would redistribution and summarization occur?




core layer




backbone layer




access layer




distribution layer

distribution layer

What type of specialized memory is used to facilitate high performance switching in Cisco multilayer switches?




content-addressable memory (CAM)




ternary content addressable memory (TCAM)




address resolution protocol (ARP) memory




Cisco Express Forwarding (CEF) memory

ternary content addressable memory (TCAM)

Which two features are unavailable on a Layer 2 switch? (Choose two.)




use of ASICs




Internet Group Management Protocol (IGMP) snooping




QoS marking




Time to Live (TTL) decrementing




rewrite of the source and destination MAC addresses

Time to Live (TTL) decrementing




rewrite of the source and destination MAC addresses

In its network design, a company lists this equipment : Two Catalyst 4503 Layer 3 switchesOne 5500 security appliance firewallTwo Catalyst 6509 switchesTwo lightweight access pointsTwo Catalyst 2960 switchesWhich two types of devices from the list would be appropriate to use at the access layer to provide end-user connectivity? (Choose two.)





Catalyst 4503 switches




Cisco 5500 security appliance firewall




Catalyst 6509 switches




lightweight access points




Catalyst 2960 switches

lightweight access points




Catalyst 2960 switches

A network designer must provide a rationale to a customer for a design that will move an enterprise from a flat network topology to a hierarchical network topology. Which two features of the hierarchical design make it the better choice? (Choose two.)




reduced cost




scalability




less equipment required




segmentation of broadcast domains




lower bandwidth requirements



scalability




segmentation of broadcast domains

What is true about TCAM lookups that are associated with CEF switching?




TCAM includes only Layer 3 lookup information.




A single TCAM lookup provides Layer 2, Layer 3, and ACL information.




TCAM lookup tables are used only for the Layer 3 forwarding operation.




TCAM lookup tables are used only for the rapid processing of ACLs within CEF.

A single TCAM lookup provides Layer 2, Layer 3, and ACL information.

What is the suggested solution for routing when Layer 3 routing is extended to the access layer?




run an IGP at the access, distribution and core layers




run an IGP between the distribution and core layers and use static default routes at the access layer




use static route from the access to the distribution layer, use default static routes from the distribution to the core layer and use IGP amongst core layer devices




run an IGP between distribution and core layers and rely on proxy ARP between the access and distribution layers

run an IGP between the distribution and core layers and use static default routes at the access layer

What feature of CEF allows for Layer 3 switches to use multiple paths?




load-balancing




hardware based forwarding




route caching




Netflow LAN switching



load-balancing

Why does extending layer 3 switching to the access layer improve scalability?




VLANs are extended into the distribution layer.




VLANs are terminated on the access layer devices.




The access and distribution layers would not participate in the routing scheme.




Layer 3 switching in the access layer is a cheaper implementation option.

VLANs are terminated on the access layer devices.

Which family of Cisco switches is specifically designed for data centers?




Catalyst 6500




Catalyst 2000




Nexus 7000




Catalyst 4500



Nexus 7000

For what is the control plane on a catalyst switch responsible?




the catalyst switch does not have a Control Plane; it has a Management Plane




control and remote management of the switch


control of the routing protocols and processes running on the switch




control of the layer 2 switching process used by the switch

control of the routing protocols and processes running on the switch

3-1


Refer to the exhibit. Switch SW2 was tested in a lab environment and later inserted into the production network. Before the trunk link was connected between SW1 and SW2, the network administrator issued the show vtp status command as displayed in the exhibit. Immediately after the switches were interconnected, all users lost connectivity to the network. What could be a possible reason for the problem?




Switch SW2 is in the wrong VTP operating mode.




The SW2 port G0/1 is in access mode by mistake.


Switch SW2 has the pruning eligible parameter enabled, which causes pruning of all VLANs.




Switch SW2 has a higher VTP revision number, which causes deletion of the VLAN information in the VTP domain.

Switch SW2 has a higher VTP revision number, which causes deletion of the VLAN information in the VTP domain.

3-2


Refer to the exhibit. Switch1 and Switch2 are unable to establish an operational trunk connection. What is the problem between the connection on Switch1 and Switch2?




encapsulation mismatch




switchport mode mismatch




MTU mismatch




VTP mismatch




DTP mismatch




native VLAN mismatch

native VLAN mismatch

3-3


Refer to the exhibit. What will happen when switch SW2 is added to the network?


Switch SW2 will change the VTP domain name to LAB1.




Switch SW2 will automatically change to VTP server mode.




Switch SW2 will delete all existing VLANs and introduce new VLANs in the VTP domain.




Switch SW2 will drop all VTP advertisements and will not propagate them through the VTP domain.




Switch SW2 will include its own VLANs in the total number of VLANs configured in the VTP domain.

Switch SW2 will drop all VTP advertisements and will not propagate them through the VTP domain.

Which three effects does the interface command switchport host have when entered on a switch? (Choose three.)




sets the switch port mode to access




enables BPDU guard




enables spanning tree PortFast




enables root guard




disables channel grouping




enables BPDU filtering

sets the switch port mode to access




enables spanning tree PortFast




disables channel grouping

3-5


Refer to the exhibit. How should SW2 be configured in order to participate in the same VTP domain and populate the VLAN information across the domain?




Switch SW2 should be configured as a VTP client.




Switch SW2 should be configured for VTP version 1.




Switch SW2 should be configured with no VTP domain password.




Switch SW2 should be configured as a VTP server with a higher revision number.

Switch SW2 should be configured as a VTP server with a higher revision number.

3-6


Refer to the exhibit. Both SW1 and SW2 are configured with the PAgP desirable mode. Which statement is true?




Both switches will initiate channeling negotiation and will not be able to form a channel.




Both switches will initiate channeling negotiation and will form a channel between them.




Neither switch will initiate channeling negotiation and will not be able to form a channel between them.




Neither switch will initiate channeling negotiation but will form a channel between them.

Both switches will initiate channeling negotiation and will form a channel between them.

In the context of the Enterprise Composite Architecture, which statement is true about best-practice design of local VLANs?




Local VLAN is a feature that has only local significance to the switch.




Local VLANs do not extend beyond the building distribution layer.




Local VLANs should be created based upon the job function of the end user.




Local VLANs should be advertised to all switches in the network.

Local VLANs do not extend beyond the building distribution layer.

Which two statements are true about the 802.1Q trunking protocol? (Choose two.)




Untagged frames will be placed in the configured native VLAN of a port.




It is a proprietary protocol that is supported on Cisco switches only.




Private VLAN configurations are not supported.




The native VLAN interface configurations must match at both ends of the link or frames could be dropped.

Untagged frames will be placed in the configured native VLAN of a port.




The native VLAN interface configurations must match at both ends of the link or frames could be dropped.

3-9


Refer to the exhibit. What statement is true about the switch port?




The port is not in trunking mode.




The port connects to a VoIP phone that has a PC attached.




The port can carry data from multiple VLANs if pruning is disabled.




The port will be disabled if the current device is unplugged and a second device is attached.




The port has manually been placed into trunking mode and is using the 802.1Q trunking protocol.

The port is not in trunking mode.

3-10


Refer to the exhibit. What would be the result if a new switch with a default configuration is inserted in the existing VTP domain Lab_Network?




