Todos

Chapter 2 Exam switch V.
7
Question 1
1 / 1 pts
What plane on a network device is accessed using SSH or SNMP?
Correct!
management plane
control plane
forwarding plane
CAM
Question 2
1 / 1 pts
What feature of CEF allows for Layer 3 switches to use multiple paths?
Correct!
load-balancing
hardware based forwarding
route caching
Netflow LAN switching
Question 3
1 / 1 pts
Which statement is true about the CEF forwarding process?
The FIB table contains the Layer 2 rewrite information.
Adjacency table lookups use the closest Layer 3 prefix match.
The adjacency table eliminates the need for the ARP protocol.
Correct!
After an IP prefix match is made, the process determines the associated Layer 2 header
rewrite information from the adjacency table.
Refer to curriculum topic: 4.4.2
Question 4
0 / 1 pts
In terms of design, which layer of the hierarchical model is the most complex?
access Layer
Correct Answer
distribution Layer Correct Answer
collapsed core Layer

You Answered
core Layer BAD
Refer to Chapter 2.
Question 5
1 / 1 pts
In its network design, a company lists this equipment :
Two Catalyst 4503 Layer 3 switches
One 5500 security appliance firewall
Two Catalyst 6509 switches
Two lightweight access points
Two Catalyst 2960 switches
Which two types of devices from the list would be appropriate to use at the access layer
to provide end-user connectivity? (Choose two.)
Catalyst 4503 switches
Cisco 5500 security appliance firewall

Correct!
lightweight access points

Correct!
Question 6
1 / 1 pts
Which layer 3 switching method used by Catalyst switches offers the greatest
performance?
process switching
Correct!
CEF
fast switching
TCAM
Refer to Chapter 2 of the Foundation Learning Guide
Question 7
1 / 1 pts
For what is the control plane on a catalyst switch responsible?
the catalyst switch does not have a Control Plane; it has a Management Plane
control and remote management of the switch

Correct!
control of the routing protocols and processes running on the switch
control of the layer 2 switching process used by the switch
Question 8
1 / 1 pts
A user needs to access a file server that is located in another department. Which layer of
the Cisco Hierarchical Network Model will process the traffic first?
Correct!
access
core
distribution
control
Question 9
0 / 1 pts
What is the purpose of the Cisco Enterprise Architecture and the hierarchical desgin?
It replaces the three-layer hierarchical model with a flat network approach.

Correct Answer
Each element in the hierarchy has a specific set of functions and services that it offers
and specific role.--> Correct Answer
You Answered
It provides services and functionality to the core layer by grouping various components
into a single component that is located in the access layer. BAD
It reduces overall network traffic by grouping server farms, the management server,
corporate intranet, and e-commerce routers in the same layer.
Question 10
1 / 1 pts
Which two features are unavailable on a Layer 2 switch? (Choose two.)
use of ASICs
Internet Group Management Protocol (IGMP) snooping
QoS marking
Correct!
Time to Live (TTL) decrementing

Correct!
rewrite of the source and destination MAC addresses
Question 11
1 / 1 pts
What is true about TCAM lookups that are associated with CEF switching?
TCAM includes only Layer 3 lookup information.

Correct!
A single TCAM lookup provides Layer 2, Layer 3, and ACL information.
TCAM lookup tables are used only for the Layer 3 forwarding operation.
TCAM lookup tables are used only for the rapid processing of ACLs within CEF.
Question 12
1 / 1 pts
Why does extending layer 3 switching to the access layer improve scalability?
VLANs are extended into the distribution layer.

Correct!
VLANs are terminated on the access layer devices.
The access and distribution layers would not participate in the routing scheme.
Layer 3 switching in the access layer is a cheaper implementation option.
Question 13
1 / 1 pts
Which family of Cisco switches is specifically designed for data centers?
Catalyst 6500
Catalyst 2000
Correct!
Nexus 7000
Catalyst 4500
Question 14
0 / 1 pts
A network designer must provide a rationale to a customer for a design that will move an
enterprise from a flat network topology to a hierarchical network topology. Which two
features of the hierarchical design make it the better choice? (Choose two.)
You Answered
reduced cost BAD

Correct!
Scalability Correct
less equipment required

Correct Answer
segmentation of broadcast domains Correct Answer
lower bandwidth requirements
Question 15
1 / 1 pts
What is the suggested solution for routing when Layer 3 routing is extended to the
access layer?
run an IGP at the access, distribution and core layers

Correct!
run an IGP between the distribution and core layers and use static default routes at the
access layer
use static rotue from the access to the distribution layer, use default static routes from
the distribtuion to the core layer and use IGP amongst core layer devices
run an IGP between distribution and core layers and rely on proxy ARP between the
access and distribution layers
Question 16
1 / 1 pts
What type of specialized memory is used to facilitate high performance switching in Cisco
multilayer switches?
content-addressable memory (CAM)

Correct!
ternary content addressable memory (TCAM)
address resolution protocol (ARP) memory
Cisco Express Forwarding (CEF) memory
Question 17
1 / 1 pts
What are two responsibilities of devices that are located at the core layer of the
hierarchical design model? (Choose two.)
access list filtering
packet manipulation
Correct!
high-speed backbone switching

Correct!
interconnection of distribution layer devices
redundancy between the core devices only
Question 18
1 / 1 pts
At what layer of the hierarchical model are MAC-based security controls implemented?
Correct!
access layer
distribution layer
collapsed core layer
core layer
Question 19
1 / 1 pts
At what layer of the hierarchical design model would redistribution and
summarization occur?
core layer
backbone layer
access layer
Correct!
distribution layer
Question 20
1 / 1 pts
Which portion of the enterprise network provides access to network communication
services for the end users and devices that are spread over a single geographic location?
enterprise edge
Correct!
campus module
WAN module
Internet edge
data center
Chapter 3 Exam Switch V.7

Question 1
1 / 1 pts
Refer to the exhibit. Which two statements are true about the switch CAT2? (Choose two.)
Eleven VLANs were manually configured on the switch.

Correct!
Six VLANs were either manually configured on the switch or learned via VTP.
Interfaces Fa0/13 and Fa0/14 are in VLAN 1.
Interfaces Fa0/13 and Fa0/14 are in an unspecified VLAN.
VLAN 100 is in dynamic desirable mode.

Correct!
VLAN 100 has no active access ports.
Question 2
1 / 1 pts
Refer to the exhibit. Switch1 and Switch2 are unable to establish an operational trunk
connection. What is the problem between the connection on Switch1 and Switch2?
encapsulation mismatch
switchport mode mismatch
MTU mismatch
VTP mismatch
DTP mismatch
Correct!
native VLAN mismatch
Question 3
1 / 1 pts
Which three effects does the interface command switchport host have when entered
on a switch? (Choose three.)
Correct!
sets the switch port mode to access
enables BPDU guard

Correct!
enables spanning tree PortFast
enables root guard

Correct!
disables channel grouping
enables BPDU filtering
Question 4
1 / 1 pts
When configuring an EtherChannel, given that one end of the link is configured with PAgP
mode desirable, which PAgP modes can be configured on the opposite end of the link in
order to form an active channel? (Choose two.)
off
on
Correct!
desirable
Correct!
auto
Question 5
1 / 1 pts
What is a best practice for VLAN design?
Correct!
Local VLANs should not extend beyond the distribution layer.
Place unused access ports in trunk mode and in a specific VLAN.
No more than three VLANs should be trunked to core layer switches.
VLANs should be designed in a hierarchical fashion with access VLANs at the access layer
and local server VLANs at the core layer.
Question 6
1 / 1 pts
Refer to the exhibit. Given the configuration information of the CAT1 and CAT2 switches,
which statement is true?
Correct!
LACP will form a channel between the switches.
Because the port-channel numbers do not match, LACP will not form a channel between
the switches.
Because the channel-group commands on SW2 should be set to "on," LACP will not
form a channel between the switches.
LACP will form a 200-Mb/s channel between the switches.
Question 7
1 / 1 pts
Refer to the exhibit. Which option correctly describes the function of a switch that is
configured in VTP transparent mode?
option 1
option 2
option 3
Correct!
option 4
option 5
Question 8
1 / 1 pts
Refer to the exhibit. Given that no VLANs have been deleted, what can be concluded
about interface Fa0/7?
It is not configured.
It is shutdown.
It has the default administrative mode.

Correct!
It is a trunk port.
Question 9
1 / 1 pts
Refer to the exhibit. Both SW1 and SW2 are configured with the PAgP desirable mode.
Which statement is true?
Both switches will initiate channeling negotiation and will not be able to form a channel.
Correct!
Both switches will initiate channeling negotiation and will form a channel between them.
Neither switch will initiate channeling negotiation and will not be able to form a channel
between them.
Neither switch will initiate channeling negotiation but will form a channel between them.
Question 10
1 / 1 pts
Refer to the exhibit. All switches in the VTP domain are new switches. Which switch or
switches will receive and maintain the list for all VLANs that are configured on the VTP
server?
SW2
Correct!
SW4
SW3 and SW4
SW2, SW3, and SW4
Question 11
1 / 1 pts
Which two items are benefits of implementing local VLANs within the Enterprise
Architecture? (Choose two.)
A single VLAN can extend further than its associated distribution-layer switch.
Correct!
Failures at Layer 2 are isolated to a small subset of users.
High availability is made possible because local VLAN traffic on access switches can now
be passed directly to the core switches across an alternate Layer 3 path.
Layer 3 routing between VLANs can now be applied at the access layer.
Correct!
Local VLANs are limited to the access and distribution layer.
Question 12
1 / 1 pts
In the context of the Enterprise Composite Architecture, which statement is true about
best-practice design of local VLANs?
Local VLAN is a feature that has only local significance to the switch.
Correct!
Local VLANs do not extend beyond the building distribution layer.
Local VLANs should be created based upon the job function of the end user.
Local VLANs should be advertised to all switches in the network.
Question 13
1 / 1 pts
Which two VTP parameters must be identical on all switches in the network in order to
participate in the same VTP domain? (Choose two.)
Correct!
VTP domain name
VTP revision number

