Chapter 1º
of 43
-
Upload
lenwe-nolatari -
Category
Documents
-
view
242 -
download
0
Transcript of Chapter 1º
-
8/4/2019 Chapter 1
1/43
--------------------------------------------------------------------------------
-- Chapter 1 -----------------------------------------------------------------
--------------------------------------------------------------------------------
1 Exam (+ solutions):
1
Which technology consistently increases CPU load on multilayer Catalyst switches?
quality of service (QoS)
access control lists (ACLs)
policy-based routing (PBR)
x network address translation (NAT)
2
What are the responsibilities of devices that are located at the core layer of the hierarchical design
model? (Choose two.)access list filtering
packet manipulation
x high-speed backbone switching
x interconnection of distribution layer devices
redundancy between the core devices only
3
Which two features are unavailable on a Layer 2 switch? (Choose two.)
use of ASICs
Internet Group Management Protocol (IGMP) snooping
QoS markingx Time to Live (TTL) decrementing
x rewrite of the source and destination MAC addresses
4
Which Catalyst 6500 switch component integrates on individual line modules as well as on the
supervisor engine?
CPU
Flash
x ASIC
NVRAM
5
In its network design, a company lists this equipment :
* Two Catalyst 4503 Layer 3 switches
* One 5500 security appliance firewall
* Two Catalyst 6509 switches
* Two lightweight access points
-
8/4/2019 Chapter 1
2/43
* Two Catalyst 2960 switches
Which two types of devices from the list would be appropriate to use at the access layer to provide
end-user connectivity? (Choose two.)
Catalyst 4503 switchesCisco 5500 security appliance firewall
Catalyst 6509 switches
x lightweight access points
x Catalyst 2960 switches
6
What are three properties of peer-to-peer applications? (Choose three.)
require dedicated bandwidth allocation
x can be used in video conference applications
x require real-time interaction between peer devices
x can be used to fulfill the requirements for IP phone callsrequire a direct physical connection between devices
require centralized authentication
7
Which family of Cisco switches supports the greatest number of slots?
Catalyst 4500
Catalyst 6500
Nexus 5000
x Nexus 7000
8
Refer to the exhibit. Given the traditional hierarchical design model, which set of features correctly
identifies the modules of an enterprise network?
1. Multilayer
2. Edge
3. Security
4. Internet Gateway
1. Workgroup Switch
2. PSTN
3. Connectivity
4. Telecommuter Gateway1. VoIP and Multilayer
2. PSTN Edge
3. Firewall
4. Home Branch
1. Workgroup and VoIP
2. Core
3. Internet Backbone
-
8/4/2019 Chapter 1
3/43
4. Telecommuter Edge
x 1. Building Access and Distribution
2. Internet Connectivity
3. Edge Distribution
4. Remote Access and VPN
1. Campus Edge2. WAN Services
3. Core Security
4. PSTN Edge
9
A network designer must provide a rationale to a customer for a design that will move an enterprise
from a flat network topology to a hierarchical network topology. Which two features of the
hierarchical design make it the better choice? (Choose two.)
reduced cost
x scalability
less equipment requiredx higher availability
lower bandwidth requirements
10
On what is Layer 3 switching fundamentally based?
Cisco Express Forwarding (CEF)
x the ability to circumvent CPU processing
software-based forwarding
Parallel eXpress Forwarding (PXF)
11What is the purpose of the Cisco Enterprise Architecture?
It replaces the three-layer hierarchical model with a flat network approach.
x It provides an enterprise-wide system network architecture that helps protect, optimize, and grow
the network infrastructure that supports the business processes of a company.
It provides services and functionality to the core layer by grouping various components into a single
component that is located in the access layer.
It reduces overall network traffic by grouping server farms, the management server, corporate
intranet, and e-commerce routers in the same layer.
12
Which family of Cisco switches supports Fibre Channel over Ethernet (FCoE)?Catalyst 4948G
Catalyst 4500
Catalyst 6500
x Nexus 5000
13
Which family of Cisco switches is specifically designed for data centers?
-
8/4/2019 Chapter 1
4/43
Catalyst 6500
Catalyst 2000
x Nexus 7000
Catalyst 4500
14Which phase of the Cisco Lifecycle Services strategy may prompt a network redesign if too many
network problems and errors arise in the network?
prepare
plan
design
implement
operate
x optimize
15
What two traffic types must be included when calculating the bandwidth requirements to support avoice stream in an IP telephony network? (Choose two.)
voice queues
x voice carrier stream
voice services traffic
x call control signaling
routing updates
16
What type of specialized memory is used to facilitate high performance switching in Cisco multilayerswitches?
content-addressable memory (CAM)
x ternary content addressable memory (TCAM)
address resolution protocol (ARP) memory
Cisco Express Forwarding (CEF) memory
17
During an evaluation of the currently installed network, the IT staff performs a gap analysis to
determine whether the existing network infrastructure can support certain new features. At which
stage of the Cisco Lifecycle Services approach does this activity occur?
prepare phasex plan phase
design phase
implement phase
operate phase
optimize phase
18
-
8/4/2019 Chapter 1
5/43
Which protocol is required for Cisco Express Forwarding to be able to successfully forward packets
on a multilayer switch?
Cisco Discovery Protocol
Spanning Tree Protocol
x Address Resolution Protocol
Dynamic Trunking ProtocolVLAN Trunking Protocol
19
A user needs to access a file server that is located in another department. Which layer of the Cisco
Hierarchical Network Model will process the traffic first?
x access
core
distribution
control
20Which portion of the enterprise network provides access to network communication services for the
end users and devices that are spread over a single geographic location?
enterprise edge
x campus module
WAN module
Internet edge
data center
---------------------------------------------------------------------------------- Chapter 2 -----------------------------------------------------------------
--------------------------------------------------------------------------------
2 Exam (+ solutions):
1
What are three characteristics of a VLAN access port? (Choose three.)
-> A switch port can become an access port through static or dynamic configuration.
-> An access port is associated with a single VLAN.
An access port should have the 802.1q encapsulation associated with it.An access port will send DTP frames by default.
-> An access port is created with the switchport mode access command and then associated with a
VLAN with the switchport access vlan command.
The VLAN that the access port is assigned to will be automatically deleted if it does not exist in the
VLAN database of the switch.
2
-
8/4/2019 Chapter 1
6/43
Refer to the exhibit. Which option correctly describes the function of a switch that is configured in
VTP transparent mode?
option 1
option 2
option 3
-> option 4option 5
3
Refer to the exhibit. How should SW2 be configured in order to participate in the same VTP domain
and populate the VLAN information across the domain?
-> Switch SW2 should be configured as a VTP client.
Switch SW2 should be configured for VTP version 1.
Switch SW2 should be configured with no VTP domain password.
Switch SW2 should be configured as a VTP server with a higher revision number.
4Which three effects does the interface command switchport host have when entered on a switch?
(Choose three.)
-> sets the switch port mode to access
enables BPDU guard
-> enables spanning tree PortFast
enables root guard
-> disables channel grouping
enables BPDU filtering
5
Refer to the exhibit. During the network upgrade process, a network administrator included switchSW2 in the network. Immediately afterward, the users on VLAN10 who were connected to SW10 lost
connectivity to the network. Based on the show vtp status command outputs that are provided, what
could be done to remedy the problem?
Configure switch SW2 in VTP client mode.
Configure switch SW2 with VTP version 1.
Configure switch SW2 with the higher revision number.
-> Configure switch SW2 with the same VTP domain name that SW1 has.
6
A network administrator is tasked with protecting a server farm by implementing private VLANs
(PVLANs). A server is only allowed to communicate with its default gateway and other relatedservers. Which type of PVLAN should be configured on the switch ports that connect to the servers?
isolated
promiscuous
secondary VLAN
-> community
7
-
8/4/2019 Chapter 1
7/43
Which two items are benefits of implementing local VLANs within the Enterprise Architecture?
(Choose two.)
A single VLAN can extend further than its associated distribution-layer switch.
-> Failures at Layer 2 are isolated to a small subset of users.
High availability is made possible because local VLAN traffic on access switches can now be passed
directly to the core switches across an alternate Layer 3 path.Layer 3 routing between VLANs can now be applied at the access layer.
-> Local VLANs are limited to the access and distribution layer.
8
Refer to the exhibit. A network administrator is unable to ping between two workstations, PC1 and
PC2, that are connected to switch3548. PC1 is connected to port Fa0/19, and PC2 is connected to
port Gi0/2. Given the output of the show vlan command, which statement is true?
-> Both workstations are on the same VLAN.
Both workstations are in the default VLAN.
Inter-VLAN routing is not properly configured.
