Pin It

Widgets

Read Online: Implementing Cisco Switched Networks Part2

Implementing Cisco Switched Networks Part 2
Exam Vendor: Cisco
Exam Code: Cisco-642-813
Exam Name: CCNA


Dumps, Free Dumps, VCP5 Dumps| VMware Dumps, VCP Dumps, VCP4 Dumps, VCAP Dumps, VCDX Dumps, Cisco Dumps, CCNA, CCNA640-802, CCNA Dumps, CCNP Dumps, CCIE Dumps, ITIL, Exin Dumps, ITIL Dumps, ITIL3 Dumps, ITIL4 Dumps, ITIL 2012 Dumps, CWNP Dumps, PW0-050, PW0-070, Microsoft, Microsoft Dumps, MCTS Dumps, MCP Dumps, MCSA Dumpe, MCITP Dumps, 70-640, 70-642, 70-643, Oracle, Oracle Dumps, CompTIA, Sun Dumps, RedHat Dumps, Other Dumps, Novell Dumps, Other Dumps, Citrix Dumps, 1Y0-A19, 1Y0-A20 ITIL V3, 

   

-->
   


-->
-->



Exam B
QUESTION 1
Refer to the exhibit.
BPDUGuard is enabled on both ports of SwitchA. Initially, LinkA is connected and forwarding traffic. A new
LinkB is then attached between SwitchA and HubA. Which two statements about the possible result of
attaching the second link are true? (Choose two.)
A. The switch port attached to LinkB does not transition to up.
B. One or both of the two switch ports attached to the hub goes into the err-disabled state when a BPDU is
received.
C. Both switch ports attached to the hub transitions to the blocking state.
D. A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
E. The switch port attached to LinkA immediately transitions to the blocking state.
Correct Answer: BD
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 2
What action should a network administrator take to enable VTP pruning on an entire management domain?
A. Enable VTP pruning on any client switch in the domain.
B. Enable VTP pruning on every switch in the domain.
C. Enable VTP pruning on any switch in the management domain.
D. Enable VTP pruning on a VTP server in the management domain.
Correct Answer: D
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:



VTP pruning should only be enabled on VTP servers, all the clients in the VTP domain will
automatically enable VTP pruning -> C is correct.
QUESTION 3
How does VTP pruning enhance network bandwidth?
A. by restricting unicast traffic across VTP domains
B. by reducing unnecessary flooding of traffic to inactive VLANs
C. by limiting the spreading of VLAN information
D. by disabling periodic VTP updates
Correct Answer: B
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Answer B.
Explanation
VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and
unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has
ports in that VLAN.
The following example shows the operation of a VTP domain without and with VTP Pruning.
Without VTP Pruning:

VTP domain without VTP
Pruning
When PC A sends a broadcast frame on VLAN 10, it travels across all trunk links in the VTP
domain. Switches Server, Sw2, and Sw3 all receive broadcast frames from PC A. But only
Sw3 has user on VLAN 10 and it is a waste of bandwidth on Sw2. Moreover, that broadcast
traffic also consumes processor time on Sw2. The link between switches Server and Sw2



does not carry any VLAN 10 traffic so it can be “pruned”.

VTP domain with VTP Pruning
QUESTION 4
In the hardware address 0000.0c07.ac0a, what does 07.ac represent?
A. vendor code
B. HSRP group number
C. HSRP router number
D. HSRP well-known physical MAC address
E. HSRP well-known virtual MAC address
Correct Answer: E
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
HSRP code (HSRP well-known virtual MAC address)  The fact that the MAC address is for an HSRP virtual
router is indicated in the next two bytes of the address. The HSRP code is always 07.ac. The HSRP protocol
uses a virtual MAC address, which always contains the 07.ac numerical value.
Reference: Building Cisco Multilayer Switched Networks (Cisco Press) page 268
QUESTION 5
Refer to the exhibit.
The network operations center has received a call stating that users in VLAN 107 are unable to access
resources through router 1. What is the cause of this problem?