Correct!
VTP domain password
VTP server mode
VTP client mode
VTP transparent mode
Question 14
1 / 1 pts
Refer to the exhibit. What statement is true about the switch port?
Correct!
The port is not in trunking mode.
The port connects to a VoIP phone that has a PC attached.
The port can carry data from multiple VLANs if pruning is disabled.
The port will be disabled if the current device is unplugged and a second device is
attached.
The port has manually been placed into trunking mode and is using the 802.1Q trunking
protocol.
Question 15
1 / 1 pts
Refer to the exhibit. What would be the result if a new switch with a default configuration
is inserted in the existing VTP domain Lab_Network?
The switch will operate as a VTP client.
The switch will operate in a VTP transparent mode.
The switch will operate as a VTP server and will delete the existing VLAN configuration in
the domain.
Correct!
The switch will operate as a VTP server but will not impact the existing VLAN
configuration in the domain.
Question 16
0 / 1 pts
Refer to the exhibit. What will happen when switch SW2 is added to the network?
Switch SW2 will change the VTP domain name to LAB1.
Switch SW2 will automatically change to VTP server mode.
Switch SW2 will delete all existing VLANs and introduce new VLANs in the VTP domain.
Correct Answer
Switch SW2 will drop all VTP advertisements and will not propagate them
through the VTP domain.--> Correct Answer
You Answered
Switch SW2 will include its own VLANs in the total number of VLANs configured in the VTP
domain.--> Bad
Question 17
1 / 1 pts
Which two statements are true about the 802.1Q trunking protocol? (Choose two.)
Correct!
Untagged frames will be placed in the configured native VLAN of a port.
It is a proprietary protocol that is supported on Cisco switches only.
Private VLAN configurations are not supported.

Correct!
The native VLAN interface configurations must match at both ends of the link or frames
could be dropped.
Question 18
1 / 1 pts
Refer to the exhibit. Switch SW2 was tested in a lab environment and later inserted into
the production network. Before the trunk link was connected between SW1 and SW2, the
network administrator issued the show vtp status command as displayed in the exhibit.
Immediately after the switches were interconnected, all users lost connectivity to the
network. What could be a possible reason for the problem?
Switch SW2 is in the wrong VTP operating mode.
The SW2 port G0/1 is in access mode by mistake.
Switch SW2 has the pruning eligible parameter enabled, which causes pruning of all
VLANs.
Correct!
Switch SW2 has a higher VTP revision number, which causes deletion of the VLAN
information in the VTP domain.
Question 19
1 / 1 pts
Refer to the exhibit. How should SW2 be configured in order to participate in the same
VTP domain and populate the VLAN information across the domain?
Switch SW2 should be configured as a VTP client.
Switch SW2 should be configured for VTP version 1.
Switch SW2 should be configured with no VTP domain password.

Correct!
Switch SW2 should be configured as a VTP server with a higher revision number.
Question 20
1 / 1 pts
What are three characteristics of a VLAN access port? (Choose three.)
Correct!
A switch port can become an access port through static or dynamic configuration.
Correct!
An access port is associated with a single VLAN.
An access port should have the 802.1q encapsulation associated with it.
An access port created with the switchport mode access command will send DTP
frames by default.
Correct!
An access port is created with the switchport mode access command and then
associated with a VLAN with the switchport access vlan command.
The VLAN that the access port is assigned to will be automatically deleted if it does not
exist in the VLAN database of the switch.
Chapter 4 Exam
Question 1
1 / 1 pts
Refer to the exhibit. What implementation of spanning tree best describes the spanningtree operational mode of the switch?
Correct!
IEEE 802.1D
IEEE 802.w
IEEE 802.1s
PVRST+
Question 2
1 / 1 pts
Which STP timer defines the length of time spent in the listening and learning states?
hello time
forward aging
Correct!
forward delay
max age
max delay
Question 3
1 / 1 pts
Users complain that they lost connectivity to all resources in the network. A network
administrator suspects the presence of a bridging loop as a root cause of the problem.
Which two actions will determine the existence of the bridging loop? (Choose two.)
Confirm MAC port security is enabled on all access switches.

Correct!
Check the port utilization on devices and look for abnormal values.
Verify that the management VLAN is properly configured on all root bridges.
Correct!
Capture the traffic on the saturated link and verify if duplicate packets are seen.
Ensure that the root guard and loop guard are properly configured on all distribution
links.
Question 4
1 / 1 pts
Which two statements are true about STP root guard? (Choose two.)
Correct!
Root guard is enabled on a per-port basis.
Root guard requires that PortFast be enabled on a switch port.

Correct!
Root guard re-enables a switch port once it stops receiving superior BPDUs.
Root guard should be configured on all ports on the desired root bridge to prevent
another bridge from becoming the root.
If a root guard enabled port receives a inferior BPDU from a nonroot switch, the port
transitions to the blocking state to prevent a root bridge election.
Question 5
1 / 1 pts
What effect does the global configuration command spanning-tree portfast
bpdufilter default have when enabled on an access switch?
All PortFast enabled ports become designated ports.
All PortFast enabled ports start participating in the spanning-tree calculations.
All switch ports start filtering the superior BPDUs coming from other switches and the
access switch becomes a root bridge.
Correct!
All PortFast enabled ports stop sending BPDUs, but if a BPDU is received on the port, the
port gets out of the PortFast state, thereby disabling the BPDU filtering.
Question 6
1 / 1 pts
Refer to the exhibit. Switch SW1 is receiving traffic from SW2. However, SW2 is not
receiving traffic from SW1. Which STP feature should be implemented to prevent
inadvertent loops in the network?
Correct!
UDLD
PortFast
BPDU guard
BPDU filtering
Question 7
1 / 1 pts
Refer to the exhibit. After the sequence of commands is entered, how many VLANs will be
assigned to the default instance?
4094
4064
4062
Correct!
4061
If you add up the VLANs on instance 0, there are 4061.
Question 8
1 / 1 pts
Refer to the exhibit. The configuration on the switch was changed between Output #1
and Output #2. What was done on the switch?
The command no spanning-tree uplinkfast was issued in global configuration mode.
The command no spanning-tree backbonefast was issued in global configuration

mode.
The command spanning-tree etherchannel guard misconfig was issued in global

configuration mode.
The command spanning-tree etherchannel guard misconfig was issued in interface

configuration mode.
Correct!
The command spanning-tree portfast bpduguard default was issued in global

configuration mode.
The command spanning-tree portfast bpduguard default was issued in interface

configuration mode.
Question 9
1 / 1 pts
Assuming that all switches in a network have the default bridge priority for each MST
instance, what effect does the command spanning-tree mst 10 root primary have
when entered on a single switch?
sets the bridge priority on the switch to 24586 for MST instance 10
Correct!
4096 x 6 = 24576, so the concerns of the reviewer are met.
Question 10
1 / 1 pts
What will happen when a BPDU is received on a loop guard port that is in a loopinconsistent state?
The port will transition to blocking state.
The port will transition to forwarding state automatically.
The port will be disabled and the administrator must re-enable it manually.
Correct!
The port will transition to the appropriate state as determined by the normal function of
the spanning tree.
Question 11
1 / 1 pts
Which protocol extends the IEEE 802.1w Rapid Spanning Tree (RST) algorithm to multiple
spanning trees?
STP
RSTP+
CST
Correct!
MST
Question 12
1 / 1 pts
What three fields are included in a BPDU? (Choose three.)
Correct!
bridge ID
STP ID
Correct!
port ID
link-state ID
Correct!
cost of path
Question 13
1 / 1 pts
Refer to the exhibit. What conclusion does the output support?
PortFast is enabled on interface Fa0/6.
IEEE 802.1w is enabled on VLAN 1.
The forward delay timer has been changed from the default value.
Correct!
Standard IEEE 802.1D behavior is shown.

Question 14
1 / 1 pts
Refer to the exhibit. What two conclusions does the output show to be true? (Choose
two.)
Correct!
DLS1 is running IEEE 802.1s on instance 1.
DLS1 is running IEEE 802.1D on instance 1.

Correct!
DLS1 is the root bridge for instance 1.
Interface Fa0/12 will move into the errdisable state if a BPDU is received.
Interfaces Fa0/1 through Fa0/6 are trunk ports.

Change option 1 to address comments.
Question 15
1 / 1 pts
What happens when a switch running IEEE 802.1D receives a topology change message
from the root bridge?
Correct!
The switch uses the forward delay timer to age out entries in the MAC address table.
The switch uses the max-age timer to age out entries in the MAC address table.
The switch uses the hello to age out entries in the MAC address table.
The switch uses the forward delay and the max-age timer to age out entries in the MAC
address table.
Question 16
1 / 1 pts
Which statement is true about the Spanning Tree Protocol (STP)?
Each switch determines a designated port that provides the best path to the root switch.
Correct!
The designated port will be on the switch with the best path to the root switch.
With each network change, the STP algorithm is run on all switches that have a root port.
A topology change will cause the switch where the change occurred to send messages
about the change throughout the tree.
Question 17
1 / 1 pts
Which interfaces should loop guard be enabled on?
root ports
designated ports
Correct!
root port and alternate ports
ports configured with PortFast
root port and ports configured with PortFast

Question 18
1 / 1 pts
Which three parameters should match all switches within an MST region? (Choose three.)
port costs on trunk ports

Correct!
configuration name
Correct!
revision number
trunk encapsulation method
bridge priority
Correct!
VLAN-to-instance mappings
Question 19
1 / 1 pts
Which protocol should an administrator recommend to manage bridged links when the
customer requires a fully redundant network that can utilize load balancing technologies
and reconverge on link failures in less than a second?
IEEE 802.1Q (CST)

Correct!
IEEE 802.1s (MST)
Cisco PVST+
IEEE 802.1D(STP)
Question 20
1 / 1 pts
Which two statements are true about the RSTP negotiations between switches? (Choose
two.)
UplinkFast must be configured on all designated switches.
BackboneFast must be configured on all root switches.