The VLAN interface is administratively shut down.PC2 is connected to a trunk port instead of an access port.
9
When configuring an EtherChannel, given that one end of the link is configured with PAgP mode
desirable, which PAgP modes can be configured on the opposite end of the link in order to form an
active channel? (Choose two.)
off
on
-> desirable
-> auto
10
In the context of the Enterprise Composite Architecture, which statement is true about best-practice
design of local VLANs?
Local VLAN is a feature that has only local significance to the switch.
-> Local VLANs do not extend beyond the building distribution layer.
Local VLANs should be created based upon the job function of the end user.
Local VLANs should be advertised to all switches in the network.
11
Refer to the exhibit. The DNS servers DNS1 and DNS2 are redundant copies so they need to
communicate with each other and to the Internet. The web server and the SMTP server need tocommunicate with the Internet, but for security purposes the web and the SMTP servers should not
be reachable from the DNS servers. What private VLAN design should be implemented?
All servers should be configured in separate isolated VLANs. All isolated VLANs should be in the
same primary VLAN.
All servers should be configured in separate community VLANs. All community VLANs should be in
the same primary VLAN.
-> The DNS1 and DNS2 servers should be configured in a community VLAN. The web and SMTP
-
8/4/2019 Chapter 1
8/43
servers should be configured in an isolated VLAN. Both the community and isolated VLANs should
be part of the primary VLAN.
The DNS1 and DNS2 servers should be configured in an isolated VLAN. The web and SMTP
servers should be configured in a community VLAN. Both the community and isolated VLANs should
be in the same primary VLAN.
12
Refer to the exhibit. Which two statements are true about the switch CAT2? (Choose two.)
Eleven VLANs were manually configured on the switch.
-> Six VLANs were either manually configured on the switch or learned via VTP.
Interfaces Fa0/13 and Fa0/14 are in VLAN 1.
Interfaces Fa0/13 and Fa0/14 are in an unspecified VLAN.
VLAN 100 is in dynamic desirable mode.
-> VLAN 100 has no active access ports.
13
Refer to the exhibit. Switch1 and Switch2 are unable to establish an operational trunk connection.What is the problem between the connection on Switch1 and Switch2?
encapsulation mismatch
switchport mode mismatch
MTU mismatch
VTP mismatch
DTP mismatch
-> native VLAN mismatch
14
Refer to the exhibit. Given the configuration information of the CAT1 and CAT2 switches, which
statement is true?-> LACP will form a channel between the switches.
Because the port-channel numbers do not match, LACP will not form a channel between the
switches.
Because the channel-group commands on SW2 should be set to "on," LACP will not form a channel
between the switches.
LACP will form a 200-Mb/s channel between the switches.
15
Refer to the exhibit. Given the exhibited command output, which statement is true?
Interface Fa0/1 is configured for ISL trunking.
Interface Fa0/1 is configured as an access port.Interface Fa0/1 is configured as an SVI.
-> Interface Fa0/1 is configured for 802.1Q trunking.
16
Refer to the exhibit. Both SW1 and SW2 are configured with the PAgP desirable mode. Which
statement is true?
Both switches will initiate channeling negotiation and will not be able to form a channel.
-
8/4/2019 Chapter 1
9/43
-> Both switches will initiate channeling negotiation and will form a channel between them.
Neither switch will initiate channeling negotiation and will not be able to form a channel between
them.
Neither switch will initiate channeling negotiation but will form a channel between them.
17Which two statements are true about the 802.1Q trunking protocol? (Choose two.)
-> Untagged frames will be placed in the configured native VLAN of a port.
It is a proprietary protocol that is supported on Cisco switches only.
Private VLAN configurations are not supported.
-> The native VLAN interface configurations must match at both ends of the link or frames could be
dropped.
18
Refer to the exhibit. Switch SW2 was tested in a lab environment and later inserted into the
production network. Before a trunk link has been connected between the two switches SW1 and
SW2, a network administrator issued the show vtp status command as displayed in the exhibit.Immediately after the switches were interconnected, all users lost connectivity to the network. What
could be the possible reason for the problem?
The switches can exchange VTP information only through an access link.
Switch SW2 receives more VLANs from switch SW1 than can be supported.
Switch SW2 has the pruning eligible parameter enabled, which causes pruning of all VLANs from the
trunk port.
-> Switch SW2 has a higher VTP server revision number, which causes deletion of the VLAN
information in the VTP domain.
19
Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internalusers. For security reasons, the servers do not have to communicate with each other although they
are located on the same subnet. Both servers need to communicate with the data server that is
located on the inside network. Which configuration will isolate the servers from inside attacks?
Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN promiscuous
ports.
Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN community ports.
-> Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports Fa3/34
and Fa3/35 will be defined as primary VLAN promiscuous ports.
Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN community ports. Ports Fa3/34
and Fa3/35 will be defined as primary VLAN promiscuous ports.
20
What happens when an ISL-enabled trunk receives an unencapsulated frame?
-> The frame is dropped.
The frame is processed as part of the native VLAN frames.
The switch will hold the untagged frame and send a BPDU to the originating switch.
The switch will associate the frame with the VLAN that the receiving port is assigned to.
-
8/4/2019 Chapter 1
10/43
--------------------------------------------------------------------------------
-- Chapter 3 -----------------------------------------------------------------
--------------------------------------------------------------------------------
3 Exam (+ solutions):
1
Which two statements are true about STP root guard? (Choose two.)
-> Root guard is enabled on a per-port basis.
Root guard requires that PortFast be enabled on a switch port.
-> Root guard re-enables a switch port once it stops receiving superior BPDUs.
Root guard should be configured on all ports on the desired root bridge to prevent another bridge
from becoming the root.
If a root guard enabled port receives a inferior BPDU from a nonroot switch, the port transitions to
the blocking state to prevent a root bridge election.
2
What will happen when a BPDU is received on a loop guard port that is in a loop-inconsistent state?
The port will transition to blocking state.
The port will transition to forwarding state automatically.
The port will be disabled and the administrator must re-enable it manually.
-> The port will transition to the appropriate state as determined by the normal function of the
spanning tree.
3
Which three statements about RSTP are true? (Choose three.)
An RSTP BPDU carries information about port roles and is sent to neighbor switches only.-RSTP elects a root bridge in exactly the same way as 802.1D.
RSTP is capable of reverting back to 802.1D but still maintains the benefits of 802.1w.
-RSTP is recognized as the IEEE 802.1w standard.
There are only three RSTP port states: discarding, listening, and forwarding.
-UplinkFast and BackboneFast are compatible with RSTP.
4
What happens when a switch running IEEE 802.1D receives a topology change message from the
root bridge?
-> The switch uses the forward delay timer to age out entries in the MAC address table.
The switch uses the max-age timer to age out entries in the MAC address table.The switch uses the hello to age out entries in the MAC address table.
The switch uses the forward delay and the max-age timer to age out entries in the MAC address
table.
5
Refer to the exhibit. After the sequence of commands is entered, how many VLANs wil l be assigned
to the default instance?
-
8/4/2019 Chapter 1
11/43
4094
4064
4062
-> 4061
6Which three parameters should match all switches within an MST region? (Choose three.)
port costs on trunk ports
-configuration name
-revision number
trunk encapsulation method
bridge priority
-VLAN-to-instance mappings
7
What are three important steps in troubleshooting STP problems? (Choose three.)
Administratively create bridge loops and see what path the traffic takes.Administratively disable multicasting and check to see if connectivity is restored.
-> Check each side of a point-to-point link for duplex mismatch.
Adjust BPDU timers so that there is less overhead traffic on the switching fabric.
-> Administratively disable ports that should be blocking and check to see if connectivity is restored.
-> Capture traffic on a saturated link and check whether identical frames are traversing multiple links.
8
Refer to the exhibit. What implementation of spanning tree best describes the spanning-tree
operational mode of the switch?
-> IEEE 802.1D
IEEE 802.wIEEE 802.1s
PVRST+
9
Refer to the exhibit. STP is configured on all switches in the network. Recently, the user on
workstation A lost connectivity to the rest of the network. At the same time, the administrator
received the console message:
%SPANTREE-2-RX_PORTFAST:Received BPDU on PortFast enable port.Disabling 2/1
What is the cause of the problem?STP PortFast feature has been disabled on port 2/1.
STP PortFast feature has been enabled on port 2/1.
PAgP has removed port 2/1 from the EtherChannel bundle.
-The STP PortFast BPDU Guard feature has disabled port 2/1 on the switch.
10
Refer to the exhibit. What two conclusions does the output show to be true? (Choose two.)
-
8/4/2019 Chapter 1
12/43
-> DLS1 is running IEEE 802.1s on instance 1.
