Pregunta 1
Pregunta
Which statement is true about RSTP topology changes?
Respuesta
-
Any change in the state of the port generates a TC BPDU
-
Only non-edge ports moving to the forwarding state generate a TC BPDU.
-
If either an edge port or a non-edge port moves to a block state, then a TC BPDU is generated.
-
Only edge ports moving to the blocking state generate a TC BPDU.
-
Any loss of connectivity generates a TC BPDU.
Pregunta 2
Pregunta
Refer to the exhibit.
Why are users from VLAN 100 unable to ping users on VLAN 200?
Respuesta
-
Encapsulation on the switch is wrong.
-
Trunking must be enabled on Fa0/1.
-
The native VLAN is wrong.
-
VLAN 1 needs the no shutdown command.
-
IP routing must be enabled on the switch.
Pregunta 3
Pregunta
Refer to the exhibit.
The link between switch SW1 and switch SW2 is configured as a trunk, but the trunk failed to establish connectivity between the switches.
Based on the configurations and the error messages received on the console of SW1, what is the cause of the problem?
Respuesta
-
The two ends of the trunk have different duplex settings.
-
The two ends of the trunk have different EtherChannel configurations.
-
The two ends of the trunk have different native VLAN configurations.
-
The two ends of the trunk allow different VLANs on the trunk.
Pregunta 4
Pregunta
When you create a network implementation for a VLAN solution, what is one procedure that you should include
in your plan?
Respuesta
-
Perform an incremental implementation of components.
-
Implement the entire solution and then test end-to-end to make sure that it is performing as designed.
-
Implement trunking of all VLANs to ensure that traffic is crossing the network as needed before performing
any pruning of VLANs.
-
Test the solution on the production network in off hours.
Pregunta 5
Pregunta
You have just created a new VLAN on your network.
What is one step that you should include in your VLAN-based implementation and verification plan?
Respuesta
-
Verify that different native VLANs exist between two switches for security purposes.
-
Verify that the VLAN was added on all switches with the use of the show vlan command.
-
Verify that the switch is configured to allow for trunking on the switch ports.
-
Verify that each switch port has the correct IP address space assigned to it for the new VLAN.
Pregunta 6
Pregunta
Which two statements describe a routed switch port on a multilayer switch? (Choose two.)
Respuesta
-
Layer 2 switching and Layer 3 routing are mutually supported.
-
The port is not associated with any VLAN.
-
The routed switch port supports VLAN subinterfaces.
-
The routed switch port is used when a switch has only one port per VLAN or subnet.
-
The routed switch port ensures that STP remains in the forwarding state.
Pregunta 7
Pregunta
On a multilayer Cisco Catalyst switch, which interface command is used to convert a Layer 3 interface to a Layer 2 interface?
Pregunta 8
Pregunta
Refer to the exhibit.
All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users report that they experience slower network performance when accessing the server farm than the Reception office experiences.
Which two statements are true? (Choose two.)
Respuesta
-
Changing the bridge priority of S1 to 4096 would improve network performance.
-
Changing the bridge priority of S1 to 36864 would improve network performance.
-
Changing the bridge priority of S2 to 36864 would improve network performance.
-
Changing the bridge priority of S3 to 4096 would improve network performance.
-
Disabling the Spanning Tree Protocol would improve network performance.
-
Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.
Pregunta 9
Pregunta
Refer to the exhibit.
Respuesta
-
enables LACP unconditionally
-
enables PAgP only if a PAgP device is detected
-
enables PAgP unconditionally
-
enables EtherChannel only
-
enables LACP only if an LACP device is detected
Pregunta 10
Pregunta
Refer to the exhibit.
Which two statements are true? (Choose two.)
Respuesta
-
Interface gigabitethernet 0/1 has been configured as Layer 3 ports.
-
Interface gigabitethernet 0/1 does not appear in the show vlan output because switchport is enabled.
-
VLAN2 has been configured as the native VLAN for the 802.1q trunk on interface gigabitethernet 0/1.
-
Traffic on VLAN 1 that is sent out gigabitethernet 0/1 will have an 802.1q header applied.
-
Traffic on VLAN 2 that is sent out gigabitethernet 0/1 will have an 802.1q header applied.
-
Interface gigabitethernet 0/1 does not appear in the show vlan output because it is configured as a trunk
interface.
Pregunta 11
Pregunta
Refer to the exhibit and the partial configuration of switch SW_A and SW_B.
STP is configured on all switches in the network. SW_B receives this error message on the console port:
00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5
(not half duplex), with SW_A FastEthernet0/4 (half duplex), with TBA05071417
(Cat6K-B) 0/4 (half duplex).
What is the possible outcome of the problem?
Respuesta
-
The root port on switch SW_A will automatically transition to full-duplex mode.
-
The root port on switch SW_B will fall back to full-duplex mode.
-
The interfaces between switches SW_A and SW_B will transition to a blocking state.
-
Interface Fa 0/6 on switch SW_B will transition to a forwarding state and create a bridging loop.
Pregunta 12
Pregunta
What is the result of entering the command port-channel load-balance src-dst-ip on an EtherChannel link?
Respuesta
-
Packets are distributed across the ports in the channel based on the source and destination MAC addresses.
-
Packets are distributed across the ports in the channel based on both the source and destination IP
addresses.
-
Packets are balanced across the ports in the channel based first on the source MAC address, then on the
destination MAC address, then on the IP address.
-
Packets are distributed across the access ports in the channel based first on the source IP address and
then on the destination IP addresses.
Pregunta 13
Pregunta
Which statement about the Port Aggregation Protocol is true?
Respuesta
-
Configuration changes made on the port-channel interface apply to all physical ports assigned to the portchannel
interface.
-
Configuration changes made on a physical port that is a member of a port-channel interface apply to the
port-channel interface
-
Configuration changes are not permitted with Port Aggregation Protocol.
Instead, the standardized Link Aggregation Control Protocol should be used if configuration changes are
required.
-
The physical port must first be disassociated from the port-channel interface before any configuration
changes can be made.
Pregunta 14
Pregunta
Refer to the exhibit.
For the configuration shown, which is the recommended method of providing interVLAN routing?
Respuesta
-
determine which switch is the root bridge then connect a router on a stick to it
-
configure SVIs on the core switches
-
configure SVIs on the access layer switches
-
configure SVIs on the distribution switches
Pregunta 15
Pregunta
Under what circumstances should an administrator prefer local VLANs over end-to-end VLANs?
Respuesta
-
Eighty percent of traffic on the network is destined for Internet sites.
-
There are common sets of traffic filtering requirements for workgroups located in multiple buildings.
-
Eighty percent of a workgroup's traffic is to the workgroup's own local server.
-
Users are grouped into VLANs independent of physical location.