Correct!
Switches must be connected by a point-to-point link.
All ports that are directly connected to end stations must be enabled as designated ports.
Correct!
It greatly improves the restoration times for any VLAN that requires a topology
convergence due to link up.
Chapter 5 Exam
Question 1
1 / 1 pts
Refer to the exhibit. Based on the debug ip dhcp server packet output, which
statement is true?
The client sends a DHCPDISCOVER that contains IP address 10.1.10.21 to the DHCP
server.
The client sends a DHCPREQUEST that contains IP address 10.1.10.21 to the DHCP
server.
The client sends the BOOTREPLY broadcast message to inquire for a new IP address.
Correct!
The client accepts the offer from the DHCP server for the 10.1.10.21 IP address.
Question 2
1 / 1 pts
Refer to the exhibit. Host A is unable to obtain an IP address from the DHCP server. Which
procedure would solve this problem?
Use the command ip helper-address 10.1.2.1 on interface Fa0/0 of router RTA.

Correct!
Use the command ip forward-protocol 67 on interface Fa0/0 of router RTA.

Question 3
1 / 1 pts
Refer to the exhibit and the partial configuration taken on routers RTA and RTB. All users
can ping their gateways, but users on VLAN 5 and VLAN 10 cannot communicate with the
users on VLAN 20. What should be done to solve the problem?
Correct!
A dynamic routing protocol or static routes should be configured on the routers.
A trunk should be configured between routers RTA and RTB.
RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces, each
with ISL encapsulation.
RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces, each
with 802.1Q encapsulation.
Question 4
1 / 1 pts
Refer to the exhibit. What additional configuration is required for host A to receive IP
configuration from the DHCP server?
The ip address dhcp command is required on interface Fa0/0.
The ip dhcp information option command is required on interface Fa0/1.

Correct!
The ip helper-address 10.1.2.10 command is required on interface Fa0/0.
The ip forward-protocol 37 global configuration command is required to forward DNS

requests to IP address 10.1.2.10.
The ip forward-protocol 67 global configuration command is required to forward DHCP

The ip forward-protocol 69 global configuration command is required to forward TFTP

Question 5
1 / 1 pts
Refer to the exhibit and the partial configuration taken on router RTA. Users on VLAN 5
cannot communicate with the users on VLAN 10. What should be done to fix the
problem?
A dynamic routing protocol should be configured on the router.
Two static routes should be configured on the router, each pointing to each subnet.
The Fa0/0 interface should be configured with a primary IP address of 10.10.5.1/24 and a
secondary IP address of 10.10.10.1/24.
Correct!
The subinterfaces of the router should be configured with 802.1Q encapsulation.
Question 6
1 / 1 pts
What is an advantage to using a trunk link to connect a switch to an external router that
is providing inter-VLAN routing?
Correct!
works with any switch that supports VLANs and trunking
lowers latency
provides redundancy to the VLANs
reduces CPU overhead
Question 7
0 / 1 pts
Refer to the exhibit. A network administrator attempts to ping the IP address 172.16.20.1
from RouterA. What will the router output be?
You Answered
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:

!!!!!
Correct Answer
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: Correct

Answer
.....

U.U.U
%Unrecognized host or address, or protocol not running
%Source quench: destination or port unreachable
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to

down
Question 8
0 / 1 pts
Refer to the exhibit. A network administrator attempts to ping the IP address 172.16.20.1
from RouterA. What will the router output be?

!!!!!
Correct Answer
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: Correct

Answer
.....

U.U.U
%network or host unreachable, TTL exceeded

You Answered
%Unrecognized host or address, or protocol not running
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/13, changed state to

down
Question 9
1 / 1 pts
Which two statements are true about routed ports on a multilayer switch? (Choose two.)
A routed port behaves like a regular router interface and supports VLAN subinterfaces.
A routed port is a physical switch port with Layer 2 capability.

Correct!
A routed port is not associated with a particular VLAN.

Correct!
To create a routed port requires removal of Layer 2 port functionality with the no
switchport interface configuration command.
The interface vlan global configuration command is used to create a routed port.
Question 10
1 / 1 pts
Refer to the exhibit. The router has been properly configured for the trunking interface.
Which statement is true about the routing table on the router?
It will show a next hop address of the switch for both VLANs.
It will show one trunking route to 10.0.0.0/8.

Correct!
It should contain routes to the 10.10.10.0/24 and the 10.10.11.0/24 networks.
Because the switch is not configured properly to trunk VLAN 1 and VLAN 2, the routing
table of the router will not show routes to either VLAN .
Because the switch port fa0/1 is in access mode, the routing table of the router will not
show any routes.
Question 11
1 / 1 pts
Refer to the exhibit. Which statement is true regarding the diagram and show ip
route command output?
Because no routing protocol has been configured, the router will not forward packets
between workstations.
The default gateway for hosts on VLAN 10 should be the Fa0/0 IP address of the router.
Correct!
The default gateway for hosts on VLAN 10 should be the Fa0/0.1 IP address of the router.
The default gateway for hosts on VLAN 10 should be the Fa0/0.2 IP address of the router.
Because their packets are being trunked, hosts on VLAN 10 do not need a default
gateway.
Question 12
1 / 1 pts
A client sends a request for an IP address to a DHCP server. Which DHCP message to the
client will provide the configuration parameters that include an IP address, a domain
name, and a lease for the IP address?
DHCPDISCOVER
Correct!
DHCPOFFER
DHCPREQUEST
DHCPACK
Question 13
1 / 1 pts
Which statement describes what occurs when a DHCP request is forwarded through a
router that has been configured with the ip helper-address command?
The router replaces the source MAC address included in the DHCP request with its own
MAC address.
The router replaces the source IP address of the DHCP request with the IP address that is
specified with the ip helper-address command.
Correct!
The router replaces the broadcast destination IP address of the DHCP request with the
unicast IP address that is specified with the ip helper-address command.
The router replaces the unicast destination IP address of the DHCP request with the
unicast IP address that is specified with the ip helper-address command.
Question 14
1 / 1 pts
Which three statements about a routed port are true? (Choose three.)
A routed switch port is a physical device that is associated with several VLANs.
Correct!
A routed switch port is created by configuring a Layer 2 port with the no

switchportinterface configuration command and assigning an IP address.
A routed switch port is created by entering VLAN interface configuration mode and
assigning an IP address.
A routed switch port is a virtual Layer 3 interface that can be configured for any VLAN
that exists on a Layer 3 switch.
Correct!
A routed switch port provides an interface that may provide a Layer 3 connection to a
next-hop router.
Correct!
A routed switch port can serve as a default gateway for devices.
Question 15
0 / 1 pts
Refer to the exhibit. Which configuration should be applied on router R1 in order for host
1 to receive its IP configuration from the DHCP server?
ip helper-address 10.1.1.2 applied to the Fa0/0 interface

You Answered

Correct Answer
ip helper-address 10.1.1.1 applied to the Fa0/1 interface- Correct Answer

Question 16
1 / 1 pts
A DHCPREQUEST message has been sent from the client to the DHCP server. What
information is included in the message?
initial message to locate a DHCP server

Correct!
formal request for the offered IP address
confirmation that the IP address has been allocated to the client
denial message to reject the first offer from the DHCP server
UnansweredQuestion 17
0 / 1 pts
Which message will be sent back to the client by the DHCP server to confirm that the IP
address has been allocated to the client?
DHCPDISCOVER unicast
DHCPDISCOVER broadcast
DHCPOFFER unicast
DHCPOFFER broadcast
DHCPREQUEST unicast
DHCPREQUEST broadcast
Correct Answer
DHCPACK unicast Correct Answer
Question 18
1 / 1 pts
Which two statements are true about switched virtual interfaces (SVI) on a multilayer
switch? (Choose two.)
An SVI behaves like a regular router interface but does not support VLAN subinterfaces.
An SVI is a physical switch port with Layer 3 capability.

Correct!
By default, an SVI is created for the default VLAN (VLAN1).
Correct!
Only one SVI can be associated with a VLAN.
To create an SVI requires removal of Layer 2 port functionality with the no

switchportinterface configuration command.
Question 19
1 / 1 pts
A client computer is set up for DHCP and needs an IP configuration. During the DHCP
client configuration process, which response will enable the client to begin using the
assigned address immediately?
Correct!
DHCPACK
DHCPREQUEST
DHCPOFFER
DHCPDISCOVER
UnansweredQuestion 20
0 / 1 pts
How is the Layer 2 functionality restored to a port configured for Layer 3 operation?
switchport access vlan
switchport mode access
no switchport
Correct Answer
Switchport Correct Answer
Chapter 6 Exam
Question 1
1 / 1 pts
What are two characteristics of Gateway Load Balancing Protocol (GLBP) operation?
(Choose two.)
GLBP will attempt to balance traffic on a per-router basis by the use of the round-robin
algorithm.
Correct!
GLBP will attempt to balance traffic on a per-host basis by the use of the round-robin
algorithm.
Correct!
The active virtual forwarder (AVF) is assigned a virtual MAC address and forwards packets
sent to that MAC address.
The active virtual gateway (AVG) is the backup for the AVF.
GLBP members communicate with each other through hello messages sent every 3
seconds to the multicast address 224.0.0.104.
Question 2
1 / 1 pts
Which two statements about VRRP are true? (Choose two.)
VRRP does not support preemption.
VRRP cannot track interfaces or objects.