The switch will operate as a VTP client.




The switch will operate in a VTP transparent mode.




The switch will operate as a VTP server and will delete the existing VLAN configuration in the domain.Correct!




The switch will operate as a VTP server but will not impact the existing VLAN configuration in the domain.

The switch will operate as a VTP server but will not impact the existing VLAN configuration in the domain.

3-11


Refer to the exhibit. Which option correctly describes the function of a switch that is configured in VTP transparent mode?




option 1


option 2


option 3


option 4


option 5

option 4

3-12



Refer to the exhibit. Given that no VLANs have been deleted, what can be concluded about interface Fa0/7?




It is not configured.




It is shutdown.




It has the default administrative mode.




It is a trunk port.

It is a trunk port.

3-13


Refer to the exhibit. Which two statements are true about the switch CAT2? (Choose two.)




Eleven VLANs were manually configured on the switch.




Six VLANs were either manually configured on the switch or learned via VTP.




Interfaces Fa0/13 and Fa0/14 are in VLAN 1.




Interfaces Fa0/13 and Fa0/14 are in an unspecified VLAN.




VLAN 100 is in dynamic desirable mode.




VLAN 100 has no active access ports.

Six VLANs were either manually configured on the switch or learned via VTP




VLAN 100 has no active access ports.

When configuring an EtherChannel, given that one end of the link is configured with PAgP mode desirable, which PAgP modes can be configured on the opposite end of the link in order to form an active channel? (Choose two.)




off




on




desirable




auto

desirable




auto

Which two items are benefits of implementing local VLANs within the Enterprise Architecture? (Choose two.)




A single VLAN can extend further than its associated distribution-layer switch.




Failures at Layer 2 are isolated to a small subset of users.




High availability is made possible because local VLAN traffic on access switches can now be passed directly to the core switches across an alternate Layer 3 path.




Layer 3 routing between VLANs can now be applied at the access layer.




Local VLANs are limited to the access and distribution layer.

Failures at Layer 2 are isolated to a small subset of users.




Local VLANs are limited to the access and distribution layer.

3-16


Refer to the exhibit. Given the configuration information of the CAT1 and CAT2 switches, which statement is true?




LACP will form a channel between the switches.




Because the port-channel numbers do not match, LACP will not form a channel between the switches.




Because the channel-group commands on SW2 should be set to "on," LACP will not form a channel between the switches.




LACP will form a 200-Mb/s channel between the switches.



LACP will form a channel between the switches.

3-17


Refer to the exhibit. All switches in the VTP domain are new switches. Which switch or switches will receive and maintain the list for all VLANs that are configured on the VTP server?


SW2




SW4




SW3 and SW4




SW2, SW3, and SW4

SW4

Which two VTP parameters must be identical on all switches in the network in order to participate in the same VTP domain? (Choose two.)Correct!




VTP domain name




VTP revision number




VTP domain password




VTP server mode




VTP client mode




VTP transparent mode

VTP domain name




VTP domain password

What is a best practice for VLAN design?




Local VLANs should not extend beyond the distribution layer.




Place unused access ports in trunk mode and in a specific VLAN.




No more than three VLANs should be trunked to core layer switches.




VLANs should be designed in a hierarchical fashion with access VLANs at the access layer and local server VLANs at the core layer.

Local VLANs should not extend beyond the distribution layer.

What are three characteristics of a VLAN access port? (Choose three.)




A switch port can become an access port through static or dynamic configuration.




An access port is associated with a single VLAN.




An access port should have the 802.1q encapsulation associated with it.




An access port created with the switchport mode access command will send DTP frames by default.



An access port is created with the switchport mode access command and then associated with a VLAN with the switchport access vlan command.



The VLAN that the access port is assigned to will be automatically deleted if it does not exist in the VLAN database of the switch.





A switch port can become an access port through static or dynamic configuration.




An access port is associated with a single VLAN.




An access port is created with the switchport mode access command and then associated with a VLAN with the switchport access vlan command.

4-1


Refer to the exhibit. What conclusion does the output support?




PortFast is enabled on interface Fa0/6.




IEEE 802.1w is enabled on VLAN 1.




The forward delay timer has been changed from the default value.




Standard IEEE 802.1D behavior is shown.



Standard IEEE 802.1D behavior is shown.

Assuming that all switches in a network have the default bridge priority for each MST instance, what effect does the command spanning-tree mst 10 root primary have when entered on a single switch?




sets the bridge priority on the switch to 24586 for MST instance 10




sets the bridge priority on the switch to 24576 for MST instance 10




sets the bridge priority on the switch to 28672 for MST instance 10




sets the bridge priority on the switch to 24582 for MST instance 10

sets the bridge priority on the switch to 24576 for MST instance 10

Which protocol extends the IEEE 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees?




STP




RSTP+




CST




MST

MST

What are three important steps in troubleshooting STP problems? (Choose three.)




Administratively create bridge loops and see what path the traffic takes.




Administratively disable multicasting and check to see if connectivity is restored.




Check each side of a point-to-point link for duplex mismatch.




Adjust BPDU timers so that there is less overhead traffic on the switching fabric.




Administratively disable ports that should be blocking and check to see if connectivity is restored.




Capture traffic on a saturated link and check whether identical frames are traversing multiple links.

Check each side of a point-to-point link for duplex mismatch.



Administratively disable ports that should be blocking and check to see if connectivity is restored.




Capture traffic on a saturated link and check whether identical frames are traversing multiple links.

4-5


Refer to the exhibit. Switch SW1 is receiving traffic from SW2. However, SW2 is not receiving traffic from SW1. Which STP feature should be implemented to prevent inadvertent loops in the network?




UDLD




PortFast




BPDU guard




BPDU filtering





UDLD

Which protocol should an administrator recommend to manage bridged links when the customer requires a fully redundant network that can utilize load balancing technologies and reconverge on link failures in less than a second?




IEEE 802.1Q (CST)




IEEE 802.1s (MST)




Cisco PVST+




IEEE 802.1D(STP)

IEEE 802.1s (MST)

What happens when a switch running IEEE 802.1D receives a topology change message from the root bridge?




The switch uses the forward delay timer to age out entries in the MAC address table.




The switch uses the max-age timer to age out entries in the MAC address table.




The switch uses the hello to age out entries in the MAC address table.




The switch uses the forward delay and the max-age timer to age out entries in the MAC address table.





The switch uses the forward delay timer to age out entries in the MAC address table.

What three fields are included in a BPDU? (Choose three.)Correct!




bridge ID




STP ID




port ID




link-state ID




cost of path

bridge ID




port ID




cost of path

Which statement is true about the Spanning Tree Protocol (STP)?




Each switch determines a designated port that provides the best path to the root switch.




The designated port will be on the switch with the best path to the root switch.




With each network change, the STP algorithm is run on all switches that have a root port.




A topology change will cause the switch where the change occurred to send messages about the change throughout the tree.

The designated port will be on the switch with the best path to the root switch.

What will happen when a BPDU is received on a loop guard port that is in a loop-inconsistent state?




The port will transition to blocking state.




The port will transition to forwarding state automatically.




The port will be disabled and the administrator must re-enable it manually.




The port will transition to the appropriate state as determined by the normal function of the spanning tree.