DLS1 is running IEEE 802.1D on instance 1.
-> DLS1 is the root bridge for instance 1.
Interface Fa0/12 will move into the errdisable state if a BPDU is received.
Interfaces Fa0/1 through Fa0/6 are trunk ports.
11
Refer to the exhibit. STP is enabled on all switches in the network. The port on switch A that
connects to switch B is half duplex. The port on switch B that connects to switch A is full duplex.
What are three problems that this scenario could create? (Choose three.)
Switch B will become the root switch.
-> Switch B may unblock its port to switch C, thereby creating a loop.
-> Switch A is performing carrier sense and collision detection, and switch B is not.
Autonegotiation results in both switch A and switch B failing to perform carrier sense.
-> BPDUs may not successfully negotiate port states on the link between switch A and switch B.
Spanning tree will keep re-calculating, thereby consuming all the CPU normally used for traffic.
12
Which STP timer defines the length of time spent in the listening and learning states?
hello time
forward aging
-> forward delay
max age
max delay
13
Which protocol extends the IEEE 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning
trees?STP
RSTP+
CST
-MST
14
Users complain that they lost connectivity to all resources in the network. A network administrator
suspects the presence of a bridging loop as a root cause of the problem. Which two actions will
determine the existence of the bridging loop? (Choose two.)
Confirm MAC port security is enabled on all access switches.
-> Check the port utilization on devices and look for abnormal values.Verify that the management VLAN is properly configured on all root bridges.
-> Capture the traffic on the saturated link and verify if duplicate packets are seen.
Ensure that the root guard and loop guard are properly configured on all distribution links.
15
Refer to the exhibit. Switch SW1 is receiving traffic from SW2. However, SW2 is not receiving traffic
from SW1. Which STP feature should be implemented to prevent inadvertent loops in the network?
-
8/4/2019 Chapter 1
13/43
-> UDLD
PortFast
BPDU guard
BPDU filtering
16Which statement is true about UDLD?
It is automatically enabled.
It allows devices to transmit traffic one way.
It will disable an EtherChannel bundle if one link has failed.
-it allows a switch to detect a unidirectional link and shut down the affected interface.
17
Refer to the exhibit. What conclusion does the output support?
PortFast is enabled on interface Fa0/6.
IEEE 802.1w is enabled on VLAN 1.
The forward delay timer has been changed from the default value.-> Standard IEEE 802.1D behavior is shown.
18
One switch in a Layer 2 switched spanning-tree domain is converted to PVRST+ using the spanning-
tree mode rapid-pvst global configuration mode command. The remaining switches are running
PVST+. What is the effect on the spanning-tree operation?
Spanning tree is effectively disabled in the network.
The PVRST+ switch forwards 802.1D BPDUs, but does not participate as a node in any spanning
tree.
All switches default to one 802.1D spanning tree for all VLANs.
-> The PVSRT+ reverts to PVST+ to interoperate with the PVST+ switches.
19
Which interfaces should loop guard be enabled on?
root ports
designated ports
-root port and alternate ports
ports configured with PortFast
root port and ports configured with PortFast
20
Which protocol should an administrator recommend to manage bridged links when the customerrequires a fully redundant network that can utilize load balancing technologies and reconverge on
link failures in less than a second?
IEEE 802.1Q (CST)
-IEEE 802.1s (MST)
Cisco PVST+
IEEE 802.1D(STP)
-
8/4/2019 Chapter 1
14/43
--------------------------------------------------------------------------------
-- Chapter 4 -----------------------------------------------------------------
--------------------------------------------------------------------------------
4 Exam (+/- solutions):
1
Refer to the exhibit and the partial configuration taken on routers RTA and RTB. All users can ping
their gateways, but users on VLAN 5 and VLAN 10 cannot communicate with the users on VLAN 20.
What should be done to solve the problem?
A dynamic routing protocol or static routes should be configured on the routers.
A trunk should be configured between routers RTA and RTB.
RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces, each with ISL
encapsulation.RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces, each with
802.1Q encapsulation.
2
Which condition will cause a packet to be process-switched instead of CEF switched?
packets that are switched to an outgoing interface with an outbound ACL applied
packets with a destination interface that is chosen by a routing protocol
-> packets that need to be fragmented on the outgoing interface
packets with a destination interface that is chosen by a static route
packets that use TCP header options
3
Refer to the exhibit and the partial configuration taken on router RTA. Users on VLAN 5 cannot
communicate with the users on VLAN 10. What should be done to fix the problem?
A dynamic routing protocol should be configured on the router.
Two static routes should be configured on the router, each pointing to each subnet.
The Fa0/0 interface should be configured with a primary IP address of 10.10.5.1/24 and a secondary
IP address of 10.10.10.1/24.
The subinterfaces of the router should be configured with 802.1Q encapsulation.
4
Which two statements are true about switched virtual interfaces (SVI) on a multilayer switch?(Choose two.)
An SVI behaves like a regular router interface but does not support VLAN subinterfaces.
An SVI is a physical switch port with Layer 3 capability.
By default, an SVI is created for the default VLAN (VLAN1).
Only one SVI can be associated with a VLAN.
To create an SVI requires removal of Layer 2 port functionality with the no switchport interface
configuration command.
-
8/4/2019 Chapter 1
15/43
5
Refer to the exhibit. An administrator wants to ensure that CEF is functioning properly on the
switches between hosts A and B. If the administrator wants to verify the CEF FIB table entry for the
route 10.10.5.0/24 on Sw_MLSA, what should the adjacency IP address be?
10.10.10.110.10.10.2
10.10.5.1
10.10.5.2
6
Refer to the exhibit. Which statement is true regarding the diagram and show ip route command
output?
Because no routing protocol has been configured, the router will not forward packets between
workstations.
The default gateway for hosts on VLAN 10 should be the Fa0/0 IP address of the router.
The default gateway for hosts on VLAN 10 should be the Fa0/0.1 IP address of the router.The default gateway for hosts on VLAN 10 should be the Fa0/0.2 IP address of the router.
Because their packets are being trunked, hosts on VLAN 10 do not need a default gateway.
7
Refer to the exhibit. What additional configuration is required for host A to receive IP configuration
from the DHCP server?
The ip address dhcp command is required on interface Fa0/0.
The ip dhcp information option command is required on interface Fa0/1.
The ip helper-address 10.1.2.10 command is required on interface Fa0/0.
The ip forward-protocol 37 global configuration command is required to forward DNS requests to IP
address 10.1.2.10.The ip forward-protocol 67 global configuration command is required to forward DHCP requests to IP
address 10.1.2.10.
The ip forward-protocol 69 global configuration command is required to forward TFTP requests to IP
address 10.1.2.10.
8
What is true about TCAM lookups that are associated with CEF switching?
TCAM includes only Layer 3 lookup information.
-> A single TCAM lookup provides Layer 2, Layer 3, and ACL information
TCAM lookup tables are used only for the Layer 3 forwarding operation.
TCAM lookup tables are used only for the rapid processing of ACLs within CEF.
9
A client computer is set up for DHCP and needs an IP configuration. During the DHCP client
configuration process, which response will enable the client to begin using the assigned address
immediately?
DHCPACK
DHCPREQUEST
-
8/4/2019 Chapter 1
16/43
DHCPOFFER
DHCPDISCOVER
10
Refer to the exhibit. The router has been properly configured for the trunking interface. Which
statement is true about the routing table on the router?It will show a next hop address of the switch for both VLANs.
It will show one trunking route to 10.0.0.0/8.
It should contain routes to the 10.10.10.0/24 and the 10.10.11.0/24 networks.
Because the switch is not configured properly to trunk VLAN 1 and VLAN 2, the routing table of the
router will not show routes to either VLAN .
Because the switch port fa0/1 is in access mode, the routing table of the router will not show any
routes.
11
Which three events will cause the Forwarding Information Base (FIB) table to be updated? (Choose
three.)-> An ARP entry for the destination next hop changes, ages out, or is removed.
The FIB table is cleared with the clear fib adjacency * command.
-> The routing table entry for the next hop changes.
The IP packets have an expiring TTL counter.
The TCAM table is flushed and reactivated.
-> The routing table entry for a prefix changes.
12
A DHCPREQUEST message has been sent from the client to the DHCP server. What information is
included in the message?
initial message to locate a DHCP server-> formal request for the offered IP address
confirmation that the IP address has been allocated to the client
denial message to reject the first offer from the DHCP server
13
Which statement is true about the CEF forwarding process?
The FIB table contains the Layer 2 rewrite information.
Adjacency table lookups use the closest Layer 3 prefix match.
The adjacency table eliminates the need for the ARP protocol.