Correct!
A VRRP group has one master router and one or more backup routers.
The virtual IP address for the VRRP group must be different from active and standby IP
addresses.
Correct!
VRRP provides redundancy for the IP address of a router or for a virtual IP address shared
among the VRRP group members.
Question 3
1 / 1 pts
What are two functions of the standby router in an HSRP group? (Choose two.)
Correct!
to monitor the operational status of the HSRP group
to physically forward packets that are sent to the MAC address of the virtual router
to reply with the virtual router MAC address in the event an ARP request is received
Correct!
to quickly assume packet-forwarding responsibility if the active router becomes

inoperable
to contend for the active router role with all other routers in the group in the event the
active fails
Question 4
1 / 1 pts
Which of the following GLBP load-balancing options is configured if the host is guaranteed
the use of the same virtual MAC address?
Correct!
host-dependent
round-robin
weighted load-balancing
none
Question 5
1 / 1 pts
Refer to the exhibit. Switch DSw1 is the active virtual gateway (AVG) and DSw2 is an
active virtual forwarder (AVF). Based on this information, which two GLBP statements are
true? (Choose two.)
GLBP is a Cisco proprietary protocol and is supported on all Cisco Catalyst and Cisco
router platforms.
None of the switches have had their priority configured.
Switch DSw1 assigns the virtual IP addresses to switch DSw2.

Correct!
Switch DSw2 has been configured with the glbp 1 priority 95 command.
Correct!
Two more multilayer switches could join this group.
When host A sends an ARP message for the gateway IP address, switch DSw1 returns the
physical MAC address of switch DSw2.
Question 6
1 / 1 pts
Refer to the exhibit. What action does the command standby 1 track Serial0/0/0 on
router R1 perform?
It links the default gateway virtual address 192.168.21.10 to the IP address 192.168.31.1
on interface Serial0/0/0.
It links the default gateway virtual address 192.168.21.10 to the IP address 192.168.42.2
on interface Serial0/0/0.
It tracks the state of the Fa0/0 interface on R1 and brings down the priority of standby
group 1 if the interface goes down.
Correct!
It tracks the state of the Serial0/0/0 interface on R1 and brings down the priority of
standby group 1 if the interface goes down.
Question 7
1 / 1 pts
Which one of the following GLBP functions answers ARP requests?
AVF
Correct!
AVG
Active
MVP
Question 8
1 / 1 pts
Refer to the exhibit. Which statement is true about best practice and the exhibited
network design?
Correct!
The Layer 2 VLAN number should be mapped to the Layer 3 subnet for ease of use and
management.
The HSRP active router for VLAN 55 and VLAN 60 should be the same switch.
A Layer 2 access port should be placed between the access switches.
The uplink between the access switches and the distribution switches should be trunk
links.
Question 9
1 / 1 pts
Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose
two.)
A router in the speak state sends periodic hello messages to all routers in the group to
acquire a virtual IP address.
Correct!
A router in the speak state sends periodic hello messages and actively participates in the
election of the active or standby router.
A router in the standby state forwards packets that are sent to the group virtual MAC
address.
Correct!
The router in the standby state is a candidate to become the next active router.
The router that is not the standby or active router will remain in the speak state.
Question 10
1 / 1 pts
Two routers are configured for an HSRP group. One router uses the default HSRP priority.
What priority should be assigned to the other router to make it more likely to be the
active router?
100
Correct!
200
500
Question 11
1 / 1 pts
Refer to the exhibit. What statement is true about the output of the show
standby command?
The current priority of this router is 120.

Correct!
The router is currently forwarding packets.
This router is tracking two properly operating interfaces.
This router is in the HSRP down state because its tracked interfaces are down.
Question 12
1 / 1 pts
Refer to the exhibit. Router RTA has been configured as the active HSRP router. Router
RTB is to be the standby HSRP router. However, once the indicated configuration was
applied to router RTB, the console began to display the message %HSRP-4-DIFFVIP1.
What is the cause of the message?
The command standby preempt should only be applied on the active router.
The subnet mask is missing from the standby 50 ip 10.1.1.10 command.
The group number is not the same as the active router.

Correct!
The virtual IP address is not the same as the active router.
The ports on the switch must be configured with the spanning-tree PortFast feature.
Question 13
1 / 1 pts
Which statement is true about the gateway redundancy protocols ?
GLBP allows multiple routers to participate in a virtual router group that is configured
with a virtual IP address. One member is elected to be the active router for the group and
the other routers are passive until the active router fails.
Correct!
By making use of a single virtual IP address and multiple virtual MAC addresses, GLBP
provides load balancing over multiple routers (gateways) . All routers in the virtual router
group participate in forwarding packets.
By making use of a single virtual IP address and multiple virtual MAC addresses, HSRP
provides load balancing over multiple routers (gateways). All routers in the virtual router
By making use of a single virtual IP address and multiple virtual MAC addresses, VRRP
provides load balancing over multiple routers (gateways). All routers in the virtual router
Question 14
1 / 1 pts
Which statement is true about Virtual Router Redundancy Protocol (VRRP)?
The priority value of 255 means the router is ineligible to become the master router for
the VRRP group.
The priority value of 255 means the router has stopped participating in the VRRP group.
Correct!
The priority value of 0 means the router has stopped participating in the VRRP group.
The priority value of 0 means the router is ineligible to become the master router for the
VRRP group.
Question 15
1 / 1 pts
Refer to the exhibit. Based on the provided configuration, which routers are the master
and the backup virtual routers for the hosts that are connected to the VRRP group 1?
Router R1 is the master for all hosts, and router R2 is the backup for all hosts in the
group.
Correct!
Router R1 is the master for Host1 and Host2. Router R2 is the master for Host3 and
Host4.
Router R1 is the master for Host3 and Host4. Router R2 is the backup for Host3 and
Host4.
Because of incorrect configuration of the default gateway on the hosts, none of the
routers is the master for the VRRP group.
Quiz Score:
15 out of 15
Chapter 7 Exam
Question 1
1 / 1 pts
Match the term with the correct definition.
Correct!
Authentication
Prevents unauthorized clients from connecting to a LAN through sw itch ports
Correct!
Authorization
Allow s for the control of the level of access that users have
Correct!
Accounting
Allow s for the collection of information concerning user activity
Other Incorrect Match Options:
Process of a identifying a user before the user is allowed to access a protected

resource
Question 2
1 / 1 pts
What is the command to configure a device to be an authoritative NTP server?
ntp server 172.16.1.1

Correct!
ntp master
ntp peer 172.16.1.1
ntp synchronize 172.16.1.1
Question 3
1 / 1 pts
Refer to the exhibit. Network policy dictates that security functions should be
administered using AAA. Which configuration would create a default login authentication
list that uses RADIUS as the first authentication method, the enable password as the
second method, and the local database as the final method?
SW-1(config)# aaa new-model

SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius local

SW-1(config)# aaa authentication default group-radius enable local
Correct!

SW-1(config)# aaa authentication login default group radius enable local

SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius enable local none

SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group-radius enable local none
Question 4
1 / 1 pts
Which SNMP message is sent from the manager?
get response
inform request
Correct!
set request
trap
Question 5
1 / 1 pts
Which SNMP version provides authentication and encryption for transmission of critical
data between managed devices?
SNMPV2
SNMPv3noAuthnoPriv
Correct!
SNMPv3authPriv
SNMPv3 authNoPriv
Question 6
1 / 1 pts
What are three advantages of implementing the AAA framework model in a network?
(Choose three.)
Offers automatic failover solutions for gateway redundancy

Correct!
Standardized authentication methods
Faster convergence
Username and passwords are stored in a local database for scalability.

Correct!
Increased flexibility and control of access configuration

Correct!
Multiple backup systems
Question 7
1 / 1 pts
Which three are characteristics of the SNTP protocol? (Choose three.)
Provides a secure means for NTP transmissions.

Correct!
SNTP and NTP cannot coexist on the same device because they use the same port
number.
Correct!
SNTP is a simplified, client-only version of the NTP.

Correct!
SNTP cannot be used to provide times services to other services.
SNTP provides complex filtering.
SNTP can be used to provide time services to other systems.
Question 8
1 / 1 pts
Refer to the exhibit. Given the configuration on the ALSwitch, what is the end result?
forces all hosts that are attached to a port to authenticate before being allowed access to
the network
Correct!
disables 802.1x port-based authentication and causes the port to allow normal traffic
without authenticating the client
enables 802.1x authentication on the port
globally disables 802.1x authentication
Question 9
1 / 1 pts
Which statement is true about 802.1x port-based authentication?
Authentication can only be initiated by the host.
Authentication can only be initiated by the switch.

Correct!
Authentication can be initiated by either the switch or the host.
If the host does not receive a response to a start frame, it goes into the shutdown mode.
When a host comes up that is attached to a switch port, the authentication server
queries the host for 802.1x authentication information.
Question 10
1 / 1 pts
What SNMP attribute provides the best security?
authNoPriv
Correct!
authPriv
community string
noAuthNoPriv
SNMPv2
Question 11
1 / 1 pts
Which three commands are necessary to configure NTP authentication between devices?
(Choose three.)
Correct!
ntp authenticate
Correct!
ntp authentication-key 1 md5

Correct!
ntp trusted-key 1
ntp authentication
ntp trusted-key authentication 1
ntp md5 authentication-key 1
Question 12
1 / 1 pts
Refer to the exhibit. A switch is being configured to support AAA authentication on the
console connection. Given the information in the exhibit, which three statements are
correct? (Choose three.)
The authentication login admin line console command is required.

Correct!
The login authentication admin line console command is required.
The configuration creates an authentication list that uses a named access list called
group as the first authentication method, a TACACS+ server as the second method, the
local username database as the third method, the enable password as the fourth method,
and none as the last method.
Correct!
The configuration creates an authentication list that uses a TACACS+ server as the first
authentication method, the local username database as the second method, the enable
password as the third method, and none as the last method.
Correct!
The none keyword enables any user logging in to successfully authenticate if all other
methods return an error.
The none keyword specifies that a user cannot log in if all other methods have failed.
Question 13
1 / 1 pts
Which two statements are true about NTP? (Choose two.)
Correct!
Stratum 1 devices have directly attached radio or atomic clock.
Network devices will always synchronize with NTP server with the highest stratum
number.
Higher stratum number always indicates greater quality and reliability.