-
None of the other alternatives apply
Pregunta 16
Pregunta
What are some virtues of implementing end-to-end VLANs? (Choose two)
Respuesta
-
End-to-end VLANs are easy to manage.
-
Users are grouped into VLANs independent of a physical location.
-
Each VLAN has a common set of security and resource requirements for all members.
-
Resources are restricted to a single location.
Pregunta 17
Pregunta
Which of the following statements is true about the 80/20 rule (Select all that apply)?
Respuesta
-
20 percent of the traffic on a network segment should be local
-
no more than 20 percent of the network traffic should be able to move across a backbone.
-
no more than 80 percent of the network traffic should be able to move across a backbone.
-
80 percent of the traffic on a network segment should be local
Pregunta 18
Pregunta
What are three results of issuing the switchport host command? (Choose three.) Select 3 response(s).
Pregunta 19
Pregunta
Given the configurations on SwitchA and SwitchB, which statement is true?
Respuesta
-
The link is set to auto-negotiate trunking, and it will automatically become a trunk link unless configured
otherwise.
-
The link is a trunking link and by default all VLANs will be transmitted across this trunk.
-
The link is prevented from generating DTP frames, turning the Negotiation of Trunking off.
-
The link is not a trunk link so both interfaces must be on the same VLAN and only that single VLAN is
transmitted across the link.
Pregunta 20
Pregunta
Given the configurations on SwitchA and SwitchB, which two statements are true? (Choose two.)
Respuesta
-
The trunk is currently using the ISL trunking protocol.
-
The trunk is currently using the 802.1q trunking protocol.
-
By default, the trunk can only support one VLAN, and only that single VLAN is transmitted across the trunk.
-
By default, SwitchA and SwitchB's Fast Ethernet 0/1 port will not generate DTP messages.
-
By default, all VLANs will be transmitted across this trunk.
Pregunta 21
Pregunta
A network administrator enters the following switch commands:
Switch(config)#interface range fa0/0-5
Switch(config-if-range)#switchport access vlan 2
What is the result of these commands?
Respuesta
-
Two new vlans are created on six switch ports
-
One new vlan is created on five switch ports
-
Six new vlans are created on six switch ports
-
One new vlan is created with the vlan number 2
Pregunta 22
Pregunta
When a VLAN port configured as a trunk receives an untagged frame, what will happen?
Respuesta
-
The frame will be dropped.
-
The frame will cause an error message to be sent.
-
The frame will be processed as a native VLAN frame
-
The frame will first be tagged, then processed as a native VLAN frame.
Pregunta 23
Pregunta
By default, which statement is correct when an IEEE 802.1Q trunk port receives an untagged frame?
Respuesta
-
The frame is considered in the native VLAN and forwarded to the ports associated with that VLAN.
-
The frame is encapsulated and tagged as in the native VLAN.
-
The frame is broadcast on all ports regardless of VLAN association.
-
The frame is dropped.
Pregunta 24
Pregunta
Both host stations are part of the same subnet but are in different VLANs.
On the basis of the information presented in the exhibit, which statement is true about an attempt to ping from
host to host?
Respuesta
-
A trunk port will need to be configured on the link between Sw_A and Sw_B for the ping command to be
successful.
-
The two different hosts will need to be in the same VLAN in order for the ping command to be successful.
-
A Layer 3 device is needed for the ping command to be successful.
-
The ping command will be successful without any further configuration changes.
Pregunta 25
Pregunta
Refer to the exhibit. VLAN 1 and VLAN 2 are configured on the trunked links between Switch A and Switch B.
Port Fa 0/2 on Switch B is currently in a blocking state for both VLANs.
What should be done to load balance VLAN traffic between Switch A and Switch B?
Respuesta
-
Lower the port priority for VLAN 1 on port 0/1 for Switch A.
-
Lower the port priority for VLAN 1 on port 0/2 for Switch A.
-
Make the bridge ID of Switch B lower than the ID of Switch A.
-
Enable HSRP on the access ports
Pregunta 26
Pregunta
Refer to the exhibit.
What information can be derived from the output?
Respuesta
-
Interfaces FastEthernet3/1 and FastEthernet3/2 are connected to devices that are sending BPDUs with a
superior root bridge parameter and no traffic is forwarded across the ports.
After the sending of BPDUs has stopped, the interfaces must be shut down administratively, and brought
back up, to resume normal operation.
-
Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior
root bridge parameter, but traffic is still forwarded across the ports.
-
Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior
root bridge parameter and no traffic is forwarded across the ports.
After the inaccurate BPDUs have been stopped, the interfaces automatically recover and resume normal
operation.
-
Interfaces FastEthernet3/1 and FastEthernet3/2 are candidates for becoming the STP root port, but neither
can realize that role until BPDUs with a superior root bridge parameter are no longer received on at least
one of the interfaces.
Pregunta 27
Pregunta
What are three results of issuing the switchport host command? (Choose three.)
Pregunta 28
Pregunta
Refer to exhibit
All links in this network are layer 2, fast Ethernet 100 Mb/s and operating as trunks.
After a failure, the link between ASW-1 and DSW-1 has incorrectly come back up at 10Mb/s although it is
connected.
Which one of the following will occur as a result of this failure?
Respuesta
-
There will be no change to the forwarding path of traffic from ASW-1
-
ASW1 will block Fa0/24 in order to maintain the shortest path to the root bridge DSW-1
-
ASW-1 will block Fa0/23 in order to maintain the shortest path to the root bridge DSW-1
-
ASW-1 will elect DSW-2 as the root primary since it is closer than DSW-1
Pregunta 29
Pregunta
What is the result of entering the command spanning-tree loopguard default?
Respuesta
-
The command enables loop guard and root guard.
-
The command changes the status of loop guard from the default of disabled to enabled.
-
The command activates loop guard on point-to-multipoint links in the switched network.
-
The command disables EtherChannel guard.
Pregunta 30
Pregunta
What is the effect of applying the switchport trunk encapsulation dot1q command to a port on a Cisco Catalyst
switch?
Respuesta
-
By default, native VLAN packets going out this port are tagged.
-
Without an encapsulation command, 802.1Q is the default encapsulation if DTP fails to negotiate a trunking
protocol.
-
The interface supports the reception of tagged and untagged traffic.
-
If the device connected to this port is not 802.1Q-enabled, it is unable to handle 802.1Q packets.
Pregunta 31
Pregunta
Refer to the exhibit.
Switch S1 has been configured with the command spanning-tree mode rapid-pvst. Switch S3 has been
configured with the command spanning-tree mode mst. Switch S2 is running the IEEE 802.1D instance of
Spanning Tree. What is the result?
Respuesta
-
IEEE 802.1w and IEEE 802.1s are compatible. IEEE 802.1d is incompatible.
Switches S1 and S3 can pass traffic between themselves. Neither can pass traffic to switch S2.