After an IP prefix match is made, the process determines the associated Layer 2 header rewrite
information from the adjacency table.
14
Which three statements about a routed switch interface are true? (Choose three.)
A routed switch port is a physical device that is associated with several VLANs.
-> A routed switch port is created by configuring a Layer 2 port with the no switchport interface
configuration command and assigning an IP address.
A routed switch port is created by entering VLAN interface configuration mode and assigning an IP
-
8/4/2019 Chapter 1
17/43
address.
A routed switch port is a virtual Layer 3 interface that can be configured for any VLAN that exists on
a Layer 3 switch.
-> A routed switch port provides an interface that may provide a Layer 3 connection to a next-hop
router.
-> A routed switch port can serve as a default gateway for devices.
15
Which two statements are true about routed ports on a multilayer switch? (Choose two.)
A routed port behaves like a regular router interface and supports VLAN subinterfaces.
A routed port is a physical switch port with Layer 2 capability.
A routed port is not associated with a particular VLAN.
To create a routed port requires removal of Layer 2 port functionality with the no switchport interface
configuration command.
The interface vlan global configuration command is used to create a routed port.
16Refer to the exhibit. Based on the debug ip dhcp server packet output, which statement is true?
The client sends a DHCPDISCOVER that contains IP address 10.1.10.21 to the DHCP server.
The client sends a DHCPREQUEST that contains IP address 10.1.10.21 to the DHCP server.
The client sends the BOOTREPLY broadcast message to inquire for a new IP address.
The client accepts the offer from the DHCP server for the 10.1.10.21 IP address.
17
What is an advantage to using a trunk link to connect a switch to an external router that is providing
inter-VLAN routing?
-> works with any switch that supports VLANs and trunking
lowers latencyprovides redundancy to the VLANs
reduces CPU overhead
18
Which statement describes what occurs when a DHCP request is forwarded through a router that
has been configured with the ip helper-address command?
The router replaces the source MAC address included in the DHCP request with its own MAC
address.
The router replaces the source IP address of the DHCP request with the IP address that is specified
with the ip helper-address command.
-> The router replaces the broadcast destination IP address of the DHCP request with the unicast IPaddress that is specified with the ip helper-address command.
The router replaces the unicast destination IP address of the DHCP request with the unicast IP
address that is specified with the ip helper-address command.
19
Refer to the exhibit and the show ip cef output. What can be concluded from the output?
-> The output validates that the CEF FIB entry for 10.10.5.0/24 is correct.
-
8/4/2019 Chapter 1
18/43
The cached adjacency address is 10.10.10.1.
The next hop address is 10.10.10.1.
The output shows that packets destined to 10.10.5.0/24 have not been processed by CEF.
20
A client sends a request for an IP address to a DHCP server. Which DHCP message to the client willprovide the configuration parameters that include an IP address, a domain name, and a lease for the
IP address?
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
DHCPACK
--------------------------------------------------------------------------------
-- Chapter 5 -----------------------------------------------------------------
--------------------------------------------------------------------------------
5 Exam (+ solutions):
1
Which syslog entry has a severity code that indicates the most serious situation?
Mar 17 06:03:21: 10.1.1.1 %SYS-6-BOOTTIME: Time taken to reboot after reload = 551932
seconds
Mar 17 06:42:20: 10.1.1.1 %SYS-5-CONFIG_I: Configured from console by mwmwm on vty0
(192.168.254.5)
Mar 17 06:42:21: 10.1.1.1 %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered onFastEthernet0/3 (not half duplex), with NA-1.30.foo.com FastEthernet0/24 (half duplex).
Mar 17 06:42:22: 10.1.1.1 %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3,
changed state to down
-> Mar 17 06:42:22: 10.1.1.1 %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Mar 17 06:43:02: 10.1.1.1 %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3,
changed state to up
2
What is considered a best practice for an optimal redundant network?
-> Access switches should have redundant connections to redundant distribution switches.
Access switches should have a backup connection to at least one core deviceDual distribution switches should connect individually to separate core switches.
Three distribution switches should be implemented so that the third switch can take the role of active
or standby, as necessary.
3
What SNMP attribute provides the best security?
authNoPriv
-
8/4/2019 Chapter 1
19/43
-> authPriv
community string
noAuthNoPriv
SNMPv2
4Refer to the exhibit. Which statement is correct about the network?
-> A Layer 3 link should be installed between the two distribution switches to avoid unexpected traffic
paths and multiple convergence events.
The root bridge and HSRP active router should be two different devices.
A Layer 2 access link is required between the two access switches to ensure optimal redundancy.
A third distribution switch should be installed to create redundancy in the event the root bridge fails.
5
Refer to the exhibit. What action does the command standby 1 track Serial0/0/0 on router R1
perform?
It links the default gateway virtual address 192.168.21.10 to the IP address 192.168.31.1 oninterface Serial0/0/0.
It links the default gateway virtual address 192.168.21.10 to the IP address 192.168.42.2 on
interface Serial0/0/0.
It tracks the state of the Fa0/0 interface on R1 and brings down the priority of standby group 1 if the
interface goes down.
-> It tracks the state of the Serial0/0/0 interface on R1 and brings down the priority of standby group
1 if the interface goes down.
6
What is the main purpose of implementing Cisco NSF?
-> to continue forwarding IP packets following an RP switchoverto forward all STP updates to all switches in the network.
to keep a backup copy of the latest MAC table in the event of RAM failure.
to move switch ports that are currently in blocking mode to forwarding mode with minimal packet
loss
7
Refer to the exhibit. Which feature does a SNMP manager need in order to set a parameter on
switch ACSW1?
a manager using an SNMP string of K44p0ut
a manager using host 172.16.128.50
-> a manager using SNMPv1, 2, or 2ca manager using authPriv
8
Refer to the exhibit. Based on the output, how many virtual servers are required?
zero
one
-> two
-
8/4/2019 Chapter 1
20/43
three
four
five
9
Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two.)A router in the speak state sends periodic hello messages to all routers in the group to acquire a
virtual IP address.
-> A router in the speak state sends periodic hello messages and actively participates in the election
of the active or standby router.
A router in the standby state forwards packets that are sent to the group virtual MAC address.
-> The router in the standby state is a candidate to become the next active router.
The router that is not the standby or active router will remain in the speak state.
10
Refer to the exhibit. Which statement is true about best practice and the exhibited network design?
-> The Layer 2 VLAN number should be mapped to the Layer 3 subnet for ease of use andmanagement.
The HSRP active router for VLAN 55 and VLAN 60 should be the same switch.
A Layer 2 access port should be placed between the access switches.
The uplink between the access switches and the distribution switches should be trunk links.
11
When using RPR, what two events can trigger a switchover from the active to the standby
Supervisor Engine? (Choose two.)
-> clock synchronization failure between the Supervisor Engines
loss of packets from the root bridge
-> an RP or SP crash on the active Supervisor Engineframes received on a port that is in blocking mode
port failure
12
How is server IP addressing handled by Cisco IOS server load balancing (SLB) in dispatched mode?
The default gateway address for the subnet is assigned to the virtual server.
-> The real servers are configured with the virtual server address as loopback addresses or
secondary IP addresses.
The virtual server is assigned an IP address unknown to any of the real servers.
The real servers are configured with IP addresses that differ by a power of 2.
13
How does Cisco IOS server load balancing (SLB) enhance security of a real server?
The IP address of the real server is not needed with IOS SLB, which relies only on MAC addresses.
The IP address of the real server is translated with Network Address Translation (NAT).
The IP address of the real server is advertised as part of a distinct network.
-> The IP address of the real server is never announced to the external network.
-
8/4/2019 Chapter 1
21/43
14
Refer to the exhibit. Based on the provided configuration, which routers are the master and the
backup virtual routers for the hosts that are connected to the VRRP group 1?
Router R1 is the master for all hosts, and router R2 is the backup for all hosts in the group.
-> Router R1 is the master for Host1 and Host2. Router R2 is the master for Host3 and Host4.
Router R1 is the master for Host3 and Host4. Router R2 is the backup for Host3 and Host4.Because of incorrect configuration of the default gateway on the hosts, none of the routers is the
master for the VRRP group.
15
Refer to the exhibit. From the syslog output, what option is set on the switch sending the messages?
The sequence number is set.
-> The time stamp is set for uptime.
The logging severity level is set to 3.
The logging facility number is set to sys12.
16Refer to the exhibit. Switch DSw1 is the active virtual gateway (AVG) and DSw2 is an active virtual
forwarder (AVF). Based on this information, which two GLBP statements are true? (Choose two.)
GLBP is a Cisco proprietary protocol and is supported on all Cisco Catalyst and Cisco router
platforms.
None of the switches have had their priority configured.