Correct!
Stratum number represents the distance from a reference clock.
Stratum numbers are directly related to the routing metric.
Question 14
1 / 1 pts
In a AAA architecture, what is the name of the role given to the client running 802.1x
software?
AAA peer
authenticator
authentication server
Correct!
supplicant
Question 15
1 / 1 pts
Refer to the exhibit. Which feature does a SNMP manager need in order to set a
parameter on switch ACSW1?
a manager using an SNMP string of K44p0ut
a manager using host 172.16.128.50

Correct!
a manager using SNMPv1, 2, or 2c
a manager using authPriv
Quiz Score:
15 out of 15
Chapter 8 Exam
Question 1
1 / 1 pts
Which statement is true about UDLD?
It is automatically enabled.
It allows devices to transmit traffic one way.
It will disable an EtherChannel bundle if one link has failed.

Correct!
It allows a switch to detect a unidirectional link and shut down the affected interface.
Question 2
1 / 1 pts
Refer to the exhibit. Which statement is true about the VSPAN configuration on switch
SW1?
The VSPAN session that is configured on port Fa3/4 can monitor only the ingress traffic for
any of the VLANs.
The VSPAN session that is configured on port Fa3/4 can monitor only the egress traffic for
any of the VLANs.
Port Fa3/4 must be associated with VLAN 10 or VLAN 20 in order to monitor the traffic for
any of the VLANs.
Correct!
The VSPAN session transmits a copy of the ingress traffic for VLAN 10 and the egress
traffic for VLAN 20 out interface Fa3/4.
Question 3
1 / 1 pts
Refer to the exhibit. Which statement is true about the local SPAN configuration on switch
SW1?
Correct!
The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is
monitored on port Fa3/1.
monitored on port Fa3/1, but only if port Fa3/1 is configured in VLAN 10.
monitored on port Fa3/1, but only if port Fa3/1 is configured as trunk.
The SPAN session transmits to a device on port Fa3/21 only a copy of unicast traffic that
is monitored on port Fa3/1. All multicast and BPDU frames will be excluded from the
monitoring process.
Question 4
1 / 1 pts
Refer to the exhibit. A network technician is trying to resolve an execution problem with
an IP SLA. What is the problem?
The IP SLA must be set up in conjunction with an ICMP echo reply.
IP SLAs are not supported on switch platforms.

Correct!
The IP SLA test has not been scheduled to run.
ICMP-ECHO tests must have frequency schedules of less than 10 seconds.
Question 5
1 / 1 pts
What are the two modes of UDLD operation? (Choose two.)
full
Correct!
normal
bidirectional
Correct!
aggressive
active
Question 6
1 / 1 pts
What is the command to view the SDM template settings?
show sdm current
show sdm template
show platform tcam utilization

Correct!
show sdm prefer
Question 7
1 / 1 pts
What is a requirement for configuring an IP SLA to measure network performance?
The frequency of the SLA test must be configured.

Correct!
The required SLA operation type must be configured.
At least one IP SLA responder and one IP SLA monitor must be configured.
The communication protocol that is used for SLA communications must be configured.
Question 8
1 / 1 pts
What are three characteristics of LLDP? (Choose three.)
LLDP helps to detect spanning-tree failures.

Correct!
LLDP supports enabling or disabling either transmitting or receiving capabilities per port
LLDP helps to detect unidirectional link activity.
LLDP is a Cisco Proprietary protocol.

Correct!
LLDP allows network management applications to automatically discover and learn about
network devices.
LLDP operates in one of two modes: aggressive or normal.

Correct!
To view LLDP neighbors, the show lldp neighbors command is used.
Question 9
1 / 1 pts
Which statement is true about the PoE negotiation process?
The PoE switch keeps the power on a disabled port up, just in case a device that needs
PoE will be connected.
Correct!
With 802.3af and 802.3at, the switch tries to detect the powered device by supplying a
small voltage across the Ethernet cable.
Cisco Inline Power has the same method of negotiating power as both of the IEEE
standards.
IEEE 802.3af power classes are numbered 1-5.
Question 10
1 / 1 pts
Which two statements are true about SDM templates? (Choose two.)
The show SDM version command is used to display the current SDM template.
Correct!
They are used to allocate system resources.

Correct!
Modifying the SDM template requires a reload on the switch before the settings take
effect.
The default SDM template support IPV6 routing.
The current template can be viewed using the show platform tcam
utilization command.
Question 11
1 / 1 pts
Refer to the exhibit. What can be determined about this SLA monitor?
Two SLA samples have been captured.
No more SLA information is being gathered.
The SLA measurement is being taken every 5 milliseconds.

Correct!
There is one SLA monitor session operating on this switch.
Question 12
1 / 1 pts
Which statement is true about a local SPAN configuration?
A port can act as the destination port for all SPAN sessions configured on the switch.
A port can be configured to act as a source and destination port for a single SPAN
session.
Correct!
Both Layer 2 and Layer 3 switched ports can be configured as source or destination ports
for a single SPAN session.
Port channel interfaces (EtherChannel) can be configured as source and destination ports
for a single SPAN session.
Question 13
1 / 1 pts
Refer to the exhibit. Which IP SLA statement is true?
IP SLA operation 99 has been incorrectly configured.
IP SLA operation 99 has stopped monitoring the target device.

Correct!
IP SLA operation 99 had 211 successful replies from the target device.
IP SLA operation 100 has been incorrectly configured.
IP SLA operation 100 has stopped monitoring the target device.
IP SLA operation 100 had 211 successful replies from the target device.
Question 14
1 / 1 pts
Refer to the exhibit. What is the state of the monitoring session?
This is a remote monitored session.

Correct!
No data is being sent from the session.
SPAN session number 2 is being used.
The session is only monitoring data sent out Fa0/1.
Question 15
1 / 1 pts
Which SDM template should be enabled if you have a large number of VLANs to support?
sdm prefer access

Correct!
sdm prefer VLANs
sdm prefer dual-ipv4-and-ipv6
sdm prefer access
Quiz Score:
15 out of 15
Chapter 9 exam sw
Question 1
1 / 1 pts
What is the expected failover time for SSO mode for Layer 2 switching on the Catalyst
4500 family of switches?
Less than 3 seconds

Correct!
Subsecond
1 to 2 minutes
None of the above
Question 2
1 / 1 pts
What are three characteristics of the VSS technology? (Choose three.)
Correct!
VSS combines a pair of physical switches into a virtual switch.

Correct!
Once the VSS is formed, only the control plan of one of the member's is active.
VSS is a network system virutalization technology that combine a pair of Catalyst 3500,
4500 or 6500 series switches into one virtual switch.
Correct!
VSS increases system bandwidth capacity.
Question 3
1 / 1 pts
Which three redundancy modes are supported by Catalyst 6500 Series switches? (Choose
three.)
Correct!
Route Processor Redundancy (RPR)
Supervisor Engine 720 mirroring
Supervisor Engine 720 load balancing

Correct!
Single Router Mode with Stateful Switchover (SRM with SSO)
Manual Switchover
Correct!
Nonstop Forwarding (NSF) with SSO
Question 4
1 / 1 pts
A network administrator is designing a network with redundancy features such SSO with
NSF. What protocol is should the administrator avoid while designing the routing
topology?
BGP
Correct!
RIP
OSPF
EIGRP
ISIS
Question 5
1 / 1 pts
What are three benefits of implementing VSS in a network? (Choose three.)
Correct!
Single management point
VSS is implemented in the access layer which supports a more simplistic design.
Supported on all platforms

Correct!
Neighbors see the VSS as a single switch
VSS can logically combine up to 9 switches.

Correct!
Interchassis stateful failover
Question 6
1 / 1 pts
Which one is NOT a valid supervisor redundancy mode?
RPR
SSO
RPR+
Correct!
NSF
Question 7
1 / 1 pts
Which supervisor redundancy mode offers the fastest failover time?
Correct!
SSO
RPR
RPR+
NSF
Question 8
1 / 1 pts
Which two technologies can be used to reduce the number of logical network devices and
simplify Layer 2 and Layer 3 network toplogies? (Choose two.)
Correct!
VSS
TCAM
NSF
VRRP
Correct!
StackWise
Question 9
1 / 1 pts
To display configuration and status information for a VSS, which show command can be
used?
show virtual switch
show vss brief

Correct!
show switch virutal
show virtual link
Question 10
1 / 1 pts
Which command can be used to verify StackWise configuration to include their stack
number, stack role, MAC address, hardware priority, hardware version and current state?
show version
show stack
Correct!
show switch
show platform
Question 11
1 / 1 pts
What is considered a best practice for an optimal redundant network?
Correct!
Access switches should have redundant connections to redundant distribution switches.
Access switches should have a backup connection to at least one core device
Dual distribution switches should connect individually to separate core switches.
Three distribution switches should be implemented so that the third switch can take the
role of active or standby, as necessary.
Question 12
1 / 1 pts
What are two characteristics of the StackWise technology? (Choose two.)
The stack can support up to 12 switches managed as a single unit.
The StackWise technology creates a virtual connection between the devices without
additional cabling.
Correct!
Multiple switches can create an EtherChannel connection.