-
Switches S1, S2, and S3 can pass traffic between themselves.
-
Switches S1, S2, and S3 can pass traffic between themselves.
However, if the topology is changed, switch S2 does not receive notification of the change.
-
IEEE 802.1d, IEEE 802.1w, and IEEE 802.1s are incompatible.
All three switches must use the same standard or no traffic can pass between any of the switches.
Pregunta 32
Pregunta
Which statement about 802.1Q trunking is true?
Respuesta
-
Both switches must be in the same VTP domain.
-
The encapsulation type on both ends of the trunk does not have to match.
-
The native VLAN on both ends of the trunk must be VLAN 1.
-
In 802.1Q trunking, all VLAN packets are tagged on the trunk link, except the native VLAN.
Pregunta 33
Pregunta
Refer to the exhibit.
Which three statements are true? (Choose three.)
Respuesta
-
A trunk link will be formed.
-
Only VLANs 1-1001 will travel across the trunk link.
-
The native VLAN for switch B is VLAN 1.
-
DTP is not running on switch A.
-
DTP packets are sent from switch B.
Pregunta 34
Pregunta
The Company LAN is becoming saturated with broadcasts and multicast traffic.
What could you do to help a network with many multicasts and broadcasts?
Respuesta
-
Creating smaller broadcast domains by implementing VLANs.
-
Separate nodes into different hubs.
-
Creating larger broadcast domains by implementing VLANs.
-
Separate nodes into different switches.
-
All of the above.
Pregunta 35
Pregunta
You are the network administrator tasked with designing a switching solution for the Company network.
Which of the following statements describing trunk links are INCORRECT? (Select all that apply)
Respuesta
-
The trunk link belongs to a specific VLAN.
-
Multiple trunk links are used to connect multiple end user devices.
-
A trunk link only supports native VLAN.
-
Trunk links use 802.10 to identify a VLAN.
-
The native VLAN of the trunk link is the VLAN that the trunk uses for untagged packets.
Pregunta 36
Pregunta
Which of the following specifications is a companion to the IEEE 802.1w Rapid Spanning Tree Protocol
(RSTP) algorithm, and warrants the use multiple spanning-trees?
Pregunta 37
Pregunta
Which of the following specification will allow you to: associate VLAN groups to STP instances so you can
provide multiple forwarding paths for data traffic and enable load balancing?
Respuesta
-
IEEE 802.1d (STP)
-
IEEE 802.1s (MST)
-
IEEE 802.1Q (CST)
-
IEEE 802.1w (RSTP)
Pregunta 38
Pregunta
Which two statements correctly describe VTP? (Choose two.)
Respuesta
-
Transparent mode always has a configuration revision number of 0.
-
Transparent mode cannot modify a VLAN database.
-
Client mode cannot forward received VTP advertisements.
-
Client mode synchronizes its VLAN database from VTP advertisements.
-
Server mode can synchronize across VTP domains.
Pregunta 39
Pregunta
Which two DTP modes permit trunking between directly connected switches? (Choose two.)
Respuesta
-
dynamic desirable (VTP domain A) to dynamic desirable (VTP domain A)
-
dynamic desirable (VTP domain A) to dynamic desirable (VTP domain B)
-
dynamic auto (VTP domain A) to dynamic auto (VTP domain A)
-
dynamic auto (VTP domain A) to dynamic auto (VTP domain B)
-
dynamic auto (VTP domain A) to nonegotiate (VTP domain A)
-
nonegotiate (VTP domain A) to nonegotiate (VTP domain B)
Pregunta 40
Pregunta
Which two RSTP port roles include the port as part of the active topology? (Choose two.)
Respuesta
-
root
-
designated
-
alternate
-
backup
-
forwarding
-
learning
Pregunta 41
Pregunta
Which two statements correctly describe characteristics of the PortFast feature? (Choose two.)
Respuesta
-
STP is disabled on the port.
-
PortFast can also be configured on trunk ports.
-
PortFast is needed to enable port-based BPDU guard.
-
PortFast is used for STP and RSTP host ports.
.
-
PortFast is used for STP-only host ports
Pregunta 42
Pregunta
Which statement correctly describes the Cisco implementation of RSTP?
Respuesta
-
PortFast, UplinkFast, and BackboneFast specific configurations are ignored in Rapid PVST mode.
-
RSTP is enabled globally and uses existing STP configuration.
-
Root and alternative ports transition immediately to the forwarding state
-
Convergence is improved by using subsecond timers for the blocking, listening, learning, and forwarding
port states.
Pregunta 43
Pregunta
You are the administrator of a switch and currently all host-connected ports are configured with the portfast
command. You have received a new directive from your manager that states that, in the future, any hostconnected
port that receives a BPDU should automatically disable PortFast and begin transmitting BPDUs.
Respuesta
-
Switch(config)#spanning-tree portfast bpduguard default
-
Switch(config-if)#spanning-tree bpduguard enable
-
Switch(config-if)#spanning-tree bpdufilter enable
-
Switch(config)#spanning-tree portfast bpdufilter default
Pregunta 44
Pregunta
A port in a redundant topology is currently in the blocking state and is not receiving BPDUs.
To ensure that this port does not erroneously transition to the forwarding state, which command should be
configured?
Respuesta
-
Switch(config)#spanning-tree loopguard default
-
Switch(config-if)#spanning-tree bdpufilter
-
Switch(config)#udld aggressive
-
Switch(config-if)#spanning-tree bpduguard
Pregunta 45
Pregunta
Which command can be issued without interfering with the operation of loop guard?
Respuesta
-
Switch(config-if)#spanning-tree guard root
-
Switch(config-if)#spanning-tree portfast
-
Switch(config-if)#switchport mode trunk
-
Switch(config-if)#switchport mode access
Pregunta 46
Pregunta
Which statement is a characteristic of multi-VLAN access ports?
Respuesta
-
The port has to support STP PortFast.
-
The auxiliary VLAN is for data service and is identified by the PVID.
-
The port hardware is set as an 802.1Q trunk.
-
The voice service and data service use the same trust boundary.
Pregunta 47
Pregunta
Which two statements are true about recommended practices that are to be used in a local VLAN solution
design where layer 2 traffic is to be kept to a minimum? (Choose two.)
Respuesta
-
Routing should occur at the access layer if voice VLANs are utilized. Otherwise, routing should occur at the
distribution layer.
-
Routing may be performed at all layers but is most commonly done at the core and distribution layers.
-
. Routing should not be performed between VLANs located on separate switches.
-
VLANs should be local to a switch.
-
VLANs should be localized to a single switch unless voice VLANs are being utilized.
Pregunta 48
Pregunta
Refer to the exhibit.
BPDUGuard is enabled on both ports of SwitchA. Initially, LinkA is connected and forwarding traffic. A new
LinkB is then attached between SwitchA and HubA.