Switch DSw1 assigns the virtual IP addresses to switch DSw2.
-> Switch DSw2 has been configured with the glbp 1 priority 95 command.
-> Two more multilayer switches could join this group.
When host A sends an ARP message for the gateway IP address, switch DSw1 returns the physical
MAC address of switch DSw2.
17
Refer to the exhibit. Which IP SLA statement is true?
IP SLA operation 99 has been incorrectly configured.
IP SLA operation 99 has stopped monitoring the target device.
-> IP SLA operation 99 had 211 successful replies from the target device.
IP SLA operation 100 has been incorrectly configured.
IP SLA operation 100 has stopped monitoring the target device.
IP SLA operation 100 had 211 successful replies from the target device.
18
Refer to the exhibit. What statement is true about the output of the show standby command?The current priority of this router is 120.
-> The router is currently forwarding packets.
This router is tracking two properly operating interfaces.
This router is in the HSRP down state because its tracked interfaces are down.
19
What three steps will configure Cisco IOS server load balancing (SLB) in a server farm that is in a
-
8/4/2019 Chapter 1
22/43
data center with real servers? (Choose three.)
Globally enable IOS SLB.
-> Define the server farm.
Add a trunk link to the switch to connect the real servers.
-> Associate the real server with the server farm.
Define the virtual IP address.-> Enable the real server and define it to be used for the server farm.
20
Refer to the exhibit. What is the effect of the serverfarm RESTRICTED command?
associates the primary serverfarm RESTRICTED_HTTP to the virtual server RESTRICTED
enables the virtual server RESTRICTED_HTTP
-> associates the primary serverfarm RESTRICTED to the virtual server RESTRICTED_HTTP
enables the virtual server RESTRICTED
defines the virtual server RESTRICTED
defines the virtual server RESTRICTED_HTTP
--------------------------------------------------------------------------------
-- Chapter 6 -----------------------------------------------------------------
--------------------------------------------------------------------------------
6 Exam (+ solutions):
1
Which countermeasure can be implemented to determine the validity of an ARP packet, based on
the valid MAC-address-to-IP address bindings stored in a DHCP snooping database?DHCP spoofing
-> dynamic ARP inspection
CAM table inspection
MAC snooping
2
What are two purposes for an attacker launching a MAC table flood? (Choose two.)
to initiate a man-in-the-middle attack
-> to initiate a denial of service (DoS) attack
-> to capture data from the network
to gather network topology informationto exhaust the address space available to the DHCP
3
Refer to the exhibit. What is the state of the monitoring session?
This is a remote monitored session.
-> No data is being sent from the session.
SPAN session number 2 is being used.
-
8/4/2019 Chapter 1
23/43
The session is only monitoring data sent out Fa0/1.
4
Refer to the exhibit. Which statement is true about the local SPAN configuration on switch SW1?
-> The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on
port Fa3/1.The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port
Fa3/1, but only if port Fa3/1 is configured in VLAN 10.
The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port
Fa3/1, but only if port Fa3/1 is configured as trunk.
The SPAN session transmits to a device on port Fa3/21 only a copy of unicast traffic that is
monitored on port Fa3/1. All multicast and BPDU frames will be excluded from the monitoring
process.
5
What advantage for monitoring traffic flows does using VACLs with the capture option offer over
using SPAN?VLAN ACLs can be used to capture denied traffic.
VLAN ACLs can be used to capture traffic on a spanning-tree blocked port.
-> VLAN ACLs can be used to capture traffic based on Layer 2, 3, or 4 information.
VLAN ACLs can be used to capture traffic to the CPU separate from the traffic that is hardware
switched.
6
Refer to the exhibit. A network engineer is securing a network against DHCP spoofing attacks. On all
switches, the engineer applied the ip dhcp snooping command and enabled DHCP snooping on all
VLANs with the ip dhcp snooping vlan command. What additional step should be taken to configure
the security required on the network?-> Issue the ip dhcp snooping trust command on all uplink interfaces on SW1, SW2 and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW2 and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3 except
interface Fa0/1 on SW1.
7
Refer to the exhibit. Given the configuration on the ALSwitch, what is the end result?
forces all hosts that are attached to a port to authenticate before being allowed access to the
network
-> disables 802.1x port-based authentication and causes the port to allow normal traffic withoutauthenticating the client
enables 802.1x authentication on the port
globally disables 802.1x authentication
8
What technology can be used to help mitigate MAC address flooding attacks?
root guard
-
8/4/2019 Chapter 1
24/43
Private VLANs
DHCP snooping
-> VLAN access maps
Dynamic ARP Inspection
9What is one way to mitigate spanning-tree compromises?
-> Statically configure the primary and backup root bridge.
Implement private VLANs.
Place all unused ports into a common VLAN (not VLAN 1).
Configure MAC address VLAN access maps.
10
Which statement is true about a local SPAN configuration?
A port can act as the destination port for all SPAN sessions configured on the switch.
A port can be configured to act as a source and destination port for a single SPAN session.
-> Both Layer 2 and Layer 3 switched ports can be configured as source or destination ports for asingle SPAN session.
Port channel interfaces (EtherChannel) can be configured as source and destination ports for a
single SPAN session.
11
All access ports on a switch are configured with the administrative mode of dynamic auto. An
attacker, connected to one of the ports, sends a malicious DTP frame. What is the intent of the
attacker?
-> VLAN hopping
DHCP spoofing attack
MAC flooding attackARP poisoning attack
12
What is the function of the 6500 Network Analysis Module?
monitors traffic on ingress ports
sends TCP resets to an attacker TCP session
-> gathers multilayer information from data flows that pass through the switch
provides remote monitoring of multiple switches across a switched network
13
What is one way to mitigate ARP spoofing?-> Enable dynamic ARP inspection.
Configure MAC address VLAN access maps.
Enable root guard.
Implement private VLANs.
14
Which configuration guideline applies to using the capture option in VACL?
-
8/4/2019 Chapter 1
25/43
Capture ports transmit traffic that belongs to all VLANs.
The capture port captures all packets that are received on the port.
The switch has a restriction on the number of capture ports.
-> The capture port needs to be in the spanning-tree forwarding state for the VLAN.
15How should unused ports on a switch be configured in order to prevent VLAN hopping attacks?
Configure them with the UDLD feature.
Configure them with the PAgP protocol.
Configure them as trunk ports for the native VLAN 1.
-> Configure them as access ports and associate them with an unused VLAN.
16
Refer to the exhibit. Which statement is true about the VSPAN configuration on switch SW1?
The VSPAN session that is configured on port Fa3/4 can monitor only the ingress traffic for any of
the VLANs.
The VSPAN session that is configured on port Fa3/4 can monitor only the egress traffic for any ofthe VLANs.
Port Fa3/4 must be associated with VLAN 10 or VLAN 20 in order to monitor the traffic for any of the
VLANs.
-> The VSPAN session transmits a copy of the ingress traffic for VLAN 10 and the egress traffic for
VLAN 20 out interface Fa3/4.
17
Refer to the exhibit. Network policy dictates that security functions should be administered using
AAA. Which configuration would create a default login authentication list that uses RADIUS as the
first authentication method, the enable password as the second method, and the local database as
the final method?SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius local
SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius enable local
-> SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius enable local
SW-1(config)# aaa new-model
SW-1(config)# radius server host 10.10.10.12 key secretSW-1(config)# aaa authentication login default group radius enable local none
SW-1(config)# aaa new-model
SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group-radius enable local none
18
Refer to the exhibit. After the configuration has been applied to ACSw22, frames that are bound for
-
8/4/2019 Chapter 1
26/43
the node on port FastEthernet 0/1 are periodically being dropped. What should be done to correct
the issue?
-> Add the switchport port-security mac-address sticky command to the interface configuration.
Change the port speed to speed auto with the interface configuration mode.
Use the switchport mode trunk command in the interface configuration.
Remove the switchport command from the interface configuration.
19
Refer to the exhibit. A switch is being configured to support AAA authentication on the console
connection. Given the information in the exhibit, which three statements are correct? (Choose three.)
The authentication login admin line console command is required.
-> The login authentication admin line console command is required.
The configuration creates an authentication list that uses a named access list called group as the
first authentication method, a TACACS+ server as the second method, the local username database
as the third method, the enable password as the fourth method, and none as the last method.
-> The configuration creates an authentication list that uses a TACACS+ server as the first
authentication method, the local username database as the second method, the enable password asthe third method, and none as the last method.
-> The none keyword enables any user logging in to successfully authenticate if all other methods
return an error.
The none keyword specifies that a user cannot log in if all other methods have failed.
20
What Cisco tool can be used to monitor events happening in the switch?