The network operations center has received a call stating that users in VLAN 107 are unable to access
resources through router 1. What is the cause of this problem?
A. VLAN 107 does not exist on switch A.
B. VTP is pruning VLAN 107.
C. VLAN 107 is not configured on the trunk.



D. Spanning tree is not enabled on VLAN 107.
Correct Answer: B
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Answer: B
Explanation:
“VLAN allowed on trunk” – Each trunk allows all VLANs by default. However, administrator
can remove or add to the list by using the “switchport trunk allowed” command.
“VLANs allowed and active in management” – To be active, a VLAN must be in this list.
“VLANs in spanning tree forwarding state and not pruned” – This list is a subset of the
“allowed and active” list but with any VTP-pruned VLANs removed.
All VLANs were configured except VLAN 101 so D is not correct. VLAN 107 exists in the
“allowed and active” section so A and C are not correct, too. In the “forwarding state and not
pruned” we don’t see VLAN 107 so the administrator had wrongly configured this VLAN as
pruned.
QUESTION 6
Which protocol will enable a group of routers to form a single virtual router and will use the real IP address of a
router as the gateway address?
A. Proxy ARP
B. HSRP
C. IRDP
D. VRRP
E. GLBP



Correct Answer: D
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
The Virtual Router Redundancy Protocol (VRRP) feature enables a group of routers to form a single virtual
router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual
router, representing a group of routers, is also known as a VRRP group.
VRRP is defined in RFC 2338.
Reference: http://www.faqs.org/rfcs/rfc2338.html
QUESTION 7
On a multilayer Cisco Catalyst switch, which interface command is used to convert a Layer 3 interface to a
Layer 2 interface?
A. switchport
B. no switchport
C. switchport mode access
D. switchport access vlan vlan-id
Correct Answer: A
Section: Module 4: InterVLAN Routing, CEF
Explanation
Explanation/Reference:
Explanation:
The switchport command puts the port in Layer 2 mode. Then, you can use other switchport command
keywords to configure trunking, access VLANs, and so on.
QUESTION 8
Refer to the exhibit.



What can be determined about the HSRP relationship from the displayed debug output?
A. The preempt feature is not enabled on the 172.16.11.111 router.
B. The nonpreempt feature is enabled on the 172.16.11.112 router.
C. Router 172.16.11.111 will be the active router because its HSRP priority is preferred over router
172.16.11.112.
D. Router 172.16.11.112 will be the active router because its HSRP priority is preferred over router
172.16.11.111.
E. The IP address 172.16.11.111 is the virtual HSRP router IP address.
F. The IP address 172.16.11.112 is the virtual HSRP router IP address.
Correct Answer: A
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
The standby preempt interface configuration command allows the router to become the active router when its
priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both
routers include this command so that each router can be the standby router for the other router. The 1 indicates
that this command applies to Hot Standby group 1. If you do not use the standby preempt command in the
configuration for a router, that router cannot become the active router.
QUESTION 9
Refer to the exhibit.



All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line
users report that they experience slower network performance when accessing the server farm than the
Reception office experiences. Which two statements are true? (Choose two.)
A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance.
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.
Correct Answer: BD
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 10
What two things occur when an RSTP edge port receives a BPDU? (Choose two.)
A. The port immediately transitions to the forwarding state.



B. The switch generates a Topology Change Notification BPDU.
C. The port immediately transitions to the err-disable state.
D. The port becomes a normal STP switch port.
Correct Answer: BD
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 11
What is the effect of configuring the following command on a switch?
Switch(config) # spanning-tree portfast bpdufilter default
A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are
processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for PortFast, the port transitions to the forwarding state.
D. The command enables BPDU filtering on all ports regardless of whether they are configured for BPDU
filtering at the interface level.
Correct Answer: A
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 12
Refer to the exhibit.
Based on the debug output, which three statements about HSRP are true? (Choose three.)
A. The final active router is the router with IP address 172.16.11.111.
B. The router with IP address 172.16.11.111 has preempt configured.
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address
172.16.11.111.