Which two statements about the possible result of attaching the second link are true? (Choose two.)
Respuesta
-
The switch port attached to LinkB does not transition to up.
-
One or both of the two switch ports attached to the hub goes into the err-disabled state when a BPDU is
received.
-
Both switch ports attached to the hub transitions to the blocking state.
-
A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
-
The switch port attached to LinkA immediately transitions to the blocking state.
Pregunta 49
Pregunta
What action should a network administrator take to enable VTP pruning on an entire management domain?
Respuesta
-
Enable VTP pruning on any client switch in the domain.
-
Enable VTP pruning on every switch in the domain
-
Enable VTP pruning on any switch in the management domain.
-
Enable VTP pruning on a VTP server in the management domain.
Pregunta 50
Pregunta
How does VTP pruning enhance network bandwidth?
Respuesta
-
by restricting unicast traffic across VTP domains
-
by reducing unnecessary flooding of traffic to inactive VLANs
-
by limiting the spreading of VLAN information
-
by disabling periodic VTP updates
Pregunta 51
Pregunta
Refer to the exhibit.
The network operations center has received a call stating that users in VLAN 107 are unable to access
resources through router 1. What is the cause of this problem?
Respuesta
-
VLAN 107 does not exist on switch A.
-
VTP is pruning VLAN 107.
-
VLAN 107 is not configured on the trunk.
-
Spanning tree is not enabled on VLAN 107.
Pregunta 52
Pregunta
What two things occur when an RSTP edge port receives a BPDU? (Choose two.)
Respuesta
-
The port immediately transitions to the forwarding state.
-
The switch generates a Topology Change Notification BPDU.
-
The port immediately transitions to the err-disable state.
-
The port becomes a normal STP switch port.
Pregunta 53
Pregunta
What is the effect of configuring the following command on a switch?
Switch(config) # spanning-tree portfast bpdufilter default
Respuesta
-
If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are
processed normally.
-
If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
-
If BPDUs are received by a port configured for PortFast, the port transitions to the forwarding state.
-
The command enables BPDU filtering on all ports regardless of whether they are configured for BPDU
filtering at the interface level.
Pregunta 54
Pregunta
Which statement correctly describes enabling BPDU guard on an access port that is also enabled for
PortFast?
Respuesta
-
Upon startup, the port transmits 10 BPDUs. If the port receives a BPDU, PortFast and BPDU guard are
disabled on that port and it assumes normal STP operation.
-
The access port ignores any received BPDU.
-
If the port receives a BPDU, it is placed into the error-disable state.
-
BPDU guard is configured only globally and the BPDU filter is required for port-level configuration.
Pregunta 55
Pregunta
Which three items are configured in MST configuration submode? (Select three)
Pregunta 56
Pregunta
By default, all VLANs will belong to which MST instance when using Multiple STP?
Pregunta 57
Pregunta
Which MST configuration statement is correct?
Respuesta
-
MST configurations can be propagated to other switches using VTP.
-
After MST is configured on a Switch, PVST+ operations will also be enabled by default.
-
MST configurations must be manually configured on each switch within the MST region.
-
MST configurations only need to be manually configured on the Root Bridge.
-
MST configurations are entered using the VLAN Database mode on Cisco Catalyst switches.
Pregunta 58
Pregunta
Which trunking protocol inserts a four byte tag into the Ethernet frame and recalculates the CRC value?
Pregunta 59
Pregunta
Which description correctly describes a MAC address flooding attack?
Respuesta
-
The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device
then becomes the destination address found in the Layer 2 frames sent by the valid network device.
-
The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device
then becomes the source address found in the Layer 2 frames sent by the valid network device.
-
The attacking device spoofs a destination MAC address of a valid host currently in the CAM table. The
switch then forwards frames destined for the valid host to the attacking device.
-
The attacking device spoofs a source MAC address of a valid host currently in the CAM table.
The switch then forwards frames destined for the valid host to the attacking device.
-
Frames with unique, invalid destination MAC addresses flood the switch and exhaust CAM table space.The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports.
-
Frames with unique, invalid source MAC addresses flood the switch and exhaust CAM table space. The
result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is
subsequently flooded out all ports.
Pregunta 60
Pregunta
Refer to the exhibit.
An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server for a
man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack?
Respuesta
-
All switch ports in the Building Access block should be configured as DHCP trusted ports.
-
All switch ports in the Building Access block should be configured as DHCP untrusted ports.
-
All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted
ports.
-
All switch ports connecting to hosts in the Building Access block should be configured as DHCP untrusted
ports.
-
All switch ports in the Server Farm block should be configured as DHCP untrusted ports.
-
All switch ports connecting to servers in the Server Farm block should be configured as DHCP untrusted
ports.
Pregunta 61
Pregunta
Refer to the exhibit.
The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons,
the servers should not communicate with each other, although they are located on the same subnet. However,
the servers do need to communicate with a database server located in the inside network. Which configuration
isolates the servers from each other?
Respuesta
-
The switch ports 3/1 and 3/2 are defined as secondary VLAN isolated ports.
The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.
-
The switch ports 3/1 and 3/2 are defined as secondary VLAN community ports.
The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.
-
The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN
promiscuous ports.
-
The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN
community ports.
Pregunta 62
Pregunta
What does the command udld reset accomplish?
Respuesta
-
allows a UDLD port to automatically reset when it has been shut down
-
resets all UDLD enabled ports that have been shutdown
-
removes all UDLD configurations from interfaces that were globally enabled
-
removes all UDLD configurations from interfaces that were enabled per-port
Pregunta 63
Pregunta
Refer to the exhibit
Dynamic ARP Inspection is enabled only on switch SW_A. Host_A and Host_B acquire their IP addresses
from the DHCP server connected to switch SW_A. What would the outcome be if Host_B initiated an ARP
spoof attack toward Host_A?
Respuesta
-
The spoof packets are inspected at the ingress port of switch SW_A and are permitted.
-
The spoof packets are inspected at the ingress port of switch SW_A and are dropped.
-
The spoof packets are not inspected at the ingress port of switch SW_A and are permitted.
-
The spoof packets are not inspected at the ingress port of switch SW_A and are dropped.
Pregunta 64
Pregunta
Which statement is true about Layer 2 security threats?
Respuesta
-
MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against
reconnaissance attacks that use Dynamic ARP Inspection to determine vulnerable attack points.
-
DHCP snooping sends unauthorized replies to DHCP queries.
-
ARP spoofing can be used to redirect traffic to counter Dynamic ARP Inspection.
-
Dynamic ARP Inspection in conjunction with ARP spoofing can be used to counter DHCP snooping
attacks.
-
MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
-
Port scanners are the most effective defense against Dynamic ARP Inspection.
