Professional Documents
Culture Documents
Which two types of devices from the list would be appropriate to use at the access layer to provide end-user connectivity? (Choose two.)
What two traffic types must be included when calculating the bandwidth requirements to support a voice stream in an IP telephony network? (Choose two.)
voice queues
routing updates
What are the responsibilities of devices that are located at the core layer of the hierarchical design model? (Choose two.)
packet manipulation
A network designer must provide a rationale to a customer for a design that will move an enterprise from a flat network topology to a hierarchical network topology. Which two
features of the hierarchical design make it the better choice? (Choose two.)
reduced cost
scalability
During an evaluation of the currently installed network, the IT staff performs a gap analysis to determine whether the existi ng network infrastructure can support certain new
features. At which stage of the Cisco Lifecycle Services approach does this activity occur?
prepare phase
plan phase
design phase
implement phase
operate phase
optimize phase
Which phase of the Cisco Lifecycle Services strategy may prompt a network redesign if too many network problems and errors arise in the network?
prepare
plan
design
implement
operate
optimize
Which portion of the enterprise network provides access to network communication services for the end users and devices that are spread over a single geographic location?
enterprise edge
campus module
WAN module
Internet edge
data center
Catalyst 6500
Catalyst 2000
Nexus 7000
Catalyst 4500
What type of specialized memory is used to facilitate high performance switching in Cisco multilayer switches?
Which Catalyst 6500 switch component integrates on individual line modules as well as on the supervisor engine?
CPU
Flash
ASIC
NVRAM
Which family of Cisco switches supports Fibre Channel over Ethernet (FCoE)?
Catalyst 4948G
Catalyst 4500
Catalyst 6500
Nexus 5000
Catalyst 4500
Catalyst 6500
Nexus 5000
Nexus 7000
use of ASICs
QoS marking
It provides an enterprise-wide system network architecture that helps protect, optimize, and grow the network infrastructure that supports the business processes of a
company.
It provides services and functionality to the core layer by grouping various components into a single component that is located in the access layer.
It reduces overall network traffic by grouping server farms, the management server, corporate intranet, and e-commerce routers in the same la
access control
software-based forwarding
Parallel eXpress Forwarding (PXF)
A user needs to access a file server that is located in another department. Which layer of the Cisco Hierarchical Network Model will process the traffic first?
access
core
distribution
control
Refer to the exhibit. Which option correctly describes the function of a switch that is configured in VTP transparent mode?
option 1
option 2
option 3
option 4
option 5
Refer to the exhibit. How should SW2 be configured in order to participate in the same VTP domain and populate the VLAN infor mation across the domain?
Switch SW2 should be configured as a VTP client.
Switch SW2 should be configured as a VTP server with a higher revision number
A network administrator is tasked with protecting a server farm by implementing private VLANs (PVLANs). A server is only allowed to communicate with its default gateway
and other related servers. Which type of PVLAN should be configured on the switch ports that connect to the servers?
isolated
promiscuous
secondary VLAN
community
Refer to the exhibit. During the network upgrade process, a network administrator included switch SW2 in the network. Immedia tely afterward, the users on VLAN10 who were
connected to SW10 lost connectivity to the network. Based on the show vtp status command outputs that are provided, what could be done to remedy the problem?
Configure switch SW2 with the same VTP domain name that SW1 has
Refer to the exhibit. Switch SW2 was tested in a lab environment and later inserted into the production network. Before a trunk link has been connected between the two
switches SW1 and SW2, a network administrator issued the show vtp status command as displayed in the exhibit. Immediately after the switches were interconnected, all
users lost connectivity to the network. What could be the possible reason for the problem?
The switches can exchange VTP information only through an access link.
Switch SW2 receives more VLANs from switch SW1 than can be supported.
Switch SW2 has the pruning eligible parameter enabled, which causes pruning of all VLANs from the trunk port.
Switch SW2 has a higher VTP server revision number, which causes deletion of the VLAN information in the VTP domain
Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers do not have to communicate with
each other although they are located on the same subnet. Both servers need to communicate with the data server that is locate d on the inside network. Which configuration
will isolate the servers from inside attacks?
Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN promiscuous ports.
Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN community ports.
Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports Fa3/34 and Fa3/35 will be defined as pr imary VLAN promiscuous ports.
Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN community ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous ports
Refer to the exhibit. The DNS servers DNS1 and DNS2 are redundant copies so they need to communicate with each other and to the Internet. The web server and the SMTP
server need to communicate with the Internet, but for security purposes the web and the SMTP servers should not be reachable from the DNS servers. What private VLAN
design should be implemented?
All servers should be configured in separate isolated VLANs. All isolated VLANs should be in the same primary VLAN.
All servers should be configured in separate community VLANs. All community VLANs should be in the same primary VLAN.
The DNS1 and DNS2 servers should be configured in a community VLAN. The web and SMTP servers should be configured in an isolated VLAN. Both the community
and isolated VLANs should be part of the primary VLAN.
The DNS1 and DNS2 servers should be configured in an isolated VLAN. The web and SMTP servers should be configured in a community VLAN. Both the community
and isolated VLANs should be in the same primary VLAN
When configuring an EtherChannel, given that one end of the link is configured with PAgP mode desirable, which PAgP modes can be configured on the opposite end of the
link in order to form an active channel? (Choose two.)
off
on
desirable
auto
Which three effects does the interface command switchport host have when entered on a switch? (Choose three.)
A switch port can become an access port through static or dynamic configuration.
An access port should have the 802.1q encapsulation associated with it.
An access port created with the switchport mode access command will send DTP frames by default.
An access port is created with the switchport mode access command and then associated with a VLAN with the switchport access vlan command.
The VLAN that the access port is assigned to will be automatically deleted if it does not exist in the VLAN database of the s witch
Refer to the exhibit. A network administrator is unable to ping between two workstations, PC1 and PC2, that are connected to switch3548. PC1 is connected to port Fa0/19,
and PC2 is connected to port Gi0/2. Given the output of the show vlan command, which statement is true?
encapsulation mismatch
MTU mismatch
VTP mismatch
DTP mismatch
Refer to the exhibit. Both SW1 and SW2 are configured with the PAgP desirable mode. Which statement is true?
Both switches will initiate channeling negotiation and will not be able to form a channel.
Both switches will initiate channeling negotiation and will form a channel between them.
Neither switch will initiate channeling negotiation and will not be able to form a channel between them.
Neither switch will initiate channeling negotiation but will form a channel between them
Refer to the exhibit. Given the configuration information of the CAT1 and CAT2 switches, which statement is true?
Because the port-channel numbers do not match, LACP will not form a channel between the switc hes.
Because the channel-group commands on SW2 should be set to "on," LACP will not form a channel between the switches.
Which two items are benefits of implementing local VLANs within the Enterprise Architecture? (Choose two.)
A single VLAN can extend further than its associated distribution-layer switch.
High availability is made possible because local VLAN traffic on access switches can now be passed directly to the core switc hes across an alternate Layer 3 path.
Layer 3 routing between VLANs can now be applied at the access layer.
Which two statements describe Cisco best practices for VLAN design? (Choose two.)
Local VLANs should extend no further than the local core router.
Local VLANs should extend no further than the local distribution layer switch.
Local VLANs eliminate the need for redundant access to distribution layer links.
Which two statements are true about the 802.1Q trunking protocol? (Choose two.)
Untagged frames will be placed in the configured native VLAN of a port.
The native VLAN interface configurations must match at both ends of the link or frames could be dropped
In the context of the Enterprise Composite Architecture, which statement is true about best-practice design of local VLANs?
Local VLAN is a feature that has only local significance to the switch.
Local VLANs should be created based upon the job function of the end user.
Refer to the exhibit. Which two statements are true about the switch CAT2? (Choose two.)
Six VLANs were either manually configured on the switch or learned via VTP.
One switch in a Layer 2 switched spanning-tree domain is converted to PVRST+ using the spanning-tree mode rapid-pvst global configuration mode command. The
remaining switches are running PVST+. What is the effect on the spanning-tree operation?
The PVRST+ switch forwards 802.1D BPDUs, but does not participate as a node in any spanning tree.
All switches default to one 802.1D spanning tree for all VLANs.
IEEE 802.1D
IEEE 802.w
IEEE 802.1s
PVRST+
The forward delay timer has been changed from the default value.