D. The IP address 172.16.11.115 is the virtual HSRP IP address.
E. The router with IP address 172.16.11.112 has nonpreempt configured.
F. The router with IP address 172.16.11.112 is using default HSRP priority.
Correct Answer: ABD
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
QUESTION 13
Refer to the exhibit.
Which two problems are the most likely cause of the exhibited output? (Choose two.)
A. spanning tree issues
B. HSRP misconfiguration
C. VRRP misconfiguration
D. physical layer issues
E. transport layer issues
Correct Answer: BD
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
QUESTION 14
Refer to the exhibit.



What does the command channel-group 1 mode desirable do?
A. enables LACP unconditionally
B. enables PAgP only if a PAgP device is detected
C. enables PAgP unconditionally
D. enables EtherChannel only
E. enables LACP only if an LACP device is detected
Correct Answer: C
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 15
Refer to the exhibit.



Which two statements are true? (Choose two.)
A. Interface gigabitethernet 0/1 has been configured as Layer 3 ports.
B. Interface gigabitethernet 0/1 does not appear in the show vlan output because switchport is enabled.
C. Interface gigabitethernet 0/1 does not appear in the show vlan output because it is configured as a trunk
interface.
D. VLAN2 has been configured as the native VLAN for the 802.1q trunk on interface gigabitethernet 0/1.
E. Traffic on VLAN 1 that is sent out gigabitethernet 0/1 will have an 802.1q header applied.
F. Traffic on VLAN 2 that is sent out gigabitethernet 0/1 will have an 802.1q header applied.
Correct Answer: CF
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation



Explanation/Reference:
Explanation:
QUESTION 16
Which two statements about HSRP, VRRP, and GLBP are true? (Choose two.)
A. GLBP allows for router load balancing of traffic from a network segment without the different host IP
configurations needed to achieve the same results with HSRP.
B. GLBP allows for router load balancing of traffic from a network segment by utilizing the creation of multiple
standby groups.
C. GLBP and VRRP allow for MD5 authentication, whereas HSRP does not.
D. Unlike HSRP and VRRP, GLBP allows automatic selection and simultaneous use of multiple available
gateways.
E. HSRP allows for multiple upstream active links being simultaneously used, whereas GLBP does not.
Correct Answer: AD
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
QUESTION 17
Refer to the exhibit and the partial configuration of switch SW_A and SW_B.
STP is configured on all switches in the network. SW_B receives this error message on the console port:
00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex),



with SW_A FastEthernet0/4 (half duplex), with TBA05071417(Cat6K-B) 0/4 (half duplex).
What is the possible outcome of the problem?
A. The root port on switch SW_A will automatically transition to full-duplex mode.
B. The root port on switch SW_B will fall back to full-duplex mode.
C. The interfaces between switches SW_A and SW_B will transition to a blocking state.
D. Interface Fa 0/6 on switch SW_B will transition to a forwarding state and create a bridging loop.
Correct Answer: D
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 18
Refer to the exhibit.
Which statement is true?
A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 is forwarded, and all other traffic is dropped.
C. All VLAN traffic matching VLAN list 5-10 is forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC is forwarded, and all other traffic is dropped.
Correct Answer: D
Section: Module 7: Security, Dot1X
Explanation
Explanation/Reference:
Explanation:
QUESTION 19
Which two statements about HSRP are true? (Choose two.)
A. Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.
B. Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.
C. Routers configured for HSRP must belong only to one group per HSRP interface.
D. Routers configured for HSRP can belong to multiple groups and multiple VLANs.
E. All routers configured for HSRP load balancing must be configured with the same priority.
Correct Answer: BD
Section: Module 6: HSRP, VRRP, GLBP
Explanation