Pregunta 65
Pregunta
On a Company switch named R1 you configure the following:
ip arp inspection vlan 10-12, 15
What is the purpose of this global configuration command made on R1?
Respuesta
-
Discards ARP packets with invalid IP-to-MAC address bindings on trusted ports
-
Validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15
-
Intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings
-
Intercepts all ARP requests and responses on trusted ports
-
None of the other alternatives apply
Pregunta 66
Pregunta
Refer to the exhibit.
Which two of the following statements are true? (Choose two)
Respuesta
-
DHCP snooping is enabled for 155 Vlans
-
DHCP snooping is enabled for a single Vlan
-
DHCP Snooping is not enabled for any VLan
-
Option 82 is enabled for a VLAN 155
-
Ports Fa0/5 and Fa0/6 should be kept shutdown as these are untrusted ports
Pregunta 67
Pregunta
What are two methods of mitigating MAC address flooding attacks? (Choose two.)
Pregunta 68
Pregunta
What is one method that can be used to prevent VLAN hopping?
Respuesta
-
Configure ACLs.
-
Enforce username and password combinations.
-
Configure all frames with two 802.1Q headers.
-
Explicitly turn off DTP on all unused ports.
-
Configure VACLs.
Pregunta 69
Pregunta
Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning-tree
topology of a network?
Respuesta
-
BPDU guard can guarantee proper selection of the root bridge.
-
BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.
-
BPDU guard can be utilized to prevent the switch from transmitting BPDUs and incorrectly altering the root
bridge election
-
BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network
Pregunta 70
Pregunta
What two steps can be taken to help prevent VLAN hopping? (Choose two.)
Respuesta
-
Place unused ports in a common unrouted VLAN.
-
Enable BPDU guard.
-
Implement port security.
-
Prevent automatic trunk configurations.
-
Disable Cisco Discovery Protocol on ports where it is not necessary.
Pregunta 71
Pregunta
When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to gather
information?
Respuesta
-
The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic that is
allowed on the trunk.
-
The attacking station tags itself with all usable VLANs to capture data that is passed through the switch,
regardless of the VLAN to which the data belongs.
-
The attacking station generates frames with two 802.1Q headers to cause the switch to forward the frames
to a VLAN that would be inaccessible to the attacker through legitimate means.
-
The attacking station uses VTP to collect VLAN information that is sent out and then tags itself with the
domain information to capture the data.
Pregunta 72
Pregunta
Refer to the exhibit.
DHCP snooping is enabled for selected VLANs to provide security on the network. How do the switch ports
handle the DHCP messages?
Respuesta
-
A DHCPOFFER packet from a DHCP server received on Ports Fa2/1 and Fa2/2 is dropped.
-
A DHCP packet received on ports Fa2/1 and Fa2/2 is dropped if the source MAC address and the DHCP
client hardware address does not match Snooping database.
-
A DHCP packet received on ports Fa2/1 and Fa2/2 is forwarded without being tested
-
A DHCPRELEASE message received on ports Fa2/1 and Fa2/2 has a MAC address in the DHCP
snooping binding database, but the interface information in the binding database does not match the
interface on which the message was received and is dropped.
Pregunta 73
Pregunta
Which three statements about Dynamic ARP Inspection are true? (Choose three.)
Respuesta
-
It determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored
in the DHCP snooping database.
-
It forwards all ARP packets received on a trusted interface without any checks.
-
It determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored
in the CAM table.
-
It forwards all ARP packets received on a trusted interface after verifying and inspecting the packet against
the Dynamic ARP Inspection table.
-
It intercepts all ARP packets on untrusted ports.
-
It is used to prevent against a DHCP snooping attack.
Pregunta 74
Pregunta
You are tasked with designing a security solution for your network. What information should be gathered
before you design the solution?
Respuesta
-
IP addressing design plans, so that the network can be appropriately segmented to mitigate potential
network threats
-
a list of the customer requirements
-
detailed security device specifications
-
results from pilot network testing
Pregunta 75
Pregunta
Which two components should be part of a security implementation plan? (Choose two.)
Respuesta
-
detailed list of personnel assigned to each task within the plan
-
a Layer 2 spanning-tree design topology
-
rollback guidelines
-
placing all unused access ports in VLAN 1 to proactively manage port security
-
enabling SNMP access to Cisco Discovery Protocol data for logging and forensic analysis
Pregunta 76
Pregunta
When creating a network security solution, which two pieces of information should you have obtained
previously to assist in designing the solution? (Choose two.)
Respuesta
-
a list of existing network applications currently in use on the network
-
network audit results to uncover any potential security holes
-
a planned Layer 2 design solution
-
a proof-of-concept plan
-
device configuration templates
Pregunta 77
Pregunta
What action should you be prepared to take when verifying a security solution?
Respuesta
-
having alternative addressing and VLAN schemes
-
having a rollback plan in case of unwanted or unexpected results
-
running a test script against all possible security threats to insure that the solution will mitigate all potential
threats
-
isolating and testing each security domain individually to insure that the security design will meet overall
requirements when placed into production as an entire system
Pregunta 78
Pregunta
When you enable port security on an interface that is also configured with a voice VLAN, what is the maximum
number of secure MAC addresses that should be set on the port?
Respuesta
-
No more than one secure MAC address should be set.
-
The default is set.
-
The IP phone should use a dedicated port, therefore only one MAC address is needed per port.
-
No value is needed if the switchport priority extend command is configured.
-
No more than two secure MAC addresses should be set.
Pregunta 79
Pregunta
Refer to the exhibit.
From the configuration shown, what can be determined?
Respuesta
-
The sticky addresses are only those manually configured MAC addresses enabled with the sticky keyword.
-
The remaining secure MAC addresses are learned dynamically, converted to sticky secure MAC
addresses, and added to the running configuration.
-
A voice VLAN is configured in this example, so port security should be set for a maximum of 2.
-
A security violation restricts the number of addresses to a maximum of 10 addresses per access VLAN and
voice VLAN. The port is shut down if more than 10 devices per VLAN attempt to access the port.
Pregunta 80
Pregunta
By itself, what does the command aaa new-model enable?
Respuesta
-
It globally enables AAA on the switch, with default lists applied to the VTYs.
-
Nothing; you must also specify which protocol (RADIUS or TACACS) will be used for AAA.
-
It enables AAA on all dot1x ports.
-
Nothing; you must also specify where (console, TTY, VTY, dot1x) AAA is being applied.
Pregunta 81
Pregunta
What is needed to verify that a newly implemented security solution is performing as expected?
Respuesta
-
a detailed physical and logical topology
-
a cost analysis of the implemented solution
-
detailed logs from the AAA and SNMP servers
-
results from audit testing of the implemented solution
Pregunta 82
Pregunta
When configuring port security on a Cisco Catalyst switch port, what is the default action taken by the switch if
a violation occurs?