4094
4064
4062
4061
Refer to the exhibit. What two conclusions does the output show to be true? (Choose two.)
Interface Fa0/12 will move into the errdisable state if a BPDU is received.
Which three parameters should match all switches within an MST region? (Choose three.)
configuration name
revision number
trunk encapsulation method
bridge priority
VLAN-to-instance mappings
Users complain that they lost connectivity to all resources in the network. A network administrator suspects the presence of a bridging loop as a root cause of the problem.
Which two actions will determine the existence of the bridging loop? (Choose two.)
Check the port utilization on devices and look for abnormal values.
Verify that the management VLAN is properly configured on all root bridges.
Capture the traffic on the saturated link and verify if duplicate packets are seen.
Ensure that the root guard and loop guard are properly configured on all distribution links
Refer to the exhibit. Switch SW1 is receiving traffic from SW2. However, SW2 is not receiving traffic from SW1. Which STP feature should be implemented to prevent
inadvertent loops in the network?
UDLD
PortFast
BPDU guard
BPDU filtering
root ports
designated ports
What will happen when a BPDU is received on a loop guard port that is in a loop-inconsistent state?
The port will be disabled and the administrator must re-enable it manually.
The port will transition to the appropriate state as determined by the normal function of the spanning tree
Refer to the exhibit. STP is enabled on all switches in the network. The port on switch A that connects to switch B is half duplex. The port on switch B that connects to switch A
is full duplex. What are three problems that this scenario could create? (Choose three.)
Switch A is performing carrier sense and collision detection, and switc h B is not.
Autonegotiation results in both switch A and switch B failing to perform carrier sense.
BPDUs may not successfully negotiate port states on the link between switch A and switch B.
Spanning tree will keep re-calculating, thereby consuming all the CPU normally used for traffic
Refer to the exhibit. STP is configured on all switches in the network. Recently, the user on workstation A lost connectivity to the rest of the network. At the same time, the
administrator received the console message:
The STP PortFast BPDU Guard feature has disabled port 2/1 on the switch
What are three important steps in troubleshooting STP problems? (Choose three.)
Administratively create bridge loops and see what path the traffic takes.
Adjust BPDU timers so that there is less overhead traffic on the switching fabric.
Administratively disable ports that should be blocking and check to see if connectivity is restored.
Capture traffic on a saturated link and check whether identical frames are traversing multiple links
It is automatically enabled.
It allows devices to transmit traffic one way.
It allows a switch to detect a unidirectional link and shut down the affected interface
Which two statements are true about STP root guard? (Choose two.)
Root guard re-enables a switch port once it stops receiving superior BPDUs.
Root guard should be configured on all ports on the desired root bridge to prevent another bridge from becoming the root.
If a root guard enabled port receives a inferior BPDU from a nonroot switch, the port transitions to the blocking state to pr event a root bridge election
What happens when a switch running IEEE 802.1D receives a topology change message from the root bridge?
The switch uses the forward delay timer to age out entries in the MAC address table.
The switch uses the max-age timer to age out entries in the MAC address table.
The switch uses the hello to age out entries in the MAC address table.
The switch uses the forward delay and the max-age timer to age out entries in the MAC address table
Which STP timer defines the length of time spent in the listening and learning states?
hello time
forward aging
forward delay
max age
max delay
An RSTP BPDU carries information about port roles and is sent to neighbor switches only.
RSTP is capable of reverting back to 802.1D but still maintains the benefits of 802.1w.
There are only three RSTP port states: discarding, listening, and forwarding.
Which protocol extends the IEEE 802.1w Rapid Spanning Tree (RST) algorithm to multiple spanning trees?
STP
RSTP+
CST
MST
Which protocol should an administrator recommend to manage bridged links when the customer requires a fully redundant network that can utilize load balancing technologies
and reconverge on link failures in less than a second?
IEEE 802.1Q (CST)
Cisco PVST+
IEEE 802.1D(STP)
client sends a request for an IP address to a DHCP server. Which DHCP message to the client will provide the configuration pa rameters that include an IP address, a domain
name, and a lease for the IP address?