Explanation/Reference:
Explanation:
QUESTION 20
Which statement about 802.1x port-based authentication is true?
A. Hosts are required to have an 802.1x authentication client or utilize PPPoE.
B. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
C. RADIUS is the only supported authentication server type.
D. If a host initiates the authentication process and does not receive a response, it assumes it is not
authorized.
Correct Answer: C
Section: Module 7: Security, Dot1X
Explanation
Explanation/Reference:
Explanation:
The IEEE 802.1x standard defines a port-based access control and authentication protocol that restricts
unauthorized workstations from connecting to a LAN through publicly accessible switch ports. The
authentication server authenticates each workstation that is connected to a switch port before making available
any services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access control
allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the
workstation is connected. After authentication succeeds, normal traffic can pass through the port.
Authentication server: Performs the actual authentication of the client. The authentication server validates the
identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch
services. Because the switch acts as the proxy, the authentication service is transparent to the client. The
RADIUS security system with Extensible Authentication Protocol (EAP) extensions is the only supported
authentication server.
New Questions
QUESTION 21
Refer to the exhibit.
Switch S1 has been configured with the command spanning-tree mode rapid-pvst. Switch S3 has been
configured with the command spanning-tree mode mst. Switch S2 is running the IEEE 802.1D instance of
Spanning Tree. What is the result?
A. IEEE 802.1w and IEEE 802.1s are compatible. IEEE 802.1d is incompatible. Switches S1 and S3 can pass
traffic between themselves. Neither can pass traffic to switch S2.
B. Switches S1, S2, and S3 can pass traffic between themselves.



C. Switches S1, S2, and S3 can pass traffic between themselves. However, if the topology is changed, switch
S2 does not receive notification of the change.
D. IEEE 802.1d, IEEE 802.1w, and IEEE 802.1s are incompatible. All three switches must use the same
standard or no traffic can pass between any of the switches.
Correct Answer: B
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 22
Refer to the exhibit.
What can be concluded about VLANs 200 and 202?
A. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the
same VLAN. VLAN 200 carries traffic between community ports and to promiscuous ports.
B. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the
same VLAN. VLAN 200 carries traffic from isolated ports to a promiscuous port.
C. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the
same VLAN. VLAN 202 carries traffic between community ports and to promiscuous ports.
D. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the
same VLAN. VLAN 202 carries traffic from isolated ports to a promiscuous port.
Correct Answer: B
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 23
Refer to the exhibit.



Both routers are configured for the GLBP. Which statement is true?
A. The default gateway addresses of both hosts should be set to the IP addresses of both routers.
B. The default gateway address of each host should be set to the virtual IP address.
C. The hosts learn the proper default gateway IP address from router A.
D. The hosts have different default gateway IP addresses and different MAC addresses for each router.
Correct Answer: B
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
GLBP performs a similar, but not identical, function for the user as the HSRP and VRRP. Both HSRP and
VRRP protocols allow multiple routers to participate in a virtual router group configured with a virtual IP
address. One member is elected to be the active router to forward packets sent to the virtual IP address for the
group. The other routers in the group are redundant until the active router fails. With standard HSRP and
VRRP, these standby routers pass no traffic in normal operation - which is wasteful. Therefore the concept cam
about for using multiple virtual router groups, which are configured for the same set of routers. But to share the
load, the hosts must be configured for different default gateways, which results in an extra administrative
burden of going around and configuring every host and creating 2 or more groups of hosts that each use a
different default gateway.
GLBP is similar in that it provides load balancing over multiple routers (gateways) - but it can do this using only
ONE virtual IP address!!! Underneath that one virtual IP address is multiple virtual MAC addresses, and this is
how the load is balanced between the routers. Instead of the hassle of configuring all the hosts with a static
Default Gateway, you can lket them use ARP's to find their own. Multiple gateways in a "GLBP redundancy
group" respond to client Address Resolution Protocol (ARP) requests in a shared and ordered fashion, each
with their own unique virtual MAC addresses. As such, workstation traffic is divided across all possible
gateways. Each host is configured with the same virtual IP address, and all routers in the virtual router group
participate in forwarding packets
Reference: http://www.infocellar.com/networks/Routers/HSRP-GLBP-VRRP.htm
QUESTION 24
A switch has been configured with PVLANs. With what type of PVLAN port should the default gateway be
configured?
A. isolated
B. promiscuous
C. community
D. primary
E. trunk