-> Embedded Event Manager
Intrusion Prevention System
Network Analysis module
Switched Port Analyzer
--------------------------------------------------------------------------------
-- Chapter 7 -----------------------------------------------------------------
--------------------------------------------------------------------------------
7 Exam (+ solutions):
1
Which configuration-related step is required for IGMP snooping on a Catalyst switch?Enable IGMP snooping in global configuration mode.
Configure the IGMP snooping method.
Enable multicast routing in global configuration mode.
-> None - IGMP snooping is enabled globally by default.
2
For configuring IP multicast routing, what is the purpose of the global configuration mode command
-
8/4/2019 Chapter 1
27/43
ip pim send-rp-announce 10.1.1.1?
enables IP multicast routing with router ID 10.1.1.1
assigns the role of rendezvous point mapping agent to the router with IP address 10.1.1.1
-> announces the candidacy of the router with IP address 10.1.1.1 as the rendezvous point for all
multicast groups
enables protocol independent multicast (PIM) with router ID 10.1.1.1
3
What is the result of the global configuration command ip pim send-rp-discovery Loopback0 scope
3?
The router sends broadcast group-to-RP mapping messages so that other routers can automatically
discover the RP.
The routers sends group-to-RP mapping messages to 224.0.1.39 so that other routers can
automatically discover the RP.
-> The router sends group-to-RP mapping messages to 224.0.1.40 so that other routers can
automatically discover the RP.
The router advertises itself as the RP by sending messages to the 224.0.1.39 address.
4
What is the IP address for the Cisco-RP-announce multicast group?
224.0.1.1
-> 224.0.1.39
224.0.1.40
224.0.0.40
5
The bootstrap router (BSR) mechanism of automating the distribution of rendezvous point (RP)
information uses which IP address to disseminate information to all protocol independent multicast(PIM) routers?
-> 224.0.0.13
224.0.1.13
224.1.0.13
224.1.1.13
6
Refer to the exhibit. Router R6 has sent a join message to router R4 requesting multicast traffic for
users in the multicast group 224.1.1.1. How will the multicast traffic that is sent from the multicast
server SRC through the R1-R3-R5 path be handled at router R6?
-> The multicast traffic will be dropped.The multicast traffic will be sent to switch SW1, which will drop the traffic.
The multicast traffic will be forwarded to all users in the multicast group 224.1.1.1.
The multicast traffic will be sent back to the rendezvous point (RP) through the R4-R2-R1 path.
7
Refer to the exhibit. The network has EIGRP configured on all routers and has converged on the
routes advertised. PIM sparse mode has been also configured on all routers. The routers between
-
8/4/2019 Chapter 1
28/43
-
8/4/2019 Chapter 1
29/43
In PIM-SM deployment, all routers create only (*,G) entries for the multicast groups.
In PIM-DM, a multicast sender first registers with the RP, and the data stream begins to flow from
sender to RP to receiver.
Available network bandwidth is overutilized outside of the multicast routing zone because multiple
streams of data are required between distant routers in place of a single transmission.
-> All routers in the PIM network learn about the active group-to-RP mapping from the RP mappingagent by automatically joining the Cisco-RP-discovery (224.0.1.40) multicast group.
-> In a PIM-SM network, the routers have the SPT threshold set to 0 by default which guarantees
that the last-hop router switches to SPT mode as soon as the host starts receiving the multicast.
12
What are two reasons to implement wireless in a network? (Choose two.)
increased security
-> increased mobility
-> increased productivity
increased cost savings
increased throughput
13
What is true about the differences between wireless LANs (WLANs) and LANs?
A VPN connection that uses IPsec is not possible with WLANs.
WLANs do not use MAC addresses.
WLANs use CSMA/CA rather than CSMA/CD because WLANs operate at half-duplex.
-> WLANs use CSMA/CA rather than CSMA/CD because WLANs cannot detect collisions.
WLANs use CSMA/CD rather than CSMA/CA because wireless LANs operate on multiple
frequencies.
WLANs use CSMA/CD rather than CSMA/CA because WLANs operate at full-duplex.
14
Which statement is true about the split MAC architecture?
-> It distributes the processing of 802.11 data and management protocols between a lightweight
access point and a centralized WLAN controller.
Multiple devices can be grouped together to combine total bandwidth.
The conversation flow can be split between multiple switches.
The conversation flow can be split between multiple routers.
15
What are two reasons to implement voice in a network? (Choose two.)
-> cost savings-> increased productivity
stronger security
increased data throughput
easier administration
16
What method of QoS gives preferential handling for predefined classes of traffic?
-
8/4/2019 Chapter 1
30/43
best-effort services
-> differentiated services
hard QoS services
integrated services
17What is a major difference between traffic shaping and policing?
-> Traffic shaping buffers excessive traffic to smooth traffic whereas policing drops excessive traffic.
Traffic shaping is preferred for traffic flows such as voice and video whereas policing is better for
TCP flows.
Traffic shaping controls the rate traffic flows through a switch whereas policing controls traffic flows
through a router.
Traffic shaping marks traffic with Layer 2 class of service (CoS) whereas policing marks traffic with
the ToS bits in the IP header.
18
Where should QoS classification and marking be done?-> access layer
at the first router interface
core layer
distribution layer
19
What is the function of a gateway within a VoIP network?
-> provides translation between VoIP and non-VoIP networks
provides connection admission control (CAC), bandwidth control and management, and address
translation
provides real-time connectivity for participants in multiple locations to attend the same videoconference or meeting
provides call control for IP phones, CAC, bandwidth control and management, and address
translation
20
What are two best practices when implementing voice in a network? (Choose two.)
-> Create a separate VLAN for voice traffic.
-> Utilize Power over Ethernet.
Minimize the volume of the data traffic.
Remove all QoS policies that are applied in the network.
Implement access control lists at the distribution layer.
--------------------------------------------------------------------------------
-- FINAL ----------------------------------------------------------------------
--------------------------------------------------------------------------------
-
8/4/2019 Chapter 1
31/43
FINAL Exam (+ solutions):
1
Refer to the exhibit. Assuming that the switch is running Multiple Spanning Tree (MST), which
conclusion can be made based on the output?Spanning-tree load balancing is in effect.
All VLANs are mapped to MST instance 2.
PVRST+ is still operating on switch DLS1.
PVST+ is still operating on switch DLS1.
-> MST will require fewer resources than PVST+ or PVRST+.
2
What is the most fundamental form of high availability when using Catalyst modular switches?
Spanning Tree Protocol
routing protocol
First Hop Redundancy Protocol (FHRP)-> Supervisor Engine redundancy
redundant switching modules
3
How should a switch port be configured for a connection to a standalone wireless access point that
provides multiple VLAN-separated SSIDs?
-> as a trunk port
as a routed port
as an access port
as a switched virtual interface
4
A network administrator wants to implement inter-VLAN routing in the network. Which interfaces
should be configured as routed ports?
all interfaces on links 5 and 6
all interfaces on links 1, 2, 3, and 4
-> all interfaces on links 1, 2, 3, 4, 5, and 6
all interfaces between the distribution and the access switches
5
What three features are provided by IEEE 802.1Q trunking? (Choose three.)
securityresilience
-> QoS support
-> multivendor support
-> relatively small frame overhead
multicast support
6
-
8/4/2019 Chapter 1
32/43
What is the most common method of configuring inter-VLAN routing on a Layer 3 switch?
Configure the switch physical interface so that the router will have an interface in each VLAN.
For each VLAN, configure trunking between the router and the switch.
Configure a routing protocol on the Layer 3 switch to include each interface.
-> Configure switch virtual interfaces. The result is that the router will have a virtual interface in each
VLAN.
7
What is a characteristic of a standalone WLAN solution?
has no centralized monitoring
has no centralized management
-> has no centralized operational control
has no centralized access authentication
8
Which architecture enables enterprises to offer important network services, such as security, new
communication services, and improved application performance to every office, regardless of its sizeor proximity to headquarters?
Cisco Enterprise Campus Architecture
Cisco Enterprise Data Center Architecture
-> Cisco Enterprise Branch Architecture
Cisco Enterprise Teleworker Architecture
9
Which multilayer switching forwarding method does Cisco Express Forwarding (CEF) use?
route caching
process switching
silicon switching-> topology-based switching
10
Which benefit is provided by centralizing servers in a data center server farm?
It keeps client-to-server traffic local to a single subnet.
Servers that are located in a data center require less bandwidth.
-> It is easier to filter and prioritize traffic to and from the data center.
Server farms are not subject to denial of service attacks.