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
DHCPACK
A DHCPREQUEST message has been sent from the client to the DHCP server. What information is included in the message?
denial message to reject the first offer from the DHCP server
Refer to the exhibit. Based on the debug ip dhcp server packet output, which statement is true?
The client sends a DHCPDISCOVER that contains IP address 10.1.10.21 to the DHCP server.
The client sends a DHCPREQUEST that contains IP address 10.1.10.21 to the DHCP server.
The client sends the BOOTREPLY broadcast message to inquire for a new IP address.
The client accepts the offer from the DHCP server for the 10.1.10.21 IP address
What is an advantage to using a trunk link to connect a switch to an external router that is providing inter-VLAN routing?
lowers latency
Two static routes should be configured on the router, each pointing to each subnet.
The Fa0/0 interface should be configured with a primary IP address of 10.10.5.1/24 and a secondary IP address of 10.10.10.1/24.
Refer to the exhibit. The router has been properly configured for the trunking interface. Which statement is true about the routing table on the router?
It will show a next hop address of the switch for both VLANs.
Because the switch is not configured properly to trunk VLAN 1 and VLAN 2, the routing table of the router will not show routes to either VLAN .
Because the switch port fa0/1 is in access mode, the routing table of the router will not show any routes
Refer to the exhibit. Which statement is true regarding the diagram and show ip route command output?
Because no routing protocol has been configured, the router will not forward packets between workstations.
The default gateway for hosts on VLAN 10 should be the Fa0/0 IP address of the router.
The default gateway for hosts on VLAN 10 should be the Fa0/0.1 IP address of the router.
The default gateway for hosts on VLAN 10 should be the Fa0/0.2 IP address of the router.
Because their packets are being trunked, hosts on VLAN 10 do not need a default gateway
Which two statements are true about routed ports on a multilayer switch? (Choose two.)
A routed port behaves like a regular router interface and supports VLAN subinterfaces.
To create a routed port requires removal of Layer 2 port functionality with the no switchport interface configuration command.
The interface vlan global configuration command is used to create a routed port
Which two statements are true about switched virtual interfaces (SVI) on a multilayer switch? (Choose two.)
An SVI behaves like a regular router interface but does not support VLAN subinterfaces.
To create an SVI requires removal of Layer 2 port functionality with the no switchport interface configuration command
Which three statements about a routed switch interface are true? (Choose three.)
A routed switch port is a physical device that is associated with several VLANs.
A routed switch port is created by configuring a Layer 2 port with the no switchport interface configuration command and assigning an IP address.
A routed switch port is created by entering VLAN interface configuration mode and assigning an IP address.
A routed switch port is a virtual Layer 3 interface that can be configured for any VLAN that exists on a Layer 3 switch.
A routed switch port provides an interface that may provide a Layer 3 connection to a next-hop router.
A routed switch port can serve as a default gateway for devices
Refer to the exhibit and the partial configuration taken on routers RTA and RTB. All users can ping their gateways, but users on VLAN 5 and VLAN 10 cannot communicate
with the users on VLAN 20. What should be done to solve the problem?
RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces, each with ISL encapsulation.
RTA interface Fa0/1 and RTB Fa0/1 should be configured with three subinterfaces, each with 802.1Q encapsulation
Which statement describes what occurs when a DHCP request is forwarded through a router that has been configured with the ip helper-address command?
The router replaces the source MAC address included in the DHCP request with its own MAC address.
The router replaces the source IP address of the DHCP request with the IP address that is specified with the ip helper-address command.
The router replaces the broadcast destination IP address of the DHCP request with the unicast IP address that is specified wi th the ip helper-address command.
The router replaces the unicast destination IP address of the DHCP request with the unicast IP address that is specified with the ip helper-address command
A client computer is set up for DHCP and needs an IP configuration. During the DHCP client configuration process, which respo nse will enable the client to begin using the
assigned address immediately?
DHCPACK
DHCPREQUEST
DHCPOFFER
DHCPDISCOVER
Refer to the exhibit. What additional configuration is required for host A to receive IP configuration from the DHCP server?
The ip forward-protocol 37 global configuration command is required to forward DNS requests to IP address 10.1.2.10.
The ip forward-protocol 67 global configuration command is required to forward DHCP requests to IP address 10.1.2.10.