Correct Answer: B
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
Promiscuous: The switch port connects to a router, firewall, or other common gateway device. This port can
communicate with anything else connected to the primary or any secondary VLAN. In other words, the port is in
promiscuous mode, in which the rules of private VLANs are ignored.
QUESTION 25
In the MAC address 0000.0c07.ac03, what does the "03" represent?
A. HSRP router number 3
B. Type of encapsulation
C. HSRP group number
D. VRRP group number
E. GLBP group number
Correct Answer: C
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
Each router keeps a unique MAC address for its interface. This MAC address is always associated with the
unique IP address configured on the interface. For the virtual router address, HSRP defines a special MAC
address of the form 0000.0c07.acxx, where xx represents the HSRP group number as a two-digit hex value.
For example, HSRP Group 1 appears as 0000.0c07.ac01, HSRP Group 16 appears as 0000.0c07.ac10.
QUESTION 26
A network is deployed using recommended practices of the enterprise campus network model, including users
with desktop computers connected via IP phones. Given that all components are QoS-capable, where are the
two optimal locations for trust boundaries to be configured by the network administrator? (Choose two.)
A. host
B. IP phone
C. access layer switch
D. distribution layer switch
E. core layer switch
Correct Answer: BC
Section: Module 8: VoIP, QoS
Explanation
Explanation/Reference:
Explanation:
QUESTION 27
What is needed to verify that a newly implemented security solution is performing as expected?
A. a detailed physical and logical topology
B. a cost analysis of the implemented solution
C. detailed logs from the AAA and SNMP servers
D. results from audit testing of the implemented solution



Correct Answer: D
Section: Module 7: Security, Dot1X
Explanation
Explanation/Reference:
Explanation:
QUESTION 28
When configuring port security on a Cisco Catalyst switch port, what is the default action taken by the switch if a
violation occurs?
A. protect (drop packets with unknown source addresses)
B. restrict (increment SecurityViolation counter)
C. shut down (access or trunk port)
D. transition (the access port to a trunking port)
Correct Answer: C
Section: Module 7: Security, Dot1X
Explanation
Explanation/Reference:
Explanation:
QUESTION 29
hostname Switch1
interface Vlan10
ip address 172.16.10.32 255.255.255.0
no ip redirects
standby 1 ip 172.16.10.110
standby 1 timers 1 5
standby 1 priority 130
hostname Switch2
interface Vlan10
ip address 172.16.10.33 255.255.255.0
no ip redirects
standby 1 ip 172.16.10.110
standby 1 timers 1 5
standby 1 priority 120
Refer to the above. HSRP was implemented and configured on two switches while scheduled network
maintenance was performed.
After the two switches have finished rebooting, you notice via show commands that Switch2 is the HSRP active
router. Which two items are the most likely cause of Switch1 not becoming the active router? (Choose two.)
A. Booting has been delayed.
B. The standby group number does not match the VLAN number.
C. IP addressing is incorrect.
D. Preemption is disabled.
E. Standby timers are incorrect.
F. IP redirect is disabled.
Correct Answer: AD
Section: Module 6: HSRP, VRRP, GLBP
Explanation



Explanation/Reference:
Explanation:
QUESTION 30
Private VLANs can be configured as which three port types? (Choose three.)
A. isolated
B. protected
C. private
D. associated
E. promiscuous
F. community
Correct Answer: AEF
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 31
Refer to the exhibit.
Which statement about the private VLAN configuration is true?
A. Only VLAN 503 will be the community PVLAN, because multiple community PVLANs are not allowed.
B. Users of VLANs 501 and 503 will be able to communicate.
C. VLAN 502 is a secondary VLAN.
D. VLAN 502 will be a standalone VLAN, because it is not associated with any other VLANs.