11
When a port security violation occurs on a switch port, the switch sends a syslog message but doesnot shut down the port. What port security mode is in effect?
sticky
shutdown
-> restrict
protect
12
-
8/4/2019 Chapter 1
33/43
Refer to the exhibit. What statement is true about the way HSRP is configured?
Switch DLS1 is the standby router for VLANs 1,10, and 20.
Switch DLS2 is the standby router for VLANs 30 and 40.
Issuing the show standby command on switch DSL1 will reveal that the HSRP state for VLAN 10 is
standby.
Issuing the show standby command on switch DSL2 will reveal that the HSRP state for VLAN 30 isstandby.
-> By setting different priorities on different VLANs, a type of load balancing is occurring.
If the Ethernet cables between switch DLS2 and switch ALS1 were severed, Payroll Host would not
be able to reach SQL Server.
13
Which two procedures should be implemented and in place when deploying VoIP in a campus
network? (Choose two.)
Keep voice and data traffic in the same VLAN and mark the traffic for high priority treatment.
-> Create voice VLANs to keep voice traffic separate from other data to ensure special handling of
the traffic.Configure traffic shaping QoS policy to guarantee minimum delay for the voice traffic.
-> Configure QoS policy to classify the voice traffic in the priority queue to guarantee reserved
bandwidth allocation for the traffic.
Configure the Weighted Random Early Detection (WRED) congestion avoidance mechanism to
guarantee that the voice traffic will be placed in the priority queue.
14
Refer to the exhibit. What additional configuration is required in order for users in VLAN 10 to
communicate with the users in VLAN 20?
-> Configure interface Fa0/1 on SW1 as a trunk.
Remove the subinterfaces on R1 and configure interface Fa0/0 as a trunk.Configure interfaces Fa0/2 and Fa0/3 on SW1 as trunk links.
Configure VLAN 100 as a data VLAN and VLAN 1 as the native VLAN.
15
Refer to the exhibit. The exhibit contains the configuration for a Cisco access device. How will
someone dialing in be authenticated?
local username and password
TACACS+ server
-> RADIUS server and, if that fails, local username and password
TACACS+ server
TACACS+ server and, if that fails, local username and passwordRADIUS server and, if that fails, TACACS+ server
16
Which three actions are taken when the command switchport host is entered on a switch port?
(Choose three.)
BPDU guard is enabled.
Cisco Discovery Protocol (CDP) is disabled.
VLAN trunking protocol (VTP) is disabled.
-
8/4/2019 Chapter 1
34/43
-> PortFast is enabled.
-> Trunking is disabled.
-> Channel group is disabled.
17
Refer to the exhibit. What is the result of the displayed configuration on switches ASW1 and ASW2?-> BPDU guard puts an interface that is configured for STP PortFast in the err-disable state upon
receipt of a BPDU.
BPDU guard overrides the PortFast configuration and reverts to the default spanning tree
configuration on the access ports.
BPDU guard forces the uplink ports on ASW1 and ASW2 to become designated ports to prevent
DSW2 from becoming a root switch.
BPDU guard places the uplink ports on a ASW1 and ASW2 into the STP loop-inconsistent blocking
state when the ports stop receiving BPDUs.
18
Refer to the exhibit. Switches DSw1 and DSw2 are configured with the HSRP virtual IP address10.10.10.1, and standby priority is set to 100. Assume both switches finish booting at the same time
and HSRP is operating as expected. On the basis of this information, which three HSRP statements
are true? (Choose three.)
Applying the standby 32 timers 10 30 command on the Gi0/2 interfaces of each switch would
decrease the failover time.
-> If the DSw1 and DSw2 switches have been configured to preempt, then DSw2 will be the active
router.
If the DSw1 switch is configured with the standby preempt command and DSw2 is not, then DSw1
will be the active router.
-> The HSRP group number in this HSRP configuration is HSRP group number 50.
-> The standby track command is useful for tracking interfaces that are not configured for HSRP.When host A sends an ARP request for 10.10.10.1, Virtual Router replies with the MAC address of
the active router.
19
Refer to the exhibit. What feature does an SNMP manager need to be able to set a parameter on
ACSw1?
a manager who is using an SNMP string of K44p0ut
a manager who is using an Inform Request MIB
-> a manager who is using host 192.168.0.5
a manager who is using authPriv
20
What are three possible misconfigurations or indicators of misconfigurations on a Layer 3 interface?
(Choose three.)
-> wrong IP address or subnet mask
ports in the wrong VLAN
-> mismatch between SVI and VLAN numbering
disabled VTP pruning
-
8/4/2019 Chapter 1
35/43
-> downed SVI
ACL on wrong interface
21
Which three steps are required to configure interfaces as routed ports on a multilayer Catalyst
switch? (Choose three.)-> Enable IP routing globally.
-> Assign IP addresses to routed ports.
Configure SVI for each VLAN in the network.
Configure 802.1 Q encapsulation on routed ports.
Disable Power over Ethernet (PoE) on the physical Layer 3 interfaces.
-> Disable Layer 2 functionality on interfaces that will be configured as routed ports.
22
Which statement correctly explains the process of mitigating ARP attacks on a switch where
dynamic ARP inspection (DAI) has been configured?
All intercepted packets that come from untrusted ports are dropped.All intercepted packets that come from trusted ports are sent to untrusted ports only.
-> The intercepted packets are verified against the DHCP snooping binding table for valid IP-to-MAC
bindings.
For all intercepted packets, an ARP request is sent to the DHCP server for IP-to-MAC address
resolution.
23
Refer to the exhibit. Given that interface Fa3/42 is an active trunk port, what two conclusions can be
made based on the displayed output? (Choose two.)
-> Root guard is not enabled on interface Fa3/42.
-> Interface Fa3/42 will not pass data traffic if it detects that it is part of a spanning-tree loop causedby unidirectional link failure.
UDLD cannot be configured on interface Fa3/42.
If a spanning-tree loop is detected on VLAN 1, data traffic will be blocked for all VLANs on interface
Fa3/42.
The difference in BPDUs sent and received indicates a loop caused by unidirectional link failure has
been detected.
24
What type of queuing provides the best quality for voice applications?
custom queuing
FIFO queuing-> priority queuing
weighted round robin (WRR) queuing
25
Catalyst Catalyst 6500 switches support which three Supervisor Engine redundancy features?
(Choose three.)
-> Route Processor Redundancy+ (RPR+)
-
8/4/2019 Chapter 1
36/43
distributed CEF (dCEF)
-> Stateful Switchover (SSO)
Resilient Packet Ring (RPR)
-> Nonstop Forwarding (NSF)
Per Line Card Traffic Policing
26
What is the purpose of the debug condition standby vlan vlan-id group-number command in
troubleshooting HSRP?
redirect the debug standby output for the referenced HSRP group to a syslog server on the specified
VLAN
block the debug standby output for the referenced VLAN and HSRP group
display debug standby output only for HSRP traffic that is received by HSRP peers in the specified
VLAN and group
display debug standby output only for HSRP traffic that is sent to HSRP peers in the specified VLAN
and group
-> limit the output of the debug standby command to the specific VLAN interface and HSRP group
27
Refer to the exhibit. The link between switch SW1 and SW2 is manually configured as full duplex on
SW2 and with half duplex on SW1. How could this impact the STP operations?
-> Switch SW2 can move port Fa0/3 into a forwarding state, thereby creating a Layer 2 loop.
Switch SW1 shuts down the Fa0/1 port and thus reinforces a new spanning-tree calculation.
Switch SW2 negotiates the Fa0/1 port on SW1 to be in full-duplex mode which keeps SW1 as the
root bridge for the spanning tree.
Switch SW1 negotiates the Fa0/2 port on SW2 to be in half-duplex mode and thus forces SW2 to
become the root bridge for the spanning tree.
28
Which three parameters must be configured in order to enable SSH? (Choose three.)
retries
-> hostname
timeouts
-> domain name
-> keys
routing protocol
29
The TCAM defines three different match options that correlate to which three specific matchregions? (Choose three.)
bifurcated match
-> longest match
second match
-> exact match
-> first match
third match
-
8/4/2019 Chapter 1
37/43
30
What is required for SLA to capture one-way delays?
two IP SLA responders
a Round Trip Timer value
-> Network Time Protocol (NTP)IP SLA source using TCP port 2020
31
A bridging loop occurs in a network and disrupts user connectivity. What action should be taken by a
network administrator to restore connectivity?
-> Disable ports that should be in the blocking state.
Disable ports that should be in the forwarding state.
Disable and re-enable all ports on the distribution switches.
Disable all ports on the distribution switches and replace with new switches.
32
Refer to the exhibit. What two effects will occur when a fourth distribution module is included in thecampus enterprise network that is depicted in the exhibit? (Choose two.)