The port will transition to the appropriate state as determined by the normal function of the spanning tree.

4-11


Refer to the exhibit. The configuration on the switch was changed between Output #1 and Output #2. What was done on the switch?




The command no spanning-tree uplinkfast was issued in global configuration mode.




The command no spanning-tree backbonefast was issued in global configuration mode.




The command spanning-tree etherchannel guard misconfigwas issued in global configuration mode.




The command spanning-tree etherchannel guard misconfigwas issued in interface configuration mode.




The command spanning-tree portfast bpduguard default was issued in global configuration mode.




The command spanning-tree portfast bpduguard default was issued in interface configuration mode.

The command spanning-tree portfast bpduguard default was issued in global configuration mode.

Which two statements are true about the RSTP negotiations between switches? (Choose two.)




UplinkFast must be configured on all designated switches.




BackboneFast must be configured on all root switches.




Switches must be connected by a point-to-point link.




All ports that are directly connected to end stations must be enabled as designated ports.




It greatly improves the restoration times for any VLAN that requires a topology convergence due to link up.

Switches must be connected by a point-to-point link.




It greatly improves the restoration times for any VLAN that requires a topology convergence due to link up.

What priority value should be entered on a switch, via the spanning-tree vlan 20 priority priority command, if the desired priority for VLAN 20 is 4116?




4116




4106




4096




32788

4096

One switch in a Layer 2 switched spanning-tree domain is converted to PVRST+ using the spanning-tree mode rapid-pvst global configuration mode command. The remaining switches are running PVST+. What is the effect on the spanning-tree operation?






Spanning tree is effectively disabled in the network.




The PVRST+ switch forwards 802.1D BPDUs, but does not participate as a node in any spanning tree.




All switches default to one 802.1D spanning tree for all VLANs.




The PVSRT+ reverts to PVST+



The PVSRT+ reverts to PVST+ to interoperate with the PVST+ switches.

4-15


Refer to the exhibit. After the sequence of commands is entered, how many VLANs will be assigned to the default instance?




4094




4064




4062




4061

4061

What effect does the global configuration command spanning-tree portfast bpdufilter default have when enabled on an access switch? All PortFast enabled ports become designated ports.




All PortFast enabled ports become designated ports.




All PortFast enabled ports start participating in the spanning-tree calculations.




All switch ports start filtering the superior BPDUs coming from other switches and the access switch becomes a root bridge.




All PortFast enabled ports stop sending BPDUs, but if a BPDU is received on the port, the port gets out of the PortFast state, thereby disabling the BPDU filtering.



All PortFast enabled ports stop sending BPDUs, but if a BPDU is received on the port, the port gets out of the PortFast state, thereby disabling the BPDU filtering.

Which three parameters should match all switches within an MST region? (Choose three.)




port costs on trunk ports




configuration name




revision number




trunk encapsulation method




bridge priority




VLAN-to-instance mappings



configuration name




revision number




VLAN-to-instance mappings

Which STP timer defines the length of time spent in the listening and learning states?




hello time




forwarding aging




forward delay




max age




max delay

forward delay

4-19


Refer to the exhibit. STP is configured on all switches in the network. Recently, the user on workstation A lost connectivity to the rest of the network. At the same time, the administrator received the console message:




%SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port.Disabling 2/1




What is the cause of the problem?




STP PortFast feature has been disabled on port 2/1. You Answered




STP PortFast feature has been enabled on port 2/1.




PAgP has removed port 2/1 from the EtherChannel bundle.




The STP PortFast BPDU Guard feature has disabled port 2/1 on the switch.

The STP PortFast BPDU Guard feature has disabled port 2/1 on the switch.

4-20


Refer to the exhibit. What implementation of spanning tree best describes the spanning-tree operational mode of the switch?




IEEE 802.1D




IEEE 802.w




IEEE 802.1s




PVRST+

IEEE 802.1D

A client computer is set up for DHCP and needs an IP configuration. During the DHCP client configuration process, which response will enable the client to begin using the assigned address immediately?




DHCPACK




DHCPREQUEST




DHCPOFFER




DCHPDISCOVER

DHCP ACK

A DHCPREQUEST message has been sent from the client to the DHCP server. What information is included in the message?




initial message to locate a DHCP server




formal request for the offered IP address




confirmation that the IP address has been allocated to the client




denial message to reject the first offer from the DHCP server

formal request for the offered IP address

5-3


Refer to the exhibit. Based on the debug ip dhcp server packet output, which statement is true?




The client sends a DHCPDISCOVER that contains IP address 10.1.10.21 to the DHCP server.




The client sends a DHCPREQUEST that contains IP address 10.1.10.21 to the DHCP server.




The client sends the BOOTREPLY broadcast message to inquire for a new IP address.




The client accepts the offer from the DHCP server for the 10.1.10.21 IP address.



The client accepts the offer from the DHCP server for the 10.1.10.21 IP address

Which two statements are true about routed ports on a multilayer switch? (Choose two.)




A routed port is a physical switch port with Layer 2 capability.




A routed port is not associated with a particular VLAN.




To create a routed port requires removal of Layer 2 port functionality with the no switchport interface configuration command.




The interface vlan global configuration command is used to create a routed port.

A routed port is not associated with a particular VLAN.




To create a routed port requires removal of Layer 2 port functionality with the no switchport interface configuration command.

Which two statements are true about switched virtual interfaces (SVI) on a multilayer switch? (Choose two.)




An SVI behaves like a regular router interface but does not support VLAN subinterfaces.




An SVI is a physical switch port with Layer 3 capability.




By default, an SVI is created for the default VLAN (VLAN1).




Only one SVI can be associated with a VLAN.




To create an SVI requires removal of Layer 2 port functionality with the no switchport interface configuration command.

By default, an SVI is created for the default VLAN (VLAN1).




Only one SVI can be associated with a VLAN.

5-6


Refer to the exhibit. Host A is unable to obtain an IP address from the DHCP server. Which procedure would solve this problem?




Use the command ip helper-address 10.1.2.1 on interface Fa0/0 of router RTA.




Use the command ip helper-address 10.1.2.10 on interface Fa0/0 of router RTA.




Use the command ip helper-address 10.1.2.10 on interface Fa0/1 of router RTA.




Use the command ip forward-protocol 67 on interface Fa0/0 of router RTA.




Use the command ip forward-protocol 68 on interface Fa0/1 of router RTA.




Use the command ip forward-protocol 67 on interface Fa0/1 of router RTA.



Use the command ip helper-address 10.1.2.10 on interface Fa0/0 of router RTA.

Which three statements about a routed port are true? (Choose three.)




A routed switch port is a physical device that is associated with several VLANs.




A routed switch port is created by configuring a Layer 2 port with the no switchport interface configuration command and assigning an IP address.




A routed switch port is created by entering VLAN interface configuration mode and assigning an IP address.




A routed switch port is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch.




A routed switch port provides an interface that may provide a Layer 3 connection to a next-hop router.




A routed switch port can serve as a default gateway for devices.

A routed switch port is created by configuring a Layer 2 port with the no switchport interface configuration command and assigning an IP address.




A routed switch port provides an interface that may provide a Layer 3 connection to a next-hop router.