Correct Answer: C
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 32
When configuring a routed port on a Cisco multilayer switch, which configuration task is needed to enable that
port to function as a routed port?
A. Enable the switch to participate in routing updates from external devices with the router command in global
configuration mode.
B. Enter the no switchport command to disable Layer 2 functionality at the interface level.
C. Each port participating in routing of Layer 3 packets must have an IP routing protocol assigned on a per-
interface level.
D. Routing is enabled by default on a multilayer switch, so the port can become a Layer 3 routing interface by
assigning the appropriate IP address and subnet information.
Correct Answer: B
Section: Module 4: InterVLAN Routing, CEF
Explanation
Explanation/Reference:
Explanation:
QUESTION 33
You have configured a Cisco Catalyst switch to perform Layer 3 routing via an SVI and you have assigned that
interface to VLAN 20. To check the status of the SVI, you issue the show interfaces vlan 20 command at the
CLI prompt. You see from the output display that the interface is in an up/up state. What must be true in an SVI
configuration to bring the VLAN and line protocol up?
A. The port must be physically connected to another Layer 3 device.
B. At least one port in VLAN 20 must be active.
C. The Layer 3 routing protocol must be operational and receiving routing updates from neighboring peer
devices.
D. Because this is a virtual interface, the operational status is always in an "up/up" state.
Correct Answer: B
Section: Module 4: InterVLAN Routing, CEF
Explanation
Explanation/Reference:
Explanation:
QUESTION 34
Refer to the exhibit, which is from a Cisco Catalyst 3560 Series Switch.



Which statement about the Layer 3 routing functionality of the interface is true?
A. The interface is configured correctly for Layer 3 routing capabilities.
B. The interface needs an additional configuration entry to enable IP routing protocols.
C. Since the interface is connected to a host device, the spanning-tree portfast command must be added to
the interface.
D. An SVI interface is needed to enable IP routing for network 192.20.135.0.
Correct Answer: A
Section: Module 4: InterVLAN Routing, CEF
Explanation
Explanation/Reference:
Explanation:
QUESTION 35
What is the result of entering the command "port-channel load-balance src-dst-ip" on an EtherChannel link?
A. Packets are distributed across the ports in the channel based on the source and destination MAC
addresses.
B. Packets are distributed across the ports in the channel based on the source and destination IP addresses.
C. Packets are balanced across the ports in the channel based first on the source MAC address, then on the
destination MAC address, then on the IP address.
D. Packets are distributed across the access ports in the channel based first on the source IP address and
then on the destination IP addresses.
Correct Answer: B
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 36
Which Cisco IOS command globally enables port-based authentication on a switch?
A. aaa port-auth enable
B. radius port-control enable
C. dot1x system-auth-control
D. switchport aaa-control enable
Correct Answer: C
Section: Module 7: Security, Dot1X
Explanation



Explanation/Reference:
Explanation:
QUESTION 37
Which two steps are necessary to configure inter-VLAN routing between multilayer switches? (Choose two.)
A. Configure a dynamic routing protocol.
B. Configure SVI interfaces with IP addresses and subnet masks.
C. Configure access ports with network addresses.
D. Configure switch ports with the autostate exclude command.
E. Document the MAC addresses of the switch ports.
Correct Answer: AB
Section: Module 4: InterVLAN Routing, CEF
Explanation
Explanation/Reference:
Explanation:
QUESTION 38
Which statement correctly describes enabling BPDU guard on an access port that is also enabled for PortFast?
A. Upon startup, the port transmits 10 BPDUs. If the port receives a BPDU, PortFast and BPDU guard are
disabled on that port and it assumes normal STP operation.
B. The access port ignores any received BPDU.
C. If the port receives a BPDU, it is placed into the error-disable state.
D. BPDU guard is configured only globally and the BPDU filter is required for port-level configuration.
Correct Answer: C
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 39
Which statement about the Port Aggregation Protocol is true?
A. Configuration changes made on the port-channel interface apply to all physical ports assigned to the port-
channel interface.
B. Configuration changes made on a physical port that is a member of a port-channel interface apply to the
port-channel interface.
C. Configuration changes are not permitted with Port Aggregation Protocol. Instead, the standardized Link
Aggregation Control Protocol should be used if configuration changes are required.
D. The physical port must first be disassociated from the port-channel interface before any configuration
changes can be made.
Correct Answer: A
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 40
In which three HSRP states do routers send hello messages? (Choose three.)