-> The inclusion of the fourth module will increase the routing complexity.
It will limit the traffic flow in the network.
It will provide scalability for future growth.
It will impact the security of the traffic between the distribution switches.
-> It will increase the number of additional links that are required to provide redundant connectivity.
33
What is the recommended maximum one-way latency when implementing video over IP for real-time
video applications?
Latency is not a factor for a smooth video over IP implementation.Latency should be defined for voice traffic only (not for video).
-> The recommended maximum one-way latency should not be more than 150 ms.
When mixed video and voice packets are included in the video stream, the latency should be 300
ms.
34
What is the recommended maximum one-way jitter when implementing video over IP for real-time
video applications?
1 ms
2 ms
5 ms-> 10 ms
35
When should a proactive management be performed within the stages of the Cisco Lifecycle
Services?
prepare phase
plan phase
-
8/4/2019 Chapter 1
38/43
design phase
implement phase
operate phase
-> optimize phase
36Which two statements are true about the default operation of STP in a Layer 2 switched environment
that has redundant connections between switches? (Choose two.)
The root switch is the switch with the highest speed ports.
-> Decisions on which port to block when two ports have equal cost depend on the port priority and
index.
All trunking ports are designated and not blocked.
Root switches have all ports set as root ports.
-> Nonroot switches each have only one root port.
37
What are two benefits of local VLANs in the Enterprise Campus Network? (Choose two.)wide coverage because of the fact that a VLAN can be geographically dispersed throughout the
network
-> ease of management because local VLANs are typically confined to the building access
submodule
-> high availability because redundant paths exist at all infrastructure levels
broad expansion domain because the number of devices on each VLAN can easily be added to
IP address conservation because address blocks can be allocated to VLANs
38
Which QoS requirement should be taken into account when implementing VoIP in a campus
environment?The QoS requirements should accommodate the best effort delivery for voice traffic.
The QoS requirements should accommodate the bursty nature of voice traffic.
The QoS requirements should accommodate the intensive demand on bandwidth for voice traffic.
-> The QoS requirements should accommodate the smooth demand on bandwidth, low latency, and
delay for voice traffic.
39
Refer to the exhibit. The indicated configuration was established on the HSRP standby router RTB.
However, the console message %IP-4-DUPADDR started appearing almost immediately on the RTB
router. Given the output of the show standby brief command on RTA, what is the cause of the
problem?The command standby preempt should only be applied on the active router.
The subnet mask is missing from the standby ip 10.1.1.1 command.
-> The group number 50 is missing in the Router RTB configuration commands.
The priority number 150 is missing in the Router RTB configuration commands.
The virtual IP address should be the same as the active router.
The ports on the switch must be configured with the spanning-tree PortFast feature.
-
8/4/2019 Chapter 1
39/43
40
Which three actions can cause problems with a VTP implementation? (Choose three.)
-> using a non-trunk link to connect switches
-> using non-Cisco switches
configuring all switches to be in VTP server mode
not using any VTP passwords on any switches-> using lowercase on one switch and uppercase on another switch for domain names
having a VTP transparent switch in between a VTP server switch and a VTP client switch (all
switches in the same VTP domain)
41
Refer to the exhibit. What two conclusions can be made based on the output? (Choose two.)
Interfaces Fa0/1 through Fa0/6 are trunk ports.
-> Switch DLS1 is not the root bridge for VLAN 1.
-> The Cost column in the lower part of the exhibit is not the cumulative root path cost.
The default spanning-tree timers have been adjusted.
That Fa0/12 is displaying the alternate port role indicates that PVRST+ is enabled.
42
Which STP enhancement should be configured in the network to prevent a nondesignated port to
transition to a forwarding state when a topology change occurs?
Root guard should be implemented on the Layer 2 ports between the distribution switches.
PortFast should be implemented on the uplink ports from the access switches to the distribution
switches.
-> Loop guard should be implemented on the Layer 2 ports between DSW1 and DSW2 and on the
uplink ports from the access switches to the distribution switches.
BPDU guard should be implemented on the Layer 2 ports between DSW1 and DSW2 and on the
uplink ports from the access switches to the distribution switches.
43
Which two items in the TCAM table are referenced in the process of forwarding a packet? (Choose
two.)
VLAN ID
-> ACL information
destination MAC address
-> QoS information
source MAC address
hash key
44
How many physical links can comprise a single PAgP EtherChannel on a Catalyst 3560 switch?
(Choose three.)
-> 2
-> 5
-> 8
10
-
8/4/2019 Chapter 1
40/43
12
13
16
45
Which two types of attacks can be mitigated by port security? (Choose two.)dictionary
-> denial of service (DoS)
replay
-> MAC-address flooding
password
46
Which three statements about RSTP edge ports are true? (Choose three.)
Edge ports function similarly to UplinkFast ports.
-> Edge ports should never connect to another switch.
-> If an edge port receives a BPDU, it becomes a normal spanning-tree port.
Edge ports immediately transition to learning mode and then forwarding mode when enabled.-> Edge ports never generate topology change notifications (TCNs) when the port transitions to a
disabled or enabled status.
Edge ports can have another switch connected to them as long as the link is operating in full duplex.
47
Which three issues can cause devices to become disconnected across a trunk link? (Choose three.)
-> native VLAN mismatch
unassigned management VLAN
-> Layer 2 interface mode incompatibilities
missing default VLAN
-> mismatched trunk encapsulationsPAgP not enabled
48
What are two actions a hacker may take in a VLAN hopping attack? (Choose two.)
replying to ARP requests that are intended for other recipients
-> sending malicious dynamic trunking protocol (DTP) frames
replying to DHCP requests that are intended for a DHCP server
sending a unicast flood of Ethernet frames with distinct source MAC addresses
-> sending frames with two 802.1Q headers
49How do FlexLink and STP operate together?
If an active STP port is blocked, the active FlexLink port will take over.
Both the active STP port and active FlexLink port can forward traffic simultaneously.
Both the active STP port and active FlexLink port can forward traffic simultaneously but only for
different VLANs.
-> STP can be active in the distribution layer, but is unaware of any FlexLink updates in the access
layer.
-
8/4/2019 Chapter 1
41/43
50
Refer to the exhibit. What is the problem between the connection on Switch1 and Switch2?
native VLAN mismatch
-> encapsulation mismatch
switchport mode mismatchVTP mismatch
DTP mismatch
hardware failure
51
Refer to the exhibit. What happens if interface gigabitEthernet 5/1 on SwitchA stops receiving UDLD
packets?
UDLD stops trying to establish a connection with the neighbor.
-> UDLD changes the port state to err-disable.
UDLD changes the port to loop-inconsistent blocking state.
UDLD sends hello messages to its neighbor at a rate of one per second to attempt to recover theconnection.
52
When troubleshooting GLBP in an environment with a VLAN that spans multiple access layer
switches, a network engineer discovers that suboptimal paths are being used for upstream traffic.
What is the recommended solution?
-> Use HSRP instead of GLBP.
Adjust the GLBP timers.
Configure spanning tree so that the spanning-tree topology adjusts with the GLBP active virtual
forwarder (AVF).
Disable GLBP preemption on all route processors.
53
Which two statements are true about routed ports on a multilayer switch? (Choose two.)
A routed port behaves like a regular router interface and supports VLAN subinterfaces.
A routed port is a physical switch port with Layer 2 capability.
-> A routed port is not associated with a particular VLAN.
-> To create a routed port requires removal of Layer 2 port functionality with the no switchport
interface configuration command.
The interface vlan global configuration command is used to create a routed port.
54Refer to the exhibit. What configuration will be required on the DSW switch in order to perform inter-
VLAN routing for all VLANs that are configured on the access switches?
Configure the routing protocol.
-> Configure SVI for each VLAN in the network.
Configure the links between DSW and the access switches as access links.
Configure as routed ports the DSW interfaces that face the access switches.
-
8/4/2019 Chapter 1
42/43
55
Refer to the exhibit. Based on the provided show ip dhcp snooping command, which statement is
true?
-> Only port Fa0/24 can send and receive all DHCP messages.
Ports Fa0/1, Fa0/2, and Fa0/24 can send and receive all DHCP messages.
Only ports Fa0/1 and Fa0/2 can send and receive all DHCP messages.Ports Fa0/1, Fa0/2, and Fa0/24 can send and receive only DHCP requests.
56
What device can be used to support Power over Ethernet (PoE) to power the access points?
a host computer
an IP phone
-> an Ethernet switch
a lightweight access point
57
Refer to the exhibit. What restriction will be presented in a campus enterprise network that isdesigned with four large distribution building blocks?
The implementation of link aggregation will be limited.
The implementation of IGP routing protocols will be limited.
The imp