A routed switch port can serve as a default gateway for devices



Which message will be sent back to the client by the DHCP server to confirm that the IP address has been allocated to the client?




DHCPDISCOVER unicast




DHCPDISCOVER broadcast




DHCPOFFER unicast




DHCPOFFER broadcast




DHCPREQUEST unicast




DHCPREQUEST broadcast




DHCPACK unicast

DHCPACK unicast

5-9


Refer to the exhibit. A network administrator attempts to ping the IP address 172.16.20.1 from RouterA. What will the router output be?




Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:!!!!!




Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:.....




Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:U.U.U




%Unrecognized host or address, or protocol not running




%Source quench: destination or port unreachable




%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to down







Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:.....

5-10




Refer to the exhibit. A network administrator attempts to ping the IP address 172.16.20.1 from RouterA. What will the router output be?




Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:!!!!!




Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:.....




Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:U.U.U




%network or host unreachable, TTL exceeded




%Unrecognized host or address, or protocol not running




%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to down

Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:.....

5-11


Refer to the exhibit and the partial configuration taken on router RTA. Users on VLAN 5 cannot communicate with the users on VLAN 10. What should be done to fix the problem?




A dynamic routing protocol should be configured on the router.




Two static routes should be configured on the router, each pointing to each subnet.




The Fa0/0 interface should be configured with a primary IP address of 10.10.5.1/24 and a secondary IP address of 10.10.10.1/24.




The subinterfaces of the router should be configured with 802.1Q encapsulation.







The subinterfaces of the router should be configured with 802.1Q encapsulation.

How is the Layer 2 functionality restored to a port configured for Layer 3 operation?




switchport access vlan




switchport mode access




no switchport




switchport

switchport

5-13


Refer to the exhibit. What additional configuration is required for host A to receive IP configuration from the DHCP server?




The ip address dhcp command is required on interface Fa0/0.




The ip dhcp information option command is required on interface Fa0/1.




The ip helper-address 10.1.2.10 command is required on interface Fa0/0.




The ip forward-protocol 37 global configuration command is required to forward DNS requests to IP address 10.1.2.10.




The ip forward-protocol 67 global configuration command is required to forward DHCP requests to IP address 10.1.2.10.


The ip helper-address 10.1.2.10 command is required on interface Fa0/0.

5-14


Refer to the exhibit. The router has been properly configured for the trunking interface. Which statement is true about the routing table on the router?




It will show a next hop address of the switch for both VLANs.




It will show one trunking route to 10.0.0.0/8.




It should contain routes to the 10.10.10.0/24 and the 10.10.11.0/24 networks.




Because the switch is not configured properly to trunk VLAN 1 and VLAN 2, the routing table of the router will not show routes to either VLAN .




Because the switch port fa0/1 is in access mode, the routing table of the router will not show any routes.


It should contain routes to the 10.10.10.0/24 and the 10.10.11.0/24 networks

5-15


Refer to the exhibit and the partial configuration taken on routers RTA and RTB. All users can ping their gateways, but users on VLAN 5 and VLAN 10 cannot communicate with the users on VLAN 20. What should be done to solve the problem?




A dynamic routing protocol or static routes should be configured on the routers.




A trunk should be configured between routers RTA and RTB.




RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces, each with ISL encapsulation.




RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces, each with 802.1Q encapsulation.



A dynamic routing protocol or static routes should be configured on the routers.

5-16


Refer to the exhibit. Which statement is true regarding the diagram and show ip routecommand output?




Because no routing protocol has been configured, the router will not forward packets between workstations.




The default gateway for hosts on VLAN 10 should be the Fa0/0 IP address of the router.




The default gateway for hosts on VLAN 10 should be the Fa0/0.1 IP address of the router.




The default gateway for hosts on VLAN 10 should be the Fa0/0.2 IP address of the router.




Because their packets are being trunked, hosts on VLAN 10 do not need a default gateway.



The default gateway for hosts on VLAN 10 should be the Fa0/0.1 IP address of the router.

A client sends a request for an IP address to a DHCP server. Which DHCP message to the client will provide the configuration parameters that include an IP address, a domain name, and a lease for the IP address?




DHCPDISCOVER




DHCPOFFER




DHCPREQUEST




DHCPACK

DHCPOFFER

Which statement describes what occurs when a DHCP request is forwarded through a router that has been configured with the ip helper-address command?




The router replaces the source MAC address included in the DHCP request with its own MAC address.




The router replaces the source IP address of the DHCP request with the IP address that is specified with the ip helper-address command.




The router replaces the broadcast destination IP address of the DHCP request with the unicast IP address that is specified with the ip helper-address command.




The router replaces the unicast destination IP address of the DHCP request with the unicast IP address that is specified with the ip helper-address command.

The router replaces the broadcast destination IP address of the DHCP request with the unicast IP address that is specified with the ip helper-addresscommand.

What is an advantage to using a trunk link to connect a switch to an external router that is providing inter-VLAN routing?




works with any switch that supports VLANs and trunking




lowers latency




provides redundancy to the VLANs




reduces CPU overhead

works with any switch that supports VLANs and trunking

5-20


Refer to the exhibit. Which configuration should be applied on router R1 in order for host 1 to receive its IP configuration from the DHCP server?




ip helper-address 10.1.1.2 applied to the Fa0/0 interface




ip helper-address 10.1.1.3 applied to the Fa0/0 interface




ip helper-address 192.168.10.1 applied to the Fa0/0 interface




ip helper-address 10.1.1.1 applied to the Fa0/1 interface




ip helper-address 10.1.1.3 applied to the Fa0/1 interface




ip helper-address 192.168.10.1 applied to the Fa0/1 interface



ip helper-address 10.1.1.1 applied to the Fa0/1 interface

6-1


Refer to the exhibit. Switch DSw1 is the active virtual gateway (AVG) and DSw2 is an active virtual forwarder (AVF). Based on this information, which two GLBP statements are true? (Choose two.)




GLBP is a Cisco proprietary protocol and is supported on all Cisco Catalyst and Cisco router platforms.




None of the switches have had their priority configured.




Switch DSw1 assigns the virtual IP addresses to switch DSw2.




Switch DSw2 has been configured with the glbp 1 priority 95 command




Two more multilayer switches could join this group.

Switch DSw2 has been configured with the glbp 1 priority 95 command.




Two more multilayer switches could join this group



6-2


Refer to the exhibit. Which statement is true about best practice and the exhibited network design?




The Layer 2 VLAN number should be mapped to the Layer 3 subnet for ease of use and management.




The HSRP active router for VLAN 55 and VLAN 60 should be the same switch.




A Layer 2 access port should be placed between the access switches.




The uplink between the access switches and the distribution switches should be trunk links.

The Layer 2 VLAN number should be mapped to the Layer 3 subnet for ease of use and management.

What are two characteristics of Gateway Load Balancing Protocol (GLBP) operation? (Choose two.)




GLBP will attempt to balance traffic on a per-router basis by the use of the round-robin algorithm.




GLBP will attempt to balance traffic on a per-host basis by the use of the round-robin algorithm.




The active virtual forwarder (AVF) is assigned a virtual MAC address and forwards packets sent to that MAC address.




The active virtual gateway (AVG) is the backup for the AVF.