Correct!
Unites multiple access switches in the same rack.
Reduces the number of Layer 3 routing neighbors
Question 13
1 / 1 pts
When using RPR, what two events can trigger a switchover from the active to the
standby Supervisor Engine? (Choose two.)
Correct!
clock synchronization failure between the Supervisor Engines
loss of packets from the root bridge
Correct!
an RP or SP crash on the active Supervisor Engine
frames received on a port that is in blocking mode
port failure
Question 14
1 / 1 pts
What is the main purpose of implementing Cisco NSF?
Correct!
to continue forwarding IP packets following an RP switchover
to forward all STP updates to all switches in the network
to keep a backup copy of the latest MAC table in the event of RAM failure
to move switch ports that are currently in blocking mode to forwarding mode with
minimal packet loss
Question 15
1 / 1 pts
Which one of the following features provides the fastest failover for supervisor or route
processor redundancy?
RPR+
NSF
RPR
Correct!
SS0
Quiz Score:
15 out of 15
Question 1
1 / 1 pts
What is the expected failover time for SSO mode for Layer 2 switching on the Catalyst
4500 family of switches?
Less than 3 seconds

Correct!
Subsecond
1 to 2 minutes
None of the above
Question 2
1 / 1 pts
What are three characteristics of the VSS technology? (Choose three.)
Correct!
VSS combines a pair of physical switches into a virtual switch.

Correct!
Once the VSS is formed, only the control plan of one of the member's is active.
VSS is a network system virutalization technology that combine a pair of Catalyst 3500,
4500 or 6500 series switches into one virtual switch.
Correct!
VSS increases system bandwidth capacity.
Question 3
1 / 1 pts
Which three redundancy modes are supported by Catalyst 6500 Series switches? (Choose
three.)
Correct!
Route Processor Redundancy (RPR)
Supervisor Engine 720 mirroring
Supervisor Engine 720 load balancing

Correct!
Single Router Mode with Stateful Switchover (SRM with SSO)
Manual Switchover
Correct!
Nonstop Forwarding (NSF) with SSO
Question 4
1 / 1 pts
A network administrator is designing a network with redundancy features such SSO with
NSF. What protocol is should the administrator avoid while designing the routing
topology?
BGP
Correct!
RIP
OSPF
EIGRP
ISIS
Question 5
1 / 1 pts
What are three benefits of implementing VSS in a network? (Choose three.)
Correct!
Single management point
VSS is implemented in the access layer which supports a more simplistic design.
Supported on all platforms

Correct!
Neighbors see the VSS as a single switch
VSS can logically combine up to 9 switches.
Correct!
Interchassis stateful failover
Question 6
1 / 1 pts
Which one is NOT a valid supervisor redundancy mode?
RPR
SSO
RPR+
Correct!
NSF
Question 7
1 / 1 pts
Which supervisor redundancy mode offers the fastest failover time?
Correct!
SSO
RPR
RPR+
NSF
Question 8
1 / 1 pts
Which two technologies can be used to reduce the number of logical network devices and
simplify Layer 2 and Layer 3 network toplogies? (Choose two.)
Correct!
VSS
TCAM
NSF
VRRP
Correct!
StackWise
Question 9
1 / 1 pts
To display configuration and status information for a VSS, which show command can be
used?
show virtual switch
show vss brief

Correct!
show switch virutal
show virtual link
Question 10
1 / 1 pts
Which command can be used to verify StackWise configuration to include their stack
number, stack role, MAC address, hardware priority, hardware version and current state?
show version
show stack
Correct!
show switch
show platform
Question 11
1 / 1 pts
What is considered a best practice for an optimal redundant network?
Correct!
Access switches should have redundant connections to redundant distribution switches.
Access switches should have a backup connection to at least one core device
Dual distribution switches should connect individually to separate core switches.
Three distribution switches should be implemented so that the third switch can take the
role of active or standby, as necessary.
Question 12
1 / 1 pts
What are two characteristics of the StackWise technology? (Choose two.)
The stack can support up to 12 switches managed as a single unit.
The StackWise technology creates a virtual connection between the devices without
additional cabling.
Correct!
Multiple switches can create an EtherChannel connection.

Correct!
Unites multiple access switches in the same rack.
Reduces the number of Layer 3 routing neighbors
Question 13
1 / 1 pts
When using RPR, what two events can trigger a switchover from the active to the
standby Supervisor Engine? (Choose two.)
Correct!
clock synchronization failure between the Supervisor Engines
loss of packets from the root bridge

Correct!
an RP or SP crash on the active Supervisor Engine
frames received on a port that is in blocking mode
port failure
Question 14
1 / 1 pts
What is the main purpose of implementing Cisco NSF?
Correct!
to continue forwarding IP packets following an RP switchover
to forward all STP updates to all switches in the network
to keep a backup copy of the latest MAC table in the event of RAM failure
to move switch ports that are currently in blocking mode to forwarding mode with
minimal packet loss
Question 15
1 / 1 pts
Which one of the following features provides the fastest failover for supervisor or route
processor redundancy?
RPR+
NSF
RPR
Correct!
SS0
Quiz Score:
15 out of 15
Chapter 10 Exam
Question 1
1 / 1 pts
Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external
and internal users. For security reasons, the servers do not have to communicate with
each other although they are located on the same subnet. Both servers need to
communicate with the data server that is located on the inside network. Which
configuration will isolate the servers from inside attacks?
Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN
promiscuous ports.
Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN
community ports.
Correct!
Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports
Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports.
Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN community ports.
Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports.
Question 2
1 / 1 pts
What is one way to mitigate ARP spoofing?
Correct!
Enable dynamic ARP inspection.
Configure MAC address VLAN access maps.
Enable root guard.
Implement private VLANs.

Question 3
1 / 1 pts
Which statement describes the purpose of the configuration that is shown?
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 3
Switch(config-if)# ip dhcp snooping trust
Switch(config-if)# ip dhcp snooping limit rate 30
It is meant to disable any host that is configured to be in VLAN 3.
It is meant to disable any rogue DHCP servers that are attached to VLAN 3.
Correct!
It is meant to monitor VLAN 3 for DHCP attacks that will deplete the DHCP pool.
It is meant to monitor VLAN 3 and disable any hosts that are using static IP addresses
rather than DHCP addresses.
Question 4
1 / 1 pts
What three steps should be implemented in the network to mitigate a VLAN hopping
attack? (Choose three.)
Enable DTP on all access ports.

Correct!
Specify the VLAN range on trunk links.

Correct!
Configure all unused ports as access ports.

Correct!
Place all unused ports in the shutdown state.
Configure VLAN 1 as the native VLAN for all trunks.

Question 5
1 / 1 pts
Which type of output would be produced on a switch after entering the command,
Switch# show ip dhcp snooping binding?
DHCP servers on the snooped network
DHCP clients on all DHCP snooped switches on the network

Correct!
DHCP clients that are connected to DHCP snooped ports on the switch
all active protocols on all DHCP clients that are connected to DHCP snooped ports on the
switch
Question 6
1 / 1 pts
Refer to the exhibit. The DNS servers DNS1 and DNS2 are redundant copies so they need
to communicate with each other and to the Internet. The web server and the SMTP server
need to communicate with the Internet, but for security purposes the web and the SMTP
servers should not be reachable from the DNS servers. What private VLAN design should
be implemented?
All servers should be configured in separate isolated VLANs. All isolated VLANs should be
in the same primary VLAN.
All servers should be configured in separate community VLANs. All community VLANs
should be in the same primary VLAN.
Correct!
The DNS1 and DNS2 servers should be configured in a community VLAN. The web and
SMTP servers should be configured in an isolated VLAN. Both the community and isolated
VLANs should be part of the primary VLAN.
The DNS1 and DNS2 servers should be configured in an isolated VLAN. The web and
SMTP servers should be configured in a community VLAN. Both the community and
isolated VLANs should be in the same primary VLAN.
Question 7
1 / 1 pts
What can be used to mitigate MAC table flooding attacks?
DHCP snooping
private VLANs
Correct!
port security
root guard
Question 8
1 / 1 pts
What are two purposes for an attacker launching a MAC table flood? (Choose two.)
to initiate a man-in-the-middle attack

Correct!
to initiate a denial of service (DoS) attack

Correct!
to capture data from the network
to gather network topology information
to exhaust the address space available to the DHCP

Question 9
1 / 1 pts
In which location or situation is a private VLAN appropriate?
a DMZ segment
ISP SOHO connections

Correct!
a web hosting environment at an ISP
two recently merged companies that have overlapping IP addressing schemes

Question 10
1 / 1 pts
Which statement best describes how traffic is handled between different port types
within a primary pVLAN?
The traffic is forwarded from promiscuous ports to promiscuous ports in the same
primary VLAN.
The traffic is forwarded from promiscuous ports to community and promiscuous ports in
the same primary VLAN.
The traffic is forwarded from promiscuous ports to isolated and community ports in the
same primary VLAN.
Correct!
The traffic is forwarded from promiscuous ports to isolated, community, and other
promiscuous ports in the same primary VLAN.
Question 11
1 / 1 pts
How does VLAN hopping cause a vulnerability in the network?
The CAM table will be full, causing legitimate frames to be forwarded out all ports and
allowing unauthorized users to capture data.
Correct!
An attacking device can send or receive packets on various VLANs and bypass Layer 3
security measures.
An attacking device can exhaust the address space available to the DHCP servers for a
period of time or establish itself as a DHCP server in man-in-the-middle attacks.
Information sent through CDP is transmitted in clear text and is unauthenticated,

allowing it to be captured and to divulge network topology information.
Question 12
1 / 1 pts
A network administrator is tasked with protecting a server farm by implementing private
VLANs. Each server should only be allowed to communicate with the default gateway.
Which type of pVLAN should be configured on the switch port that connects to a server?
Correct!
isolated
promiscuous
community
secondary VLAN
Question 13
1 / 1 pts
Refer to the exhibit. After the configuration has been applied to ACSw22, frames that are
bound for the node on port FastEthernet 0/1 are periodically being dropped. What should
be done to correct the issue?
Correct!
Add the switchport port-security mac-address sticky command to the interface

configuration.
Change the port speed to speed auto with the interface configuration mode.
Use the switchport mode trunk command in the interface configuration.
Remove the switchport command from the interface configuration.