Respuesta
-
protect (drop packets with unknown source addresses)
-
restrict (increment SecurityViolation counter)
-
shut down (access or trunk port)
-
transition (the access port to a trunking port)
Pregunta 83
Pregunta
Refer to the exhibit.
What happens when one more user is connected to interface FastEthernet 5/1?
Respuesta
-
All secure addresses age out and are removed from the secure address list. The security violation counter
increments.
-
The first address learned on the port is removed from the secure address list and is replaced with the new
address.
-
The interface is placed into the error-disabled state immediately, and an SNMP trap notification is sent.
-
The packets with the new source addresses are dropped until a sufficient number of secure MAC
addresses are removed from the secure address list.
Pregunta 84
Pregunta
Refer to the exhibit.
What happens to traffic within VLAN 14 with a source address of 172.16.10.5?
Respuesta
-
The traffic is forwarded to the TCAM for further processing.
-
The traffic is forwarded to the router processor for further processing.
-
The traffic is dropped
-
The traffic is forwarded without further processing
Pregunta 85
Pregunta
What does the global configuration command ip arp inspection vlan 10-12, 15 accomplish?
Respuesta
-
validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15
-
intercepts all ARP requests and responses on trusted ports
-
intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings
-
discards ARP packets with invalid IP-to-MAC address bindings on trusted ports
Pregunta 86
Pregunta
The DAI feature has been implemented in the ACME switched LAN. Which three statements are true about the
dynamic ARP inspection (DAI) feature? (Select three)
Respuesta
-
DAI can be performed on ingress ports only.
-
DAI can be performed on both ingress and egress ports.
-
DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.
-
DAI should be enabled on the root switch for particular VLANs only in order to secure the ARP caches of
hosts in the domain.
-
DAI should be configured on all access switch ports as untrusted and on all switch ports connected to other
switches as trusted.
-
DAI is supported on access and trunk ports only.
Pregunta 87
Pregunta
You are implementing basic switch security best practices.
Which of these is a tactic that you can use to mitigate compromises from being launched through the switch?
Respuesta
-
Make all ports private VLAN ports.
-
Place all unused ports in native VLAN 1 until needed.
-
Proactively configure unused switch ports as access ports.
-
Disable Cisco Discovery Protocol globally.
Pregunta 88
Pregunta
Which three statements apply to access control of both bridged and routed traffic for VLANs? (Choose three.)
Respuesta
-
Router ACLs can be applied to the input and output directions of a VLAN interface.
-
Bridged ACLs can be applied to the input and output directions of a VLAN interface.
-
Only router ACLs can be applied to a VLAN interface.
-
VLAN maps can be applied to a VLAN interface.
-
VLAN maps and router ACLs can be used in combination.
Pregunta 89
Pregunta
Refer to the exhibit. Which statement is true about the show running-config output?
Respuesta
-
Sw2 is configured for switch-based authentication using RADIUS.
-
Interface FastEthernet0/6 is configured with a SmartPort macro using RADIUS.
-
Interface FastEthernet0/6 is configured for 802.1X Authenticated Trunking Protocol (ATP).
-
Interface FastEthernet0/6 is configured for port-based traffic control.
-
Interface FastEthernet0/6 is configured for port-based authentication.
Pregunta 90
Pregunta
Refer to the exhibit.
The show port-security interface fa0/1 command was issued on switch SW1. Given the output that was
generated,which two security statement are true? (Choose two.)
Respuesta
-
Interface FastEthernet 0/1 was configured with the switchport port-security aging command.
-
Interface FastEthernet 0/1 was configured with the switchport port-security protect command.
-
Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command.
-
When the number of secure IP addresses reaches 10, the interface will immediately shut down.
-
When the number of secure MAC addresses reaches 10, packets from unknown MAC addresses will be
dropped.
Pregunta 91
Pregunta
What is a characteristic of a VLAN map that does not contain a match clause?
Respuesta
-
implicit deny feature at end of list
-
implicit forward feature at end of list
-
can only be implemented by the input direction within the VLAN
-
can only be implemented by the output direction within the VLAN
Pregunta 92
Pregunta
Which three items are types of PVLAN ports? (Choose three.)
Respuesta
-
community
-
dedicated
-
desireable
-
isolated
-
native
-
promiscuous
Pregunta 93
Pregunta
Which optional feature of an Ethernet switch disables a port on a point-to-point link if the port does not receive
traffic while Layer 1 status is up?
Respuesta
-
BackboneFast
-
UplinkFast
-
Loop Guard
-
UDLD aggressive mode
-
Fast Link Pulse bursts
-
Link Control Word
Pregunta 94
Pregunta
When configuring private VLANs, which configuration task must you do first?
Respuesta
-
Configure the private VLAN port parameters.
-
Configure and map the secondary VLAN to the primary VLAN.
-
Disable IGMP snooping.
-
Set the VTP mode to transparent.
Pregunta 95
Pregunta
Which statement about the configuration and application of port access control lists is true?
Respuesta
-
PACLs can be applied in the inbound or outbound direction of a Layer 2 physical interface.
-
At Layer 2, a MAC address PACL takes precedence over any existing Layer 3 PACL.
-
When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk port.
-
PACLs are not supported on EtherChannel interfaces.
Pregunta 96
Pregunta
Refer to the exhibit.
Which statement about the command output is true?
Respuesta
-
If the number of devices attempting to access the port exceeds 11, the port shuts down for 20 minutes, as
configured.
-
The port has security enabled and has shut down due to a security violation.
-
The port is operational and has reached its configured maximum allowed number of MAC addresses.
-
The port allows access for 11 MAC addresses in addition to the three configured MAC addresses.
Pregunta 97
Pregunta
Refer to the exhibit.
Which statement is true?
Respuesta
-
IP traffic matching access list ABC is forwarded through VLANs 5-10.
-
IP traffic matching VLAN list 5-10 is forwarded, and all other traffic is dropped.
-
All VLAN traffic matching VLAN list 5-10 is forwarded, and all traffic matching access list ABC is dropped.
-
All VLAN traffic in VLANs 5-10 that match access list ABC is forwarded, and all other traffic is dropped.
Pregunta 98
Pregunta
Refer to the exhibit.
What can be concluded about VLANs 200 and 202?
Respuesta
-
VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in
the same VLAN. VLAN 200 carries traffic between community ports and to promiscuous ports.
-
VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in
the same VLAN. VLAN 200 carries traffic from isolated ports to a promiscuous port.
-
VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in
the same VLAN. VLAN 202 carries traffic between community ports and to promiscuous ports.
-
VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in
the same VLAN. VLAN 202 carries traffic from isolated ports to a promiscuous port.
Pregunta 99
Pregunta
A switch has been configured with PVLANs. With what type of PVLAN port should the default gateway be
configured?