GLBP members communicate with each other through hello messages sent every 3 seconds to the multicast address 224.0.0.104.

GLBP will attempt to balance traffic on a per-host basis by the use of the round-robin algorithm.




The active virtual forwarder (AVF) is assigned a virtual MAC address and forwards packets sent to that MAC address.



Which of the following GLBP load-balancing options is configured if the host is guaranteed the use of the same virtual MAC address?




host dependent




round robin




weighted load-balancing




none

host dependent

6-5


Refer to the exhibit. Router RTA has been configured as the active HSRP router. Router RTB is to be the standby HSRP router. However, once the indicated configuration was applied to router RTB, the console began to display the message %HSRP-4-DIFFVIP1. What is the cause of the message?




The command standby preempt should only be applied on the active router.




The subnet mask is missing from the standby 50 ip 10.1.1.10 command.




The group number is not the same as the active router.




The virtual IP address is not the same as the active router.




The ports on the switch must be configured with the spanning-tree PortFast feature.





The virtual IP address is not the same as the active router.

6-6


Refer to the exhibit. Based on the provided configuration, which routers are the master and the backup virtual routers for the hosts that are connected to the VRRP group 1?




Router R1 is the master for all hosts, and router R2 is the backup for all hosts in the group.




Router R1 is the master for Host1 and Host2. Router R2 is the master for Host3 and Host4.




Router R1 is the master for Host3 and Host4. Router R2 is the backup for Host3 and Host4.




Because of incorrect configuration of the default gateway on the hosts, none of the routers is the master for the VRRP group.





Router R1 is the master for Host1 and Host2. Router R2 is the master for Host3 and Host4.

Which statement is true about the gateway redundancy protocols ?




GLBP allows multiple routers to participate in a virtual router group that is configured with a virtual IP address. One member is elected to be the active router for the group and the other routers are passive until the active router fails.




By making use of a single virtual IP address and multiple virtual MAC addresses, GLBP provides load balancing over multiple routers (gateways) . All routers in the virtual router group participate in forwarding packets.




By making use of a single virtual IP address and multiple virtual MAC addresses, HSRP provides load balancing over multiple routers (gateways). All routers in the virtual router group participate in forwarding packets.




By making use of a single virtual IP address and multiple virtual MAC addresses, VRRP provides load balancing over multiple routers (gateways). All routers in the virtual router group participate in forwarding packets.

By making use of a single virtual IP address and multiple virtual MAC addresses, GLBP provides load balancing over multiple routers (gateways) . All routers in the virtual router group participate in forwarding packets

Which two statements about VRRP are true? (Choose two.)




VRRP does not support preemption.




VRRP cannot track interfaces or objects.




A VRRP group has one master router and one or more backup routers.




The virtual IP address for the VRRP group must be different from active and standby IP addresses




VRRP provides redundancy for the IP address of a router or for a virtual IP address shared among the VRRP group members.





A VRRP group has one master router and one or more backup routers.




VRRP provides redundancy for the IP address of a router or for a virtual IP address shared among the VRRP group members.

Which statement is true about Virtual Router Redundancy Protocol (VRRP)?




The priority value of 255 means the router is ineligible to become the master router for the VRRP group.




The priority value of 255 means the router has stopped participating in the VRRP group.




The priority value of 0 means the router has stopped participating in the VRRP group.




The priority value of 0 means the router is ineligible to become the master router for the VRRP group.



The priority value of 0 means the router has stopped participating in the VRRP group.

6-10


Refer to the exhibit. What action does the command standby 1 track Serial0/0/0 on router R1 perform?




It links the default gateway virtual address 192.168.21.10 to the IP address 192.168.31.1 on interface Serial0/0/0.




It links the default gateway virtual address 192.168.21.10 to the IP address 192.168.42.2 on interface Serial0/0/0.




It tracks the state of the Fa0/0 interface on R1 and brings down the priority of standby group 1 if the interface goes down.




It tracks the state of the Serial0/0/0 interface on R1 and brings down the priority of standby group 1 if the interface goes down.

It tracks the state of the Serial0/0/0 interface on R1 and brings down the priority of standby group 1 if the interface goes down.

Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two.)




A router in the speak state sends periodic hello messages to all routers in the group to acquire a virtual IP address.




A router in the speak state sends periodic hello messages and actively participates in the election of the active or standby router.




A router in the standby state forwards packets that are sent to the group virtual MAC address.




The router in the standby state is a candidate to become the next active router.




The router that is not the standby or active router will remain in the speak state.

A router in the speak state sends periodic hello messages and actively participates in the election of the active or standby router.




The router in the standby state is a candidate to become the next active router.

What are two functions of the standby router in an HSRP group? (Choose two.)




to monitor the operational status of the HSRP group




to physically forward packets that are sent to the MAC address of the virtual router




to reply with the virtual router MAC address in the event an ARP request is received




to quickly assume packet-forwarding responsibility if the active router becomes inoperable




to contend for the active router role with all other routers in the group in the event the active fails

to monitor the operational status of the HSRP group




to quickly assume packet-forwarding responsibility if the active router becomes inoperable

Two routers are configured for an HSRP group. One router uses the default HSRP priority. What priority should be assigned to the other router to make it more likely to be the active router?




1


100


200


500

200

6-14


Refer to the exhibit. What statement is true about the output of the show standby command?




The current priority of this router is 120.




The router is currently forwarding packets.




This router is tracking two properly operating interfaces.




This router is in the HSRP down state because its tracked interfaces are down.

The router is currently forwarding packets.

Which one of the following GLBP functions answers ARP requests?




AVF




AVG




Active




MVP

AVG

What is the command to configure a device to be an authoritative NTP server?




ntp server 172.16.1.1




ntp master




ntp peer 172.16.1.1




ntp synchronize 172.16.1.1







ntp master

Which SNMP version provides authentication and encryption for transmission of critical data between managed devices?




SNMPV2




SNMPv3noAuthnoPriv




SNMPv3authPriv




SNMPv3 authNoPriv





SNMPv3authPriv

What are three advantages of implementing the AAA framework model in a network? (Choose three.)




Offers automatic failover solutions for gateway redundancy




Standardized authentication methods




Faster convergence




Username and passwords are stored in a local database for scalability.




Increased flexibility and control of access configuration




Multiple backup systems

Standardized authentication methods




Increased flexibility and control of access configuration




Multiple backup systems



7-4


Refer to the exhibit. Given the configuration on the ALSwitch, what is the end result?




Forces all hosts that are attached to a port to authenticate before being allowed access to the network




disables 802.1x port-based authentication and causes the port to allow normal traffic without authenticating the client




enables 802.1x authentication on the port




globally disables 802.1x authentication









disables 802.1x port-based authentication and causes the port to allow normal traffic without authenticating the client

In a AAA architecture, what is the name of the role given to the client running 802.1x software?




AAA peer




authenticator




authentication server




supplicant

supplicant

Which three commands are necessary to configure NTP authentication between devices? (Choose three.)




ntp authenticate




ntp authentication-key 1 md5




ntp trusted-key 1




ntp authentication




ntp trusted-key authentication 1




ntp md5 authentication-key 1

ntp authenticate




ntp authentication-key 1 md5




ntp trusted-key 1

Match the term with the correct definition.