The ip forward-protocol 69 global configuration command is required to forward TFTP requests to IP address 10.1.2.10
Which three events will cause the Forwarding Information Base (FIB) table to be updated? (Choose three.)
An ARP entry for the destination next hop changes, ages out, or is removed.
The FIB table is cleared with the clear fib adjacency * command.
packets that are switched to an outgoing interface with an outbound ACL applied
The adjacency table eliminates the need for the ARP protocol.
After an IP prefix match is made, the process determines the associated Layer 2 header rewrite information from the adjacency table
What is true about TCAM lookups that are associated with CEF switching?
TCAM lookup tables are used only for the Layer 3 forwarding operation.
TCAM lookup tables are used only for the rapid processing of ACLs within CEF
Refer to the exhibit. An administrator wants to ensure that CEF is functioning properly on the switches between hosts A and B. If the administrator wants to verify the CEF FIB
table entry for the route 10.10.5.0/24 on Sw_MLSA, what should the adjacency IP address be?
10.10.10.1
10.10.10.2
10.10.5.1
10.10.5.2
Refer to the exhibit and the show ip cef output. What can be concluded from the output?
The output validates that the CEF FIB entry for 10.10.5.0/24 is correct.
The output shows that packets destined to 10.10.5.0/24 have not been processed by CEF
Refer to the exhibit. What action does the command standby 1 track Serial0/0/0 on router R1 perform?
It links the default gateway virtual address 192.168.21.10 to the IP address 192.168.31.1 on interface Serial0/0/0.
It links the default gateway virtual address 192.168.21.10 to the IP address 192.168.42.2 on interface Serial0/0/0.
It tracks the state of the Fa0/0 interface on R1 and brings down the priority of standby group 1 if the interface goes down.
It tracks the state of the Serial0/0/0 interface on R1 and brings down the priority of standby group 1 if the interface goes down
Refer to the exhibit. What statement is true about the output of the show standby command?
This router is in the HSRP down state because its tracked interfaces are down
Refer to the exhibit. Switch DSw1 is the active virtual gateway (AVG) and DSw2 is an active virtual forwarder (AVF). Based on this information, which two GLBP statements
are true? (Choose two.)
GLBP is a Cisco proprietary protocol and is supported on all Cisco Catalyst and Cisco router platforms.
Switch DSw2 has been configured with the glbp 1 priority 95 command.
When host A sends an ARP message for the gateway IP address, switch DSw1 returns the physical MAC address of switch DSw2
Refer to the exhibit. Based on the provided configuration, which routers are the master and the backup virtual routers for the hosts that are connected to the VRRP group 1?
Router R1 is the master for all hosts, and router R2 is the backup for all hosts in the group.
Router R1 is the master for Host1 and Host2. Router R2 is the master for Host3 and Host4.
Router R1 is the master for Host3 and Host4. Router R2 is the backup for Host3 and Host4.
Because of incorrect configuration of the default gateway on the hosts, none of the routers is the master for the VRRP group
How does Cisco IOS server load balancing (SLB) enhance security of a real server?
The IP address of the real server is not needed with IOS SLB, which relies only on MAC addresses.
The IP address of the real server is translated with Network Address Translation (NAT).
The IP address of the real server is never announced to the external network
How is server IP addressing handled by Cisco IOS server load balancing (SLB) in dispatched mode?
The default gateway address for the subnet is assigned to the virtual server.
The real servers are configured with the virtual server address as loopback addresses or secondary IP addresses.
The virtual server is assigned an IP address unknown to any of the real servers.
The real servers are configured with IP addresses that differ by a power of 2
What three steps will configure Cisco IOS server load balancing (SLB) in a server farm that is in a data center with real servers? (Choose three.)
Enable the real server and define it to be used for the server farm
Refer to the exhibit. Based on the output, how many virtual servers are required?
zero
one
two
three
four
five
Refer to the exhibit. What is the effect of the serverfarm RESTRICTED command?
Which syslog entry has a severity code that indicates the most serious situation?