Respuesta
-
isolated
-
promiscuous
-
community
-
primary
-
trunk
Pregunta 100
Pregunta
Refer to the exhibit.
Which statement about the private VLAN configuration is true?
Respuesta
-
Only VLAN 503 will be the community PVLAN, because multiple community PVLANs are not allowed.
-
Users of VLANs 501 and 503 will be able to communicate.
-
VLAN 502 is a secondary VLAN.
-
VLAN 502 will be a standalone VLAN, because it is not associated with any other VLANs.
Pregunta 101
Pregunta
Which Cisco IOS command globally enables port-based authentication on a switch?
Respuesta
-
aaa port-auth enable
-
radius port-control enable
-
dot1x system-auth-control
-
switchport aaa-control enable
Pregunta 102
Pregunta
Private VLANS can be configured as which three of these port types? (Choose three.)
Respuesta
-
isolated
-
protected
-
private
-
associated
-
promiscuous
-
community
Pregunta 103
Pregunta
What is the method used to filter traffic being bridged within a VLAN?
Respuesta
-
Ethernet maps
-
router ACLs
-
VLAN maps
-
IP ACLs
Pregunta 104
Pregunta
Which statement about when standard access control lists are applied to an interface to control inbound or
outbound traffic is true?
Respuesta
-
The best match of the ACL entries is used for granularity of control.
-
They use source IP information for matching operations.
-
They use source and destination IP information for matching operations.
-
They use source IP information along with protocol-type information for finer granularity of control.
Pregunta 105
Pregunta
Refer to the exhibit.
Which two statements about this Layer 3 security configuration example are true? (Choose two.)
Respuesta
-
Static IP source binding can be configured only on a routed port.
-
Source IP and MAC filtering on VLANs 10 and 11 will occur.
-
DHCP snooping will be enabled automatically on the access VLANs.
-
IP Source Guard is enabled.
-
The switch will drop the configured MAC and IP address source bindings and forward all other traffic.
Pregunta 106
Pregunta
A network administrator wants to configure 802.1x port-based authentication, however, the client workstation is
not 802.1x compliant.What is the only supported authentication server that can be used?
Pregunta 107
Pregunta
Which statement about 802.1x port-based authentication is true?
Respuesta
-
Hosts are required to have an 802.1x authentication client or utilize PPPoE.
-
Before transmitting data, an 802.1x host must determine the authorization state of the switch.
-
RADIUS is the only supported authentication server type.
-
If a host initiates the authentication process and does not receive a response, it assumes it is not
authorized.
Pregunta 108
Pregunta
In the use of 802.1X access control, which three protocols are allowed through the switch port before
authentication takes place? Select three.
Pregunta 109
Pregunta
Which two characteristics apply to Cisco Catalyst 6500 Series Switch supervisor redundancy using NSF?
(Choose two.)
Respuesta
-
supported by RIPv2, OSPF, IS-IS, and EIGRP
-
uses the FIB table
-
supports IPv4 and IPv6 multicast
-
prevents route flapping
-
independent of SSO
-
NSF combined with SSO enables supervisor engine load balancing
Pregunta 110
Pregunta
Which statement best describes implementing a Layer 3 EtherChannel?
Respuesta
-
EtherChannel is a Layer 2 feature and not a Layer 3 feature.
-
Implementation requires switchport mode trunk and matching parameters between switches.
-
Implementation requires disabling switchport mode.
-
A Layer 3 address is assigned to the physical interface.
Pregunta 111
Pregunta
Refer to the exhibit.
You have configured an interface to be an SVI for Layer 3 routing capabilities. Assuming that all VLANs have been correctly configured, what can be determined?
Respuesta
-
Interface gigabitethernet0/2 will be excluded from Layer 2 switching and enabled for Layer 3 routing.
-
The command switchport autostate exclude should be entered in global configuration mode, not
subinterface mode, to enable a Layer 2 port to be configured for Layer 3 routing.
-
The configured port is excluded in the calculation of the status of the SVI.
-
The interface is missing IP configuration parameters; therefore, it will only function at Layer 2.
Pregunta 112
Pregunta
Refer to the exhibit.
Which statement is true?
Respuesta
-
Cisco Express Forwarding load balancing has been disabled.
-
SVI VLAN 30 connects directly to the 10.1.30.0/24 network due to a valid glean adjacency.
-
VLAN 30 is not operational because no packet or byte counts are indicated.
-
The IP Cisco Express Forwarding configuration is capable of supporting IPv6.
Pregunta 113
Pregunta
Refer to exhibit as:
Which statement about the EIGRP routing being performed by the switch is true?
Respuesta
-
The EIGRP neighbor table contains 20 neighbors.
-
EIGRP is running normally and receiving IPv4 routing updates.
-
EIGRP status cannot be determined. The command show ip eigrp topology would determine the routing
protocol status.
-
The switch has not established any neighbor relationships.
Further network testing and troubleshooting must be performed to determine the cause of the problem.
Pregunta 114
Pregunta
You have configured a Cisco Catalyst switch to perform Layer 3 routing via an SVI and you have assigned that
interface to VLAN 20.
To check the status of the SVI, you issue the show interfaces vlan 20 command at the CLI prompt.
You see from the output display that the interface is in an up/up state.
What must be true in an SVI configuration to bring the VLAN and line protocol up?
Respuesta
-
The port must be physically connected to another Layer 3 device.
-
At least one port in VLAN 20 must be active.
-
The Layer 3 routing protocol must be operational and receiving routing updates from neighboring peer
devices.
-
Because this is a virtual interface, the operational status is always in an "up/up" state.
Pregunta 115
Pregunta
Refer to the exhibit, which is from a Cisco Catalyst 3560 Series Switch.
Which statement about the Layer 3 routing functionality of the interface is true?
Respuesta
-
The interface is configured correctly for Layer 3 routing capabilities.
-
The interface needs an additional configuration entry to enable IP routing protocols.
-
Since the interface is connected to a host device, the spanning-tree portfast command must be added to
the interface.
-
An SVI interface is needed to enable IP routing for network 192.20.135.0.
Pregunta 116
Pregunta
Refer to the exhibit.
Host A and Host B are connected to the Cisco Catalyst 3550 switch and have been assigned to their
respective VLANs.
The rest of the 3550 configuration is the default configuration.
Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B.
Respuesta
-
HSRP must be configured on SW1.
-
A separate router is needed to support inter-VLAN routing.
-
Interface VLAN 10 must be configured on the SW1 switch.
-
The global configuration command ip routing must be configured on the SW1 switch.
-
VLANs 10 and 15 must be created in the VLAN database mode.
-
VTP must be configured to support inter-VLAN routing.
Pregunta 117
Pregunta
Which three statements about routed ports on a multilayer switch are true? (Choose three.)