Authentication




Authorization




Accounting

Process of Identifying the user




Allows for control of rights




Allows for collection of activity

Which two statements are true about NTP? (Choose two.)




Stratum 1 devices have directly attached radio or atomic clock




Network devices will always synchronize with NTP server with the highest stratum number




Higher stratum number always indicates greater quality and reliability




Stratum number represents the distance from a reference clock.




Stratum numbers are directly related to the routing metric.

Stratum 1 devices have directly attached radio or atomic clock




Stratum number represents the distance from a reference clock.

7-9


Refer to the exhibit. A switch is being configured to support AAA authentication on the console connection. Given the information in the exhibit, which three statements are correct? (Choose three.)




The authentication login admin line console command is required.




The login authentication admin line console command is required.




The configuration creates an authentication list that uses a named access list called group as the first authentication method, a TACACS+ server as the second method, the local username database as the third method, the enable password as the fourth method, and none as the last method.




The configuration creates an authentication list that uses a TACACS+ server as the first authentication method, the local username database as the second method, the enable password as the third method, and none as the last method.




The none keyword enables any user logging in to successfully authenticate if all other methods return an error.


The none keyword specifies that a user cannot log in if all other methods have failed.



The configuration creates an authentication list that uses a TACACS+ server as the first authentication method, the local username database as the second method, the enable password as the third method, and none as the last method.




The none keyword enables any user logging in to successfully authenticate if all other methods return an error.

7-10


Refer to the exhibit. Which feature does a SNMP manager need in order to set a parameter on switch ACSW1?




a manager using an SNMP string of K44p0ut




a manager using host 172.16.128.50




a manager using SNMPv1, 2, or 2c




a manager using authPriv

a manager using SNMPv1, 2, or 2c

Which SNMP message is sent from the manager?




get response




inform request



set request




trap



set request

7-12


Refer to the exhibit. Network policy dictates that security functions should be administered using AAA. Which configuration would create a default login authentication list that uses RADIUS as the first authentication method, the enable password as the second method, and the local database as the final method?




SW-1(config)# aaa new-model


SW-1(config)# radius-server host 10.10.10.12 key secret


SW-1(config)# aaa authentication default group-radius local




SW-1(config)# aaa new-model


SW-1(config)# radius-server host 10.10.10.12 key secret


SW-1(config)# aaa authentication default group-radius enable local




SW-1(config)# aaa new-model


SW-1(config)# radius-server host 10.10.10.12 key secret


SW-1(config)# aaa authentication login default group radius enable local




SW-1(config)# aaa new-model


SW-1(config)# radius server host 10.10.10.12 key secret


SW-1(config)# aaa authentication login default group radius enable local none




SW-1(config)# aaa new-model


SW-1(config)# radius server host 10.10.10.12 key secret


SW-1(config)# aaa authentication login default group-radius enable local none



SW-1(config)# aaa new-model


SW-1(config)# radius-server host 10.10.10.12 key secret


SW-1(config)# aaa authentication login default group radius enable local

Which statement is true about 802.1x port-based authentication?




Authentication can only be initiated by the host.




Authentication can only be initiated by the switch.




Authentication can be initiated by either the switch or the host.




If the host does not receive a response to a start frame, it goes into the shutdown mode.




When a host comes up that is attached to a switch port, the authentication server queries the host for 802.1x authentication information





Authentication can be initiated by either the switch or the host.

What SNMP attribute provides the best security?




authNoPriv


authPriv


community string


noAuthNoPriv


SNMPv2

authPriv

Which three are characteristics of the SNTP protocol? (Choose three.)




Provides a secure means for NTP transmissions.




SNTP and NTP cannot coexist on the same device because they use the same port number.




SNTP is a simplified, client-only version of the NTP.




SNTP cannot be used to provide times services to other services.




SNTP provides complex filtering.




SNTP can be used to provide time services to other systems.






SNTP and NTP cannot coexist on the same device because they use the same port number.




SNTP is a simplified, client-only version of the NTP.




SNTP cannot be used to provide times services to other services.







Which statement is true about a local SPAN configuration?




A port can act as the destination port for all SPAN sessions configured on the switch.




A port can be configured to act as a source and destination port for a single SPAN session.




Both Layer 2 and Layer 3 switched ports can be configured as source or destination ports for a single SPAN session.




Port channel interfaces (EtherChannel) can be configured as source and destination ports for a single SPAN session.





Both Layer 2 and Layer 3 switched ports can be configured as source or destination ports for a single SPAN session

What are three characteristics of LLDP? (Choose Three)




LLDP helps to detect spanning-tree failures.




LLDP supports enabling or disabling either transmitting or receiving capabilities per port




LLDP helps to detect unidirectional link activity.




LLDP is a Cisco Proprietary protocol.




LLDP allows network management applications to automatically discover and learn about network devices.




LLDP operates in one of two modes: aggressive or normal.




To view LLDP neighbors, the show lldp neighbors command is used







LLDP supports enabling or disabling either transmitting or receiving capabilities per port




LLDP allows network management applications to automatically discover and learn about network devices.




To view LLDP neighbors, the show lldp neighbors command is used.



8-3


Refer to the exhibit. A network technician is trying to resolve an execution problem with an IP SLA. What is the problem?




The IP SLA must be set up in conjunction with an ICMP echo reply.




IP SLAs are not supported on switch platforms.




The IP SLA test has not been scheduled to run.




ICMP-ECHO tests must have frequency schedules of less than 10 seconds.










The IP SLA test has not been scheduled to run.

What is the command to view the SDM template settings?




show sdm current




show sdm template




show platform tcam utilization




show sdm prefer





show sdm prefer

8-5


Refer to the exhibit. Which statement is true about the VSPAN configuration on switch SW1?




The VSPAN session that is configured on port Fa3/4 can monitor only the ingress traffic for any of the VLANs




The VSPAN session that is configured on port Fa3/4 can monitor only the egress traffic for any of the VLANs




Port Fa3/4 must be associated with VLAN 10 or VLAN 20 in order to monitor the traffic for any of the VLANs.




The VSPAN session transmits a copy of the ingress traffic for VLAN 10 and the egress traffic for VLAN 20 out interface Fa3/4.




The VSPAN session transmits a copy of the ingress traffic for VLAN 10 and the egress traffic for VLAN 20 out interface Fa3/4.

What are the two modes of UDLD operation? (Choose two.)




full




normal




bidirectional




aggressive




active

normal




aggressive

Which SDM template should be enabled if you have a large number of VLANs to support?




sdm prefer access




sdm prefer VLANs




sdm prefer dual-ipv4-and-ipv6




sdm prefer access

sdm prefer VLANs

8-8


Refer to the exhibit. Which statement is true about the local SPAN configuration on switch SW1?




The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1.




The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1, but only if port Fa3/1 is configured in VLAN 10.




The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1, but only if port Fa3/1 is configured as trunk.




The SPAN session transmits to a device on port Fa3/21 only a copy of unicast traffic that is monitored on port Fa3/1. All multicast and BPDU frames will be excluded from the monitoring process.


The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1

Which two statements are true about SDM templates? (Choose two.)




The show SDM version command is used to display the current SDM template




They are used to allocate system resources.




Modifying the SDM template requires a reload on the switch before the settings take effect.