Mar 17 06:03:21: 10.1.1.1 %SYS-6-BOOTTIME: Time taken to reboot after reload = 551932 seconds
Mar 17 06:42:20: 10.1.1.1 %SYS-5-CONFIG_I: Configured from console by mwmwm on vty0 (192.168.254.5)
Mar 17 06:42:21: 10.1.1.1 %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/3 (not half duplex), with NA-1.30.foo.com FastEthernet0/24
(half duplex).
Mar 17 06:42:22: 10.1.1.1 %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
Mar 17 06:43:02: 10.1.1.1 %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
Refer to the exhibit. From the syslog output, what option is set on the switch sending the messages?
authNoPriv
authPriv
community string
noAuthNoPriv
SNMPv2
Refer to the exhibit. Which feature does a SNMP manager need in order to set a parameter on switch ACSW1?
A Layer 3 link should be installed between the two distribution switches to avoid unexpected traffic paths and multiple convergence events.
The root bridge and HSRP active router should be two different devices.
A Layer 2 access link is required between the two access switches to ensure optimal redundancy.
A third distribution switch should be installed to create redundancy in the event the root bridge fails
Refer to the exhibit. Which statement is true about best practice and the exhibited network design?
The Layer 2 VLAN number should be mapped to the Layer 3 subnet for ease of use and management.
The HSRP active router for VLAN 55 and VLAN 60 should be the same switch.
The uplink between the access switches and the distribution switches should be trunk links
to keep a backup copy of the latest MAC table in the event of RAM failure.
to move switch ports that are currently in blocking mode to forwarding mode with minimal packet loss
When using RPR, what two events can trigger a switchover from the active to the standby Supervisor Engine? (Choose two.)
port failure
Refer to the exhibit. Which IP SLA statement is true?
IP SLA operation 99 had 211 successful replies from the target device.
IP SLA operation 100 had 211 successful replies from the target device
Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two.)
A router in the speak state sends periodic hello messages to all routers in the group to acquire a virtual IP address.
A router in the speak state sends periodic hello messages and actively participates in the election of the active or standby router.
A router in the standby state forwards packets that are sent to the group virtual MAC address.
The router in the standby state is a candidate to become the next active router.
The router that is not the standby or active router will remain in the speak state.
Access switches should have a backup connection to at least one core device
Three distribution switches should be implemented so that the third switch can take the role of active or standby, as necessary
A port can act as the destination port for all SPAN sessions configured on the switch.
A port can be configured to act as a source and destination port for a single SPAN session.
Both Layer 2 and Layer 3 switched ports can be configured as source or destination ports for a single SPAN session.
Port channel interfaces (EtherChannel) can be configured as source and destination ports for a single SPAN session
Refer to the exhibit. Which statement is true about the local SPAN configuration on switch SW1?
The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1.
The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1, but only if port Fa3/1 is configured in VLAN 10.
The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is monitored on port Fa3/1, but only if port Fa3/1 is configured as trunk.
The SPAN session transmits to a device on port Fa3/21 only a copy of unicast traffic that is monitored on port Fa3/1. All multicast and BPDU frames will be excluded
from the monitoring process
Refer to the exhibit. Which statement is true about the VSPAN configuration on switch SW1?
The VSPAN session that is configured on port Fa3/4 can monitor only the ingress traffic for any of the VLANs.
The VSPAN session that is configured on port Fa3/4 can monitor only the egress traffic for any of the VLANs.
Port Fa3/4 must be associated with VLAN 10 or VLAN 20 in order to monitor the traffic for any of the VLANs.
The VSPAN session transmits a copy of the ingress traffic for VLAN 10 and the egress traffic for VLAN 20 out interface Fa3/4
The capture port captures all packets that are received on the port.
The capture port needs to be in the spanning-tree forwarding state for the VLAN
All access ports on a switch are configured with the administrative mode of dynamic auto. An attacker, connected to one of the ports, sends a malicious DTP frame. What is
the intent of the attacker?
VLAN hopping
Refer to the exhibit. A network engineer is securing a network against DHCP spoofing attacks. On all switches, the engineer applied the ip dhcp snooping command and
enabled DHCP snooping on all VLANs with the ip dhcp snooping vlan command. What additional step should be taken to configure the security required on the network?