Question 14
1 / 1 pts
Which countermeasure can be implemented to determine the validity of an ARP packet,
based on the valid MAC-address-to-IP address bindings stored in a DHCP snooping
database?
DHCP spoofing
Correct!
dynamic ARP inspection
CAM table inspection
MAC snooping
Question 15
1 / 1 pts
Which configuration guideline applies to using the capture option in VACL?
Capture ports transmit traffic that belongs to all VLANs.
The capture port captures all packets that are received on the port.
The switch has a restriction on the number of capture ports.

Correct!
The capture port needs to be in the spanning-tree forwarding state for the VLAN.
Question 16
1 / 1 pts
How does MAC address flooding cause a vulnerability in the network?
Correct!
The CAM table will be full, causing legitimate frames to be forwarded out all ports within
the VLAN and allowing unauthorized users to capture data.
An attacking device can send or receive packets on various VLANs and bypass Layer 3
security measures.
An attacking device can exhaust the address space available to the DHCP servers for a
period of time or establish itself as a DHCP server in man-in-the-middle attacks.
Information that is sent through CDP is transmitted in clear text and is unauthenticated,
allowing it to be captured and to divulge network topology information.
Question 17
1 / 1 pts
A network administrator is tasked with protecting a server farm by implementing private
VLANs (PVLANs). A server is only allowed to communicate with its default gateway and
other related servers. Which type of PVLAN should be configured on the switch ports that
connect to the servers?
isolated
promiscuous
secondary VLAN
Correct!
community
Question 18
1 / 1 pts
Refer to the exhibit. The DNS servers DNS1 and DNS2 are redundant copies so they need
to communicate with each other and to the Internet. The SMTP server should not be
reachable from the DNS Servers. Based on the partial configuration that is provided, what
private VLANs design will be implemented?
Correct!
Community VLAN 202 will be created to host both DNS servers, and this VLAN will be
associated with the primary VLAN 100.
Isolated VLAN 202 will be created to host both DNS servers, and this VLAN will be
Community VLAN 100 will be created to host both DNS servers, and this VLAN will be
Isolated VLAN 100 will be created to host both DNS servers, and this VLAN will be
Question 19
1 / 1 pts
All access ports on a switch are configured with the administrative mode of dynamic
auto. An attacker, connected to one of the ports, sends a malicious DTP frame. What is
the intent of the attacker?
Correct!
VLAN hopping
DHCP spoofing attack
MAC flooding attack
ARP poisoning attack

Question 20
1 / 1 pts
What technology can be used to help mitigate MAC address flooding attacks?
root guard
Private VLANs
DHCP snooping
Correct!
VLAN access maps
Dynamic ARP Inspection

Quiz Score:
20 out of 20
Take Assessment - SWITCH Final Exam - CCNP SWITCH (Version 6.0)

1
Refer to the exhibit. The indicated configuration was established on the

HSRP standby router RTB. However, the console message %IP-4DUPADDR started appearing almost immediately on the RTB router.
Given the output of the show standby brief command on RTA, what
is the cause of the problem?
The command standby preempt should
only be applied on the active router. The
subnet mask is missing from the standby ip
10.1.1.1 command.
The group number 50 is missing in the Router RTB configuration
commands.
The priority number 150 is missing in the Router RTB configuration commands.
The virtual IP address should be the same as the active router.
The ports on the switch must be configured with the spanning-tree PortFast feature.
2 Which statement correctly explains the process of mitigating ARP attacks on a
switch where dynamic ARP inspection (DAI) has been configured?
All intercepted packets that come from untrusted ports are dropped.
All intercepted packets that come from trusted ports are sent to untrusted ports only.
The intercepted packets are verified against the DHCP snooping binding table
for valid IP-to-MAC bindings.
For all intercepted packets, an ARP request is sent to the DHCP server for IP-to-MAC
address resolution.
3
Refer to the exhibit. What feature does an SNMP manager need to be able to set a
parameter on ACSw1? a manager who is using an SNMP string of K44p0ut
a manager who is using an Inform
Request MIB a manager who is using
host 192.168.0.5
a manager who is using authPriv
4 Which statement is true concerning the core layer within the
hierarchical design model? Remote users are granted access to
the network through the core.
Routing should be configured without traffic filtering, address translation, or other

packet manipulation at the core.
The core, which acts as the front door to a network, is designed to prevent
unauthorized users from gaining entry.
The core provides an optimized and reliable transport structure by using a

combination of route summaries, distribution lists, and route maps.
5 When a port security violation occurs on a switch port, the switch sends a syslog
message but does not shut down the port. What port security mode is in effect?
sticky
shutdo
wn
restrict
protect
6 Which three steps are required to configure interfaces as routed ports on a
multilayer Catalyst switch? (Choose three.)
Enable IP routing globally.
Assign IP addresses to routed ports.
Configure SVI for each VLAN in the network.
Configure 802.1 Q encapsulation on routed ports.
Disable Power over Ethernet (PoE) on the physical Layer 3 interfaces.
Disable Layer 2 functionality on interfaces that will be configured as routed ports.
7 A bridging loop occurs in a network and disrupts user connectivity. What action
should be taken by a network administrator to restore connectivity?
Disable ports that should be in the blocking state.
Disable ports that should be in the forwarding state.
Disable and re-enable all ports on the distribution switches.
Disable all ports on the distribution switches and replace with new switches.
8 Which three actions can cause problems with a VTP implementation?
(Choose three.) using a non-trunk link to connect switches
using non-Cisco switches

configuring all switches to be in VTP
server mode not using any VTP
passwords on any switches
using lowercase on one switch and uppercase on another switch for domain names
having a VTP transparent switch in between a VTP server switch and a VTP client
switch (all switches in the same VTP domain)
9
Refer to the exhibit. What two conclusions can be made based on the output? (Choose two.)
Interfaces Fa0/1 through Fa0/6 are trunk ports.

Switch DLS1 is not the root bridge for VLAN 1.
The Cost column in the lower part of the exhibit is not the cumulative root path cost.
The default spanning-tree timers have been adjusted.
That Fa0/12 is displaying the alternate port role indicates that PVRST+ is enabled.
10 Which QoS requirement should be taken into account when implementing VoIP in a
campus environment? The QoS requirements should accommodate the best
effort delivery for voice traffic.
The QoS requirements should accommodate the bursty nature of voice traffic.
The QoS requirements should accommodate the intensive demand on bandwidth for
voice traffic.
The QoS requirements should accommodate the smooth demand on bandwidth, low
latency, and delay for voice traffic.
11 When troubleshooting GLBP in an environment with a VLAN that spans multiple access
layer switches, a network engineer discovers that suboptimal paths are being used for
upstream traffic. What is the recommended solution?
Use HSRP instead of
GLBP. Adjust the GLBP
timers.
Configure spanning tree so that the spanning-tree topology adjusts with the GLBP
active virtual forwarder (AVF).
Disable GLBP preemption on all route processors.
12
Refer to the exhibit. What happens if interface gigabitEthernet 5/1 on SwitchA stops
receiving UDLD packets? UDLD stops trying to establish a connection with the
neighbor.
UDLD changes the port state to err-disable.
UDLD changes the port to loop-inconsistent blocking state.

UDLD sends hello messages to its neighbor at a rate of one per second to attempt to
recover the connection.
13 How should a switch port be configured for a connection to a standalone wireless
access point that provides multiple VLAN-separated SSIDs?
as a trunk
port as a
routed port
as an access
port
as a switched virtual interface
14 Which two procedures should be implemented and in place when deploying
VoIP in a campus network? (Choose two.)
Keep voice and data traffic in the same VLAN and mark the traffic for high priority
treatment.
Create voice VLANs to keep voice traffic separate from other data to ensure special
handling of the traffic. Configure traffic shaping QoS policy to guarantee minimum
delay for the voice traffic.
Configure QoS policy to classify the voice traffic in the priority queue to guarantee
reserved bandwidth allocation for the traffic.
Configure the Weighted Random Early Detection (WRED) congestion avoidance
mechanism to guarantee that the voice traffic will be placed in the priority queue.
15 What are three possible misconfigurations or indicators of misconfigurations on a
Layer 3 interface? (Choose three.)
wrong IP address or subnet mask
ports in the wrong VLAN
mismatch between SVI and VLAN numbering

disabled VTP pruning
downed SVI
ACL on wrong interface
16 What type of queuing provides the best quality for voice

applications?
custom queuing
FIFO queuing
priority queuing
weighted round robin (WRR) queuing
17
Refer to the exhibit. What is the problem between the connection on Switch1
and Switch2?
encapsulation
mismatch
switchport mode
mismatch
VTP mismatch
DTP mismatch
hardware failure
18
Refer to the exhibit. The exhibit contains the configuration for a Cisco access device. How
will someone dialing in be authenticated?
local username and password
TACACS+ server
RADIUS server and, if that fails, local username
and password
TACACS+ server
TACACS+ server and, if that fails, local username
and password
RADIUS server and, if that fails, TACACS+ server

19
Which STP enhancement should be configured in the

network to prevent a nondesignated port to transition to
a forwarding state when a topology change occurs?
Root guard should be implemented on the Layer 2 ports between the distribution
switches.
PortFast should be implemented on the uplink ports from the access switches to the
distribution switches.
Loop guard should be implemented on the Layer 2 ports between DSW1 and DSW2
and on the uplink ports from the access switches to the distribution switches.
BPDU guard should be implemented on the Layer 2 ports between DSW1 and DSW2
and on the uplink ports from the access switches to the distribution switches.
20 What are two actions a hacker may take in a VLAN hopping attack? (Choose two.)
replying to ARP requests that are intended for other recipients
sending malicious dynamic trunking protocol (DTP) frames
replying to DHCP requests that are intended for a DHCP server
sending a unicast flood of Ethernet frames with distinct source MAC addresses
sending frames with two 802.1Q headers
21
A network administrator wants to implement inter-VLAN routing in the network. Which

interfaces should be configured as routed ports?
all interfaces on links 5 and 6
all interfaces on links 1, 2, 3, and 4
all interfaces on links 1, 2, 3, 4, 5, and 6
all interfaces between the distribution and the access switches
22 Which three actions are taken when the command switchport host is entered on a
switch port? (Choose three.)
BPDU guard is enabled.
Cisco Discovery Protocol (CDP) is disabled.
VLAN trunking protocol (VTP) is disabled.