The default SDM template support IPV6 routing.




The current template can be viewed using the show platform tcam utilization command.







They are used to allocate system resources.




Modifying the SDM template requires a reload on the switch before the settings take effect.

8-10


Refer to the exhibit. What can be determined about this SLA monitor?




Two SLA samples have been captured


No more SLA information is being gathered.




The SLA measurement is being taken every 5 milliseconds.




There is one SLA monitor session operating on this switch.




There is one SLA monitor session operating on this switch.

Which statement is true about the PoE negotiation process?




The PoE switch keeps the power on a disabled port up, just in case a device that needs PoE will be connected.




With 802.3af and 802.3at, the switch tries to detect the powered device by supplying a small voltage across the Ethernet cable.




Cisco Inline Power has the same method of negotiating power as both of the IEEE standards.




IEEE 802.3af power classes are numbered 1-5



With 802.3af and 802.3at, the switch tries to detect the powered device by supplying a small voltage across the Ethernet cable

8-12


Refer to the exhibit. What is the state of the monitoring session?




This is a remote monitored session.




No data is being sent from the session.




SPAN session number 2 is being used.




The session is only monitoring data sent out Fa0/1.





No data is being sent from the session.

Which statement is true about UDLD?




It is automatically enabled.




It allows devices to transmit traffic one way.




It will disable an EtherChannel bundle if one link has failed.




It allows a switch to detect a unidirectional link and shut down the affected interface.









It allows a switch to detect a unidirectional link and shut down the affected interface.

8-14


Refer to the exhibit. Which IP SLA statement is true?




IP SLA operation 99 has been incorrectly configured




IP SLA operation 99 has stopped monitoring the target device.



IP SLA operation 99 had 211 successful replies from the target device. IP SLA operation 100 has been incorrectly configured.




IP SLA operation 100 has been incorrectly configured.




IP SLA operation 100 has stopped monitoring the target device.




IP SLA operation 100 had 211 successful replies from the target device.







IP SLA operation 99 had 211 successful replies from the target device.

What is a requirement for configuring an IP SLA to measure network performance?




The frequency of the SLA test must be configured.




The required SLA operation type must be configured.




At least one IP SLA responder and one IP SLA monitor must be configured.




The communication protocol that is used for SLA communications must be configured.





The required SLA operation type must be configured.

What are three benefits of implementing VSS in a network? (Choose three.)




Single management point




VSS is implemented in the access layer which supports a more simplistic design.



Supported on all platforms




Neighbors see the VSS as a single switch




VSS can logically combine up to 9 switches




Interchassis stateful failover













Single management point




Neighbors see the VSS as a single switch




Interchassis stateful failover



What is the main purpose of implementing Cisco NSF?




to continue forwarding IP packets following an RP switchover




to forward all STP updates to all switches in the network




to keep a backup copy of the latest MAC table in the event of RAM failure




to move switch ports that are currently in blocking mode to forwarding mode with minimal packet loss



to continue forwarding IP packets following an RP switchover

What are three characteristics of the VSS technology? (Choose three.)




VSS combines a pair of physical switches into a virtual switch.




Once the VSS is formed, only the control plan of one of the member's is active.




VSS is a network system virutalization technology that combine a pair of Catalyst 3500, 4500 or 6500 series switches into one virtual switch.




VSS increases system bandwidth capacity.





VSS combines a pair of physical switches into a virtual switch.




Once the VSS is formed, only the control plan of one of the member's is active.




VSS increases system bandwidth capacity.



Which one is NOT a valid supervisor redundancy mode?




RPR




SSO




RPR+




NSF

NSF

What is considered a best practice for an optimal redundant network?




Access switches should have redundant connections to redundant distribution switches.




Access switches should have a backup connection to at least one core device




Dual distribution switches should connect individually to separate core switches.




Three distribution switches should be implemented so that the third switch can take the role of active or standby, as necessary.





Access switches should have redundant connections to redundant distribution switches.

When using RPR, what two events can trigger a switchover from the active to the standby Supervisor Engine? (Choose two.)




clock synchronization failure between the Supervisor Engines




loss of packets from the root bridge




an RP or SP crash on the active Supervisor Engine frames received on a port that is in blocking mode




frames received on a port that is in blocking mode




port failure




clock synchronization failure between the Supervisor Engines




an RP or SP crash on the active Supervisor Engine frames received on a port that is in blocking mode

To display configuration and status information for a VSS, which show command can be used?




show virtual switch




show vss brief




show switch virtual




show virtual link

show switch virtual

What are two characteristics of the StackWise technology? (Choose two.)




The stack can support up to 12 switches managed as a single unit.




The StackWise technology creates a virtual connection between the devices without additional cabling.




Multiple switches can create an EtherChannel connection.




Unites multiple access switches in the same rack.




Reduces the number of Layer 3 routing neighbors









Multiple switches can create an EtherChannel connection.




Unites multiple access switches in the same rack.

Which three redundancy modes are supported by Catalyst 6500 Series switches? (Choose three.)




Route Processor Redundancy (RPR)




Supervisor Engine 720 mirroring




Supervisor Engine 720 load balancing




Single Router Mode with Stateful Switchover (SRM with SSO)




Manual Switchover




Nonstop Forwarding (NSF) with SSO




Route Processor Redundancy (RPR)




Single Router Mode with Stateful Switchover (SRM with SSO)




Nonstop Forwarding (NSF) with SSO

Which supervisor redundancy mode offers the fastest failover time?




SSO




RPR




RPR+




NSF

SSO

What is the expected failover time for SSO mode for Layer 2 switching on the Catalyst 4500 family of switches?




Less than 3 seconds




Subsecond




1 to 2 minutes




None of the above





Subsecond

Which command can be used to verify StackWise configuration to include their stack number, stack role, MAC address, hardware priority, hardware version and current state?




show version




show stack




show switch




show platform

show switch

A network administrator is designing a network with redundancy features such SSO with NSF. What protocol is should the administrator avoid while designing the routing topology?




BGP




RIP




OSPF




EIGRP




ISIS

RIP

Which one of the following features provides the fastest failover for supervisor or route processor redundancy?




RPR+




NSF




RPR




SSO

SSO

Which two technologies can be used to reduce the number of logical network devices and simplify Layer 2 and Layer 3 network toplogies? (Choose two.)




VSS




TCAM




NSF




VRRP




Stackwise

VSS




Stackwise

All access ports on a switch are configured with the administrative mode of dynamic auto. An attacker, connected to one of the ports, sends a malicious DTP frame. What is the intent of the attacker?




VLAN hopping




DHCP spoofing attack




MAC flooding attack




ARP poisoning attack











VLAN hopping

How does MAC address flooding cause a vulnerability in the network?




An attacking device can send or receive packets on various VLANs and bypass Layer 3 security measures.




The CAM table will be full, causing legitimate frames to be forwarded out all ports within the VLAN and allowing unauthorized users to capture data.




An attacking device can send or receive packets on various VLANs and bypass Layer 3 security measures.




An attacking device can exhaust the address space available to the DHCP servers for a period of time or establish itself as a DHCP server in man-in-the-middle attacks.




Information that is sent through CDP is transmitted in clear text and is unauthenticated, allowing it to be captured and to divulge network topology information.