Issue the ip dhcp snooping trust command on all uplink interfaces on SW1, SW2 and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW2 and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2, and SW3 except interface Fa0/1 on SW1
Which countermeasure can be implemented to determine the validity of an ARP packet, based on the valid MAC-address-to-IP address bindings stored in a DHCP snooping
database?
DHCP spoofing
MAC snooping
How should unused ports on a switch be configured in order to prevent VLAN hopping attacks?
Configure them as access ports and associate them with an unused VLAN
Refer to the exhibit. Given the configuration on the ALSwitch, what is the end result?
forces all hosts that are attached to a port to authenticate before being allowed access to the network
disables 802.1x port-based authentication and causes the port to allow normal traffic without authenticating the client
Refer to the exhibit. Network policy dictates that security functions should be administered using AAA. Which configuration would create a default login authentication list that
uses RADIUS as the first authentication method, the enable password as the second method, and the local database as the final method?
SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius local
SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius enable local
SW-1(config)# aaa new-model
SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius enable local
SW-1(config)# aaa new-model
SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius enable local none
SW-1(config)# aaa new-model
SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group-radius enable local none
Refer to the exhibit. A switch is being configured to support AAA authentication on the console connection. Given the information in the exhibit, which three statements are
correct? (Choose three.)
The authentication login admin line console command is required.
The configuration creates an authentication list that uses a named access list called group as the first authentication method, a TACACS+ server as the second
method, the local username database as the third method, the enable password as the fourth method, and none as the last method.
The configuration creates an authentication list that uses a TACACS+ server as the first authentication method, the local username database as the second method,
the enable password as the third method, and none as the last method.
The none keyword enables any user logging in to successfully authenticate if all other methods return an error.
The none keyword specifies that a user cannot log in if all other methods have failed
Place all unused ports into a common VLAN (not VLAN 1).
What are two purposes for an attacker launching a MAC table flood? (Choose two.)
Refer to the exhibit. After the configuration has been applied to ACSw22, frames that are bound for the node on port FastEthe rnet 0/1 are periodically being dropped. What
should be done to correct the issue?
Add the switchport port-security mac-address sticky command to the interface configuration.
Change the port speed to speed auto with the interface configuration mode.
gathers multilayer information from data flows that pass through the switch
What technology can be used to help mitigate MAC address flooding attacks?
root guard
Private VLANs
DHCP snooping
What advantage for monitoring traffic flows does using VACLs with the capture option offer over using SPAN?
VLAN ACLs can be used to capture traffic to the CPU separate from the traffic that is hardware switched
What Cisco tool can be used to monitor events happening in the switch?
For configuring IP multicast routing, what is the purpose of the global configuration mode command ip pim send-rp-announce 10.1.1.1?
assigns the role of rendezvous point mapping agent to the router with IP address 10.1.1.1
announces the candidacy of the router with IP address 10.1.1.1 as the rendezvous point for all multicast groups
What is the result of the global configuration command ip pim send-rp-discovery Loopback0 scope 3?
The router sends broadcast group-to-RP mapping messages so that other routers can automatically discover the RP.
The routers sends group-to-RP mapping messages to 224.0.1.39 so that other routers can automatically discover the RP.
The router sends group-to-RP mapping messages to 224.0.1.40 so that other routers can automatically discover the RP.
The router advertises itself as the RP by sending messages to the 224.0.1.39 address
224.0.1.1
224.0.1.39
224.0.1.40
224.0.0.40
The bootstrap router (BSR) mechanism of automating the distribution of rendezvous point (RP) information uses which IP address to disseminate information to all protocol
independent multicast (PIM) routers?
224.0.0.13
224.0.1.13
224.1.0.13
224.1.1.13
Refer to the exhibit. Router R6 has sent a join message to router R4 requesting multicast traffic for users in the multicast group 224.1.1.1. How will the multicast traffic that is
sent from the multicast server SRC through the R1-R3-R5 path be handled at router R6?
The multicast traffic will be sent to switch SW1, which will drop the traffic.
The multicast traffic will be forwarded to all users in the multicast group 224.1.1.1.
The multicast traffic will be sent back to the rendezvous point (RP) through the R4-R2-R1 path
Refer to the exhibit. The network has EIGRP configured on all routers and has converged on the routes advertised. PIM sparse mode has been also configured on a ll routers.