Respuesta
-
A routed port can support VLAN subinterfaces.
-
A routed port takes an IP address assignment.
-
A routed port can be configured with routing protocols.
-
A routed port is a virtual interface on the multilayer switch.
-
A routed port is associated only with one VLAN.
-
A routed port is a physical interface on the multilayer switch.
Pregunta 118
Pregunta
Which two steps are necessary to configure inter-VLAN routing between multilayer switches? (Choose two.)
Respuesta
-
Configure a dynamic routing protocol.
-
Configure SVI interfaces with IP addresses and subnet masks.
-
Configure access ports with network addresses.
-
Configure switch ports with the autostate exclude command.
-
Document the MAC addresses of the switch ports.
Pregunta 119
Pregunta
When configuring a routed port on a Cisco multilayer switch, which configuration task is needed to enable that
port to function as a routed port?
Respuesta
-
Enable the switch to participate in routing updates from external devices with the router command in global
configuration mode.
-
Enter the no switchport command to disable Layer 2 functionality at the interface level.
-
Each port participating in routing of Layer 3 packets must have an IP routing protocol assigned on a perinterface
level.
-
Routing is enabled by default on a multilayer switch, so the port can become a Layer 3 routing interface by
assigning the appropriate IP address and subnet information.
Pregunta 120
Pregunta
A standalone wireless AP solution is being installed into the campus infrastructure. The access points appear
to boot correctly, but wireless clients are not obtaining correct access. You verify that this is the local switch
configuration connected to the access point:
interface ethernet 0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
mls qos trust dscp
What is the most likely cause of the problem?
Respuesta
-
QoS trust should not be configured on a port attached to a standalone AP.
-
QoS trust for switchport mode access should be defined as "cos".
-
switchport mode should be defined as "trunk" with respective QoS.
-
switchport access vlan should be defined as "1".
Pregunta 121
Pregunta
During the implementation of a voice solution, which two required items are configured at an access layer
switch that will be connected to an IP phone to provide VoIP communication? (Choose two.)
Pregunta 122
Pregunta
Which two statements best describe Cisco IOS IP SLA? (Choose two.)
Respuesta
-
only implemented between Cisco source and destination-capable devices
-
statistics provided by syslog, CLI, and SNMP
-
measures delay, jitter, packet loss, and voice quality
-
only monitors VoIP traffic flows
-
provides active monitoring
Pregunta 123
Pregunta
Which two items best describe a Cisco IOS IP SLA responder? (Choose two.)
Respuesta
-
required at the destination to implement Cisco IOS IP SLA services
-
improves measurement accuracy
-
required for VoIP jitter measurements
-
provides security on Cisco IOS IP SLA messages via LEAP or EAP-FAST authentication
-
responds to one Cisco IOS IP SLA operation per port
-
stores the resulting test statistics
Pregunta 124
Pregunta
What does the interface subcommand switchport voice vlan 222 indicate?
Respuesta
-
The port is configured for both data and voice traffic.
-
The port is fully dedicated to forwarding voice traffic.
-
The port operates as an FXS telephony port.
-
Voice traffic is directed to VLAN 222.
Pregunta 125
Pregunta
A campus infrastructure supports wireless clients via Cisco Aironet AG Series 1230, 1240, and 1250 access
points. With DNS and DHCP configured, the 1230 and 1240 access points appear to boot and operate
normally. However, the 1250 access points do not seem to operate correctly.
What is the most likely cause of this problem?
Pregunta 126
Pregunta
A network is deployed using recommended practices of the enterprise campus network model, including users
with desktop computers connected via IP phones. Given that all components are QoS-capable, where are the
two optimal locations for trust boundaries to be configured by the network administrator? (Choose two.)
Pregunta 127
Pregunta
Refer to the exhibit.
Assume that Switch_A is active for the standby group and the standby device has only the default HSRP configuration. Which statement is true?
Respuesta
-
If port Fa1/1 on Switch_A goes down, the standby device takes over as active.
-
If the current standby device had the higher priority value, it would take over the role of active for the HSRP
-
If port Fa1/1 on Switch_A goes down, the new priority value for the switch would be 190.
-
If Switch_A had the highest priority number, it would not take over as active router.
Pregunta 128
Pregunta
Refer to the exhibit.
GLBP has been configured on the network. When the interface serial0/0/1 on router R1 goes down, how is the traffic coming from Host1 handled?
Respuesta
-
The traffic coming from Host1 and Host2 is forwarded through router R2 with no disruption.
-
The traffic coming from Host2 is forwarded through router R2 with no disruption. Host1 sends an ARP
request to resolve the MAC address for the new virtual gateway.
-
The traffic coming from both hosts is temporarily interrupted while the switchover to make R2 active occurs.
-
The traffic coming from Host2 is forwarded through router R2 with no disruption. The traffic from Host1 is dropped due to the disruption of the load balancing feature configured for the GLBP group.
Pregunta 129
Pregunta
Refer to the exhibit and the partial configuration on routers R1 and R2.
HSRP is configured on the network to provide network redundancy for the IP traffic. The network administrator noticed that R2 does not become active when the R1 serial0 interface goes down. What should be changed in the configuration to fix the problem?
Respuesta
-
R2 should be configured with an HSRP virtual address.
-
R2 should be configured with a standby priority of 100.
-
The Serial0 interface on router R2 should be configured with a decrement value of 20.
-
the Serial0 interface on router R1 should be configured with a decrement value of 20.
Pregunta 130
Pregunta
The following command was issued on a router that is being configured as the active HSRP router.
standby ip 10.2.1.1
Which statement about this command is true?
Respuesta
-
This command will not work because the HSRP group information is missing.
-
The HSRP MAC address will be 0000.0c07.ac00.
-
The HSRP MAC address will be 0000.0c07.ac01.
-
The HSRP MAC address will be 0000.070c.ac11.
-
This command will not work because the active parameter is missing.
Pregunta 131
Pregunta
Refer to the exhibit.
Three switches are configured for HSRP.
Switch1 remains in the HSRP listen state. What is the most likely cause of this status?
Exhibit:
Respuesta
-
This is normal operation.
-
The standby group number does not match the VLAN number.
-
IP addressing is incorrect.
-
Priority commands are incorrect.
-
Standby timers are incorrect.
Pregunta 132
Pregunta
Three Cisco Catalyst switches have been configured with a first-hop redundancy protocol. While reviewing some show commands, debug output, and the syslog, you discover the following information:
What conclusion can you infer from this information?
Respuesta
-
VRRP is initializing and operating correctly.
-
HSRP is initializing and operating correctly.
-
GLBP is initializing and operating correctly.
-
VRRP is not exchanging three hello messages properly.
-
HSRP is not exchanging three hello messages properly.
-
GLBP is not exchanging three hello messages properly.