PortFast is enabled.
Trunking is disabled.
Channel group is disabled.
23 Which two statements are true about routed ports on a multilayer switch? (Choose two.)
A routed port behaves like a regular router interface and supports VLAN subinterfaces.
A routed port is a physical switch port with Layer 2 capability.
A routed port is not associated with a particular VLAN.
To create a routed port requires removal of Layer 2 port functionality with the no
switchport interface configuration command.
The interface vlan global configuration command is used to create a routed port.
24
Refer to the exhibit. Assuming that the switch is running Multiple Spanning Tree (MST),
which conclusion can be made based on the output?
Spanning-tree load balancing is in effect.
All VLANs are mapped to MST instance 2.
PVRST+ is still operating on switch DLS1.
PVST+ is still operating on switch DLS1.
MST will require fewer resources than PVST+ or PVRST+.
25
Refer to the exhibit. Switches DSw1 and DSw2 are configured with the HSRP virtual IP
address 10.10.10.1, and standby priority is set to 100. Assume both switches finish
booting at the same time and HSRP is operating as expected. On the basis of this
information, which three HSRP statements are true? (Choose three.)
Applying the standby 32 timers 10 30 command on the Gi0/2 interfaces of each
switch would decrease the failover time.
If the DSw1 and DSw2 switches have been configured to preempt, then DSw2 will be
the active router.
If the DSw1 switch is configured with the standby preempt command and DSw2 is
not, then DSw1 will be the active router.
The HSRP group number in this HSRP configuration is HSRP group number 50.
The standby track command is useful for tracking interfaces that are not configured
for HSRP.
When host A sends an ARP request for 10.10.10.1, Virtual Router replies with the MAC
address of the active router.
26 What is the recommended maximum one-way jitter when implementing video over IP for
real-time video applications?
1 ms
2 ms
5 ms
10 ms
27
Refer to the exhibit. Based on the provided show ip dhcp snooping command, which
statement is true?
Only port Fa0/24 can send and receive all DHCP messages.
Ports Fa0/1, Fa0/2, and Fa0/24 can send and receive all DHCP messages.
Only ports Fa0/1 and Fa0/2 can send and receive all DHCP messages.
Ports Fa0/1, Fa0/2, and Fa0/24 can send and receive only DHCP requests.
28 Which two items in the TCAM table are referenced in the process of forwarding a
packet? (Choose two.)
VLAN ID
ACL information
destination MAC address
QoS information
source MAC address
hash key
29 Catalyst Catalyst 6500 switches support which three Supervisor Engine redundancy
features? (Choose three.)
Route Processor Redundancy+ (RPR+)

distributed CEF (dCEF)
Stateful Switchover
(SSO) Resilient Packet
Ring (RPR) Nonstop
Forwarding (NSF) Per
Line Card Traffic
Policing
30 Which two statements are true about the default operation of STP in a Layer 2 switched
environment that has
redundant connections between switches? (Choose two.)

The root switch is the switch with the highest speed ports.
Decisions on which port to block when two ports have equal cost depend on the
port priority and index.
All trunking ports are designated and not blocked.
Root switches have all ports set as root ports.
Nonroot switches each have only one root port.
31 Which benefit is provided by centralizing servers in a data center server farm?
It keeps client-to-server traffic local to a single subnet.
Servers that are located in a data center require less bandwidth.
It is easier to filter and prioritize traffic to and from the data center.
Server farms are not subject to denial of service attacks.
32
Refer to the exhibit. What restriction will be presented in a campus enterprise network
that is designed with four large distribution building blocks?
The implementation of link aggregation will be limited.
The implementation of IGP routing protocols will be limited.
The implementation of EtherChannels on redundant links will exceed the bandwidth.
The implementation of scalability that is required during future growth will be limited.
33 Which three issues can cause devices to become disconnected across a trunk
link? (Choose three.)
unassigned management VLAN
Layer 2 interface mode
incompatibilities missing default
VLAN
mismatched trunk
encapsulations PAgP not
enabled
34
Refer to the exhibit. What additional configuration is required in order for users in VLAN
10 to communicate with the users in VLAN 20?
Configure interface Fa0/1 on SW1 as a trunk.
Remove the subinterfaces on R1 and configure interface Fa0/0 as a trunk.
Configure interfaces Fa0/2 and Fa0/3 on SW1 as trunk links.
Configure VLAN 100 as a data VLAN and VLAN 1 as the native VLAN.
35
Refer to the exhibit. Given that interface Fa3/42 is an active trunk port, what two
conclusions can be made based on the displayed output? (Choose two.)
Root guard is not enabled on interface Fa3/42.
Interface Fa3/42 will not pass data traffic if it detects that it is part of a spanning-tree
loop caused by unidirectional link failure.
UDLD cannot be configured on interface Fa3/42.
If a spanning-tree loop is detected on VLAN 1, data traffic will be blocked for all VLANs
on interface Fa3/42.
The difference in BPDUs sent and received indicates a loop caused by unidirectional
link failure has been detected.
36 Which architecture enables enterprises to offer important network services, such as

security, new communication services, and improved application performance to every
office, regardless of its size or proximity to headquarters?
Cisco Enterprise Campus Architecture
Cisco Enterprise Data Center Architecture
Cisco Enterprise Branch Architecture
Cisco Enterprise Teleworker Architecture
37 Which three parameters must be configured in order to enable SSH? (Choose three.)
retries
hostname
timeouts
domain name
keys
routing protocol
38 The TCAM defines three different match options that correlate to which three specific
match regions? (Choose
three.)
bifurcated match
longest match
second match
exact match
first match
third match
39 Which two types of attacks can be mitigated by port
security? (Choose two.)
dictionary
denial of service
(DoS) replay
MAC-address
flooding
password
40 What is a characteristic of a standalone WLAN solution?
has no centralized monitoring

has no centralized management
has no centralized operational control
has no centralized access authentication
41
Refer to the exhibit. What configuration will be required on the DSW switch in order to
perform inter-VLAN routing for all VLANs that are configured on the access switches?
Configure the routing protocol.
Configure SVI for each VLAN in the network.
Configure the links between DSW and the access switches as access links.
Configure as routed ports the DSW interfaces that face the access switches.
42 How do FlexLink and STP operate together?
If an active STP port is blocked, the active FlexLink port will take over.
Both the active STP port and active FlexLink port can forward traffic simultaneously.
Both the active STP port and active FlexLink port can forward traffic simultaneously
but only for different VLANs.
STP can be active in the distribution layer, but is unaware of any FlexLink updates in
the access layer.
43
Refer to the exhibit. What two effects will occur when a fourth distribution module is
included in the campus enterprise network that is depicted in the exhibit? (Choose
two.)
The inclusion of the fourth module will increase the routing complexity.
It will limit the traffic flow in the network.
It will provide scalability for future growth.
It will impact the security of the traffic between the distribution switches.
It will increase the number of additional links that are required to provide
redundant connectivity.

Todos

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Todos

Transféré par

Droits d'auteur :

Formats disponibles

Chapter 2 Exam switch V.

hardware based forwarding

Netflow LAN switching

The FIB table contains the Layer 2 rewrite information.

Adjacency table lookups use the closest Layer 3 prefix match.

distribution Layer Correct Answer

collapsed core Layer

core Layer BAD

Two Catalyst 4503 Layer 3 switches

One 5500 security appliance firewall

Two Catalyst 6509 switches

Two lightweight access points

Two Catalyst 2960 switches

Catalyst 4503 switches

Cisco 5500 security appliance firewall

Catalyst 6509 switches

lightweight access points

Catalyst 2960 switches

Refer to curriculum topic: 1.1.3

Refer to Chapter 2 of the Foundation Learning Guide

control and remote management of the switch

control of the routing protocols and processes running on the switch

control of the layer 2 switching process used by the switch

Refer to Chapter 2 of the Foundation Learning Guide

Refer to curriculum topic: 1.1.5

It replaces the three-layer hierarchical model with a flat network approach.

Internet Group Management Protocol (IGMP) snooping

Time to Live (TTL) decrementing

rewrite of the source and destination MAC addresses

TCAM includes only Layer 3 lookup information.

A single TCAM lookup provides Layer 2, Layer 3, and ACL information.

Refer to curriculum topic: 4.4.2

VLANs are extended into the distribution layer.

VLANs are terminated on the access layer devices.

Layer 3 switching in the access layer is a cheaper implementation option.

Refer to Chapter 2 of the Foundation Learning Guide

reduced cost BAD

less equipment required

segmentation of broadcast domains Correct Answer

lower bandwidth requirements

run an IGP at the access, distribution and core layers

content-addressable memory (CAM)

ternary content addressable memory (TCAM)

address resolution protocol (ARP) memory

Cisco Express Forwarding (CEF) memory

access list filtering

high-speed backbone switching

interconnection of distribution layer devices

redundancy between the core devices only

collapsed core layer

Refer to Chapter 2 of the Foundation Learning Guide

Refer to curriculum topic: 1.1.1

Chapter 3 Exam Switch V.7

Eleven VLANs were manually configured on the switch.

Interfaces Fa0/13 and Fa0/14 are in VLAN 1.

Interfaces Fa0/13 and Fa0/14 are in an unspecified VLAN.

VLAN 100 is in dynamic desirable mode.

VLAN 100 has no active access ports.

Refer to curriculum topic: 2.2.1

switchport mode mismatch

native VLAN mismatch

Refer to curriculum topic: 2.2.1

sets the switch port mode to access

enables BPDU guard