The CAM table will be full, causing legitimate frames to be forwarded out all ports within the VLAN and allowing unauthorized users to capture data.

10-3


Refer to the exhibit. A network engineer is securing a network against DHCP spoofing attacks. On all switches, the engineer applied the ip dhcp snooping command and enabled DHCP snooping on all VLANs with the ip dhcp snooping vlan command. What additional step should be taken to configure the security required on the network?




Issue the ip dhcp snooping trust command on all interfaces on SW2 and SW3.




Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3.




Issue the ip dhcp snooping trust command on all uplink interfaces on SW1, SW2 and SW3.




Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3 except interface Fa0/1 on SW1.











Issue the ip dhcp snooping trust command on all uplink interfaces on SW1, SW2 and SW3.

What three steps should be implemented in the network to mitigate a VLAN hopping attack? (Choose three.)




Enable DTP on all access ports.




Specify the VLAN range on trunk links.




Configure all unused ports as access ports.




Place all unused ports in the shutdown state.




Configure VLAN 1 as the native VLAN for all trunks.









Specify the VLAN range on trunk links.




Configure all unused ports as access ports.




Place all unused ports in the shutdown state.



In which location or situation is a private VLAN appropriate?



a DMZ segment



ISP SOHO connections



a web hosting environment at an ISP



two recently merged companies that have overlapping IP addressing schemes









a web hosting environment at an ISP

10-6



Refer to the exhibit. The DNS servers DNS1 and DNS2 are redundant copies so they need to communicate with each other and to the Internet. The SMTP server should not be reachable from the DNS Servers. Based on the partial configuration that is provided, what private VLANs design will be implemented?




Community VLAN 202 will be created to host both DNS servers, and this VLAN will be associated with the primary VLAN 100.



Isolated VLAN 202 will be created to host both DNS servers, and this VLAN will be associated with the primary VLAN 100.



Community VLAN 100 will be created to host both DNS servers, and this VLAN will be associated with the primary VLAN 202.



Isolated VLAN 100 will be created to host both DNS servers, and this VLAN will be associated with the primary VLAN 202.





Community VLAN 202 will be created to host both DNS servers, and this VLAN will be associated with the primary VLAN 100.

10-7


Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers do not have to communicate with each other although they are located on the same subnet. Both servers need to communicate with the data server that is located on the inside network. Which configuration will isolate the servers from inside attacks?




Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN promiscuous ports.



Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN community ports.




Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports.



Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN community ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous port







Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports.

How does VLAN hopping cause a vulnerability in the network?



The CAM table will be full, causing legitimate frames to be forwarded out all ports and allowing unauthorized users to capture data.



An attacking device can send or receive packets on various VLANs and bypass Layer 3 security measures.



An attacking device can exhaust the address space available to the DHCP servers for a period of time or establish itself as a DHCP server in man-in-the-middle attacks.



Information sent through CDP is transmitted in clear text and is unauthenticated, allowing it to be captured and to divulge network topology information.

An attacking device can send or receive packets on various VLANs and bypass Layer 3 security measures.

What can be used to mitigate MAC table flooding attacks?




DHCP snooping




private VLANS




port security



root guard

port security

What technology can be used to help mitigate MAC address flooding attacks?



root guard



Private VLANs




DHCP snooping



VLAN access maps



Dynamic ARP Inspection





VLAN access maps

Which statement describes the purpose of the configuration that is shown?


Switch(config)# ip dhcp snooping


Switch(config)# ip dhcp snooping vlan 3


Switch(config-if)# ip dhcp snooping trust


Switch(config-if)# ip dhcp snooping limit rate 30




It is meant to disable any host that is configured to be in VLAN 3




It is meant to disable any rogue DHCP servers that are attached to VLAN 3.



It is meant to monitor VLAN 3 for DHCP attacks that will deplete the DHCP pool.




It is meant to monitor VLAN 3 and disable any hosts that are using static IP addresses rather than DHCP addresses.










It is meant to monitor VLAN 3 for DHCP attacks that will deplete the DHCP pool.

How should unused ports on a switch be configured in order to prevent VLAN hopping attacks?




Configure them with the UDLD feature.




Configure them with the PAgP protocol.




Configure them as trunk ports for the native VLAN 1.




Configure them as access ports and associate them with an unused VLAN.



Configure them as access ports and associate them with an unused VLAN.

What is one way to mitigate spanning-tree compromises?




Implement private VLANs.



Statically configure the primary and backup root bridge.


Place all unused ports into a common VLAN (not VLAN 1).



Configure MAC address VLAN access maps.









Statically configure the primary and backup root bridge.

Which type of output would be produced on a switch after entering the command, Switch# show ip dhcp snooping binding?




DHCP servers on the snooped network



DHCP clients on all DHCP snooped switches on the network



DHCP clients that are connected to DHCP snooped ports on the switch



all active protocols on all DHCP clients that are connected to DHCP snooped ports on the switch

DHCP clients that are connected to DHCP snooped ports on the switch

What IOS feature is executed with the traceroute mac command?




Layer 2 traceroute




MAC port security




Embedded Event Manager




Switched Port Analyzer



Layer 2 traceroute

10-16


Refer to the exhibit. After the configuration has been applied to ACSw22, frames that are bound for the node on port FastEthernet 0/1 are periodically being dropped. What should be done to correct the issue?



Add the switchport port-security mac-address sticky command to the interface configuration.



Change the port speed to speed auto with the interface configuration mode




Use the switchport mode trunk command in the interface configuration.




Remove the switchport command from the interface configuration.





Add the switchport port-security mac-address sticky command to the interface configuration.

What switchport port-security keyword causes MAC addresses to be added to the running configuration?




aging




mac-address sticky




maximum




violation

mac-address sticky

What is one way to mitigate ARP spoofing?




Enable dynamic ARP inspection.




Configure MAC address VLAN access maps.



Enable root guard.



Implement private VLANs.





Enable dynamic ARP inspection.

10-19


Refer to the exhibit. The DNS servers DNS1 and DNS2 are redundant copies so they need to communicate with each other and to the Internet. The web server and the SMTP server need to communicate with the Internet, but for security purposes the web and the SMTP servers should not be reachable from the DNS servers. What private VLAN design should be implemented?




All servers should be configured in separate isolated VLANs. All isolated VLANs should be in the same primary VLAN.



All servers should be configured in separate community VLANs. All community VLANs should be in the same primary VLAN.



The DNS1 and DNS2 servers should be configured in a community VLAN. The web and SMTP servers should be configured in an isolated VLAN. Both the community and isolated VLANs should be part of the primary VLAN.



The DNS1 and DNS2 servers should be configured in an isolated VLAN. The web and SMTP servers should be configured in a community VLAN. Both the community and isolated VLANs should be in the same primary VLAN.



The DNS1 and DNS2 servers should be configured in a community VLAN. The web and SMTP servers should be configured in an isolated VLAN. Both the community and isolated VLANs should be part of the primary VLAN.

What are two purposes for an attacker launching a MAC table flood? (Choose two.)




to initiate a man-in-the-middle attack



to initiate a denial of service (DoS) attack




to capture data from the network



to gather network topology information



to exhaust the address space available to the DHCP








to initiate a denial of service (DoS) attack




to capture data from the network