The routers between the Source and the rendezvous point (RP) have (S,G) state in the multicast routing table and the routers between the RP and the Receivers have (*,G)
state in their multicast routing tables. After the first multicast packet is received by the Receivers and the switchover takes place, how will the multicast traffic continue to flow
from the Source to the Receivers?
The traffic will flow via source tree from the Source to the Receivers.
The traffic will flow via shared tree from the Source to the RP and via shared tree from the RP to the Receivers.
The traffic will flow via shared tree from the Source to the RP and via source tree from the RP to the Receivers.
The traffic will flow via source tree from the Source to the RP and via shared tree from the RP to the Receivers
Which two statements about Protocol Independent Multicast (PIM) are true? (Choose two.)
PIM should be configured only on the first and the last hop routers in the multicast tree.
PIM should be configured on the device that hosts the source of the muticast traffic.
PIM Sparse Mode is most useful when there are few senders, many receivers, and the volume of multicast traffic is high.
PIM is a multicast routing protocol that makes packet-forwarding decisions independent of the unicast IP routing protocol that is running in the network.
Three of the forwarding modes for PIM are PIM Dense Mode (PIM-DM), PIM Sparse Mode (PIM-SM), and PIM Sparse-Dense Mode
Which MAC multicast address correctly maps to the IP multicast address 224.10.50.4?
01.00.5E.10.32.04
01.00.5E.10.50.04
01.00.5E.0A.32.04
01.00.5E.0A.50.04
Which two statements about IP multicast addresses are true? (Choose two.)
All IP multicast group addresses fall in the range from 224.0.0.0 through 254.255.255.255.
GLOP addresses and limited scope addresses are two types of IP multicast addresses.
IP addresses between 224.0.0.1 and 239.255.255.255 can be assigned to the sources of multicast traffic.
IP address 224.0.1.1 is a globally scoped address that has been reserved for the Network Time Protocol (NTP).
Which three statements are true about Protocol Independent Multicast (PIM) implementation on Cisco routers? (Choose three.)
In PIM-SM deployment, all routers create only (*,G) entries for the multicast groups.
In PIM-DM, a multicast sender first registers with the RP, and the data stream begins to flow from sender to RP to receiver.
Available network bandwidth is overutilized outside of the multicast routing zone because multiple streams of data are required between distant routers in place of a
single transmission.
All routers in the PIM network learn about the active group-to-RP mapping from the RP mapping agent by automatically joining the Cisco-RP-discovery (224.0.1.40)
multicast group.
In a PIM-SM network, the routers have the SPT threshold set to 0 by default which guarantees that the last-hop router switches to SPT mode as soon as the host
starts receiving the multicast
increased security
increased mobility
increased productivity
increased throughput
What is true about the differences between wireless LANs (WLANs) and LANs?
WLANs use CSMA/CA rather than CSMA/CD because WLANs operate at half-duplex.
WLANs use CSMA/CA rather than CSMA/CD because WLANs cannot detect collisions.
WLANs use CSMA/CD rather than CSMA/CA because wireless LANs operate on multiple frequencies.
WLANs use CSMA/CD rather than CSMA/CA because WLANs operate at full-duplex
It distributes the processing of 802.11 data and management protocols between a lightweight access point and a centralized WLAN controller.
Multiple devices can be grouped together to combine total bandwidth.
cost savings
increased productivity
stronger security
easier administration
What method of QoS gives preferential handling for predefined classes of traffic?
best-effort services
differentiated services
integrated services
Traffic shaping buffers excessive traffic to smooth traffic whereas policing drops excessive traffic.
Traffic shaping is preferred for traffic flows such as voice and video whereas policing is better for TCP flows.
Traffic shaping controls the rate traffic flows through a switch whereas policing controls traffic flows through a router.
Traffic shaping marks traffic with Layer 2 class of service (CoS) whereas policing marks traffic with the ToS bits in the IP header
access layer
core layer
distribution layer
provides connection admission control (CAC), bandwidth control and management, and address translation
provides real-time connectivity for participants in multiple locations to attend the same video conference or meeting
provides call control for IP phones, CAC, bandwidth control and management, and address translation
What are two best practices when implementing voice in a network? (Choose two.)