A. standby
B. learn
C. listen
D. speak
E. active
Correct Answer: ADE
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
QUESTION 41
Which statement about 802.1Q trunking is true?
A. Both switches must be in the same VTP domain.
B. The encapsulation type on both ends of the trunk does not have to match.
C. The native VLAN on both ends of the trunk must be VLAN 1.
D. In 802.1Q trunking, all VLAN packets are tagged on the trunk link, except the native VLAN.
Correct Answer: D
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 42
Refer to the exhibit.



Which three statements are true? (Choose three.)
A. A trunk link will be formed.
B. Only VLANs 1-1001 will travel across the trunk link.
C. The native VLAN for switch B is VLAN 1.
D. DTP is not running on switch A.
E. DTP packets are sent from switch B.
Correct Answer: ACE
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
You can manually configure trunk links on Catalyst switches for either ISL or 802.1Q mode. In addition, Cisco
has implemented a proprietary, point-to-point protocol called Dynamic Trunking Protocol (DTP) that negotiates
a common trunking mode between two switches. The negotiation covers the encapsulation (ISL or 802.1Q) as
well as whether the link becomes a trunk at all. You can configure the trunk encapsulation with the switchport
trunk encapsulation command, as one of the following:
• isl--VLANs are tagged by encapsulating each frame using the Cisco ISL protocol. • dot1q--VLANs are tagged
in each frame using the IEEE 802.1Q standard protocol. The only exception is the native VLAN, which is sent
normally and not tagged at all. • negotiate (the default)--The encapsulation is negotiated to select either ISL or
IEEE 802.1Q, whichever is supported by both ends of the trunk. If both ends support both types, ISL is favored.
(The Catalyst 2950 switch does not support ISL encapsulation.) In the switchport mode command, you can set
the trunking mode to any of the following:
• trunk--This setting places the port in permanent trunking mode. The corresponding switch port at the other
end of the trunk should be similarly configured because negotiation is not allowed. You should also manually
configure the encapsulation mode. • dynamic desirable (the default)--The port actively attempts to convert the



link into trunking mode. If the far-end switch port is configured to trunk, dynamic desirable, or dynamic auto
mode, trunking is successfully negotiated.
• dynamic auto--The port converts the link into trunking mode. If the far-end switch port is configured to trunk or
dynamic desirable, trunking is negotiated. Because of the passive negotiation behavior, the link never becomes
a trunk if both ends of the link are left to the dynamic auto default.
QUESTION 43
Refer to the exhibit.
Host A and Host B are connected to the Cisco Catalyst 3550 switch and have been assigned to their respective
VLANs. The rest of the 3550 configuration is the default configuration. Host A is able to ping its default gateway,
10.10.10.1, but is unable to ping Host B. Given the output in the exhibit, which statement is true?
A. HSRP must be configured on SW1.
B. A separate router is needed to support inter-VLAN routing.
C. Interface VLAN 10 must be configured on the SW1 switch.
D. The global configuration command ip routing must be configured on the SW1 switch.



E. VLANs 10 and 15 must be created in the VLAN database mode.
F. VTP must be configured to support inter-VLAN routing.
Correct Answer: D
Section: Module 4: InterVLAN Routing, CEF
Explanation
Explanation/Reference:
Explanation:
To transport packets between VLANs, you must use a Layer 3 device. Traditionally, this has been a router's
function. The router must have a physical or logical connection to each VLAN so that it can forward packets
between them. This is known as interVLAN routing. Multilayer switches can perform both Layer 2 switching and
interVLAN routing, as appropriate. Layer 2 switching occurs between interfaces that are assigned to Layer 2
VLANs or Layer 2 trunks. Layer 3 switching can occur between any type of interface, as long as the interface
can have a Layer 3 address assigned to it.
Switch(config)#ip routing command enables the routing on Layer 3 Swtich
QUESTION 44
Refer to the exhibit.
What happens when one more user is connected to interface FastEthernet 5/1?
A. All secure addresses age out and are removed from the secure address list. The security violation counter
increments.
B. The first address learned on the port is removed from the secure address list and is replaced with the new
address.
C. The interface is placed into the error-disabled state immediately, and an SNMP trap notification is sent.
D. The packets with the new source addresses are dropped until a sufficient number of secure MAC
addresses are removed from the secure address list.
Correct Answer: C
Section: Module 7: Security, Dot1X
Explanation
Explanation/Reference:
Explanation:
Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or
number of MAC addresses. Those addresses can be learned dynamically or configured statically. The port will
then provide access to frames from only those addresses. If, however, the number of addresses is limited to
four but no specific MAC addresses are configured, the port will allow any four MAC addresses to be learned
dynamically, and port access will be limited to those four dynamically learned addresses.
Port Security Implementation:



When Switch port security rules violate different action can be applied:
1. Protect: Frames from the nonallowed address are dropped, but there is no log of the violation.
2. Restrict: Frames from the nonallowed address are dropped, a log message is created, and a Simple Network
Management Protocol (SNMP) trap is sent.
3. Shutdown: If any frames are seen from a nonallowed address, the interface is errdisabled, a log entry is
made, an SNMP trap is sent, and manual intervention or errdisable recovery must be used to make the
interface usable.
QUESTION 45
Refer to the exhibit.



What happens to traffic within VLAN 14 with a source address of 172.16.10.5?
A. The traffic is forwarded to the TCAM for further processing.
B. The traffic is forwarded to the router processor for further processing.
C. The traffic is dropped.
D. The traffic is forwarded without further processing.
Correct Answer: C
Section: Module 7: Security, Dot1X
Explanation
Explanation/Reference:
Explanation:
VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN maps can be
configured on the switch to filter all packets that are routed into or out of a VLAN, or are bridged within a VLAN.
VLAN maps are used strictly for security packet filtering. Unlike router ACLs, VLAN maps are not defined by
direction (input or output).
To create a VLAN map and apply it to one or more VLANs, perform these steps:
• Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This
access-list will select the traffic that will be either forwarded or dropped by the access- map. Only traffic
matching the `permit' condition in an access-list will be passed to the access-map for further processing.
• Enter the vlan access-map access-map-name [sequence] global configuration command to create a VLAN
ACL map entry. Each access-map can have multiple entries. The order of these entries is determined by the
sequence. If no sequence number is entered, access-map entries are added with sequence numbers in
increments of 10.
• In access map configuration mode, optionally enter an action forward or action drop. The default is to forward
traffic. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC
address), and to match the packet against one or more ACLs (standard or extended).
• Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to
one or more VLANs. A single access-map can be used on multiple VLANs.
QUESTION 46
Which protocol allows for the automatic selection and simultaneous use of multiple available gateways as well
as automatic failover between those gateways?



A. IRDP
B. HSRP
C. GLBP
D. VRRP
Correct Answer: C
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
To provide a virtual router, multiple switches (routers) are assigned to a common GLBP group. Rather than
having just one active router performing forwarding for the virtual router address, all routers in the group can
participate and offer load balancing by forwarding a portion of the overall traffic. The advantage is that none of
the clients have to be pointed toward a specific gateway address--they can all have the same default gateway
set to the virtual router IP address. The load balancing is provided completely through the use of virtual router
MAC addresses in ARP replies returned to the clients. As a client sends an ARP request looking for the virtual
router address, GLBP sends back an ARP reply with the virtual MAC address of a selected router in the group.
The result is that all clients use the same gateway address but have differing MAC addresses for it.
QUESTION 47
When you create a network implementation for a VLAN solution, what is one procedure that you should include
in your plan?
A. Perform an incremental implementation of components.
B. Implement the entire solution and then test end-to-end to make sure that it is performing as designed.
C. Implement trunking of all VLANs to ensure that traffic is crossing the network as needed before performing
any pruning of VLANs.
D. Test the solution on the production network in off hours.
Correct Answer: A
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 48
You have just created a new VLAN on your network. What is one step that you should include in your VLAN-
based implementation and verification plan?
A. Verify that different native VLANs exist between two switches for security purposes.
B. Verify that the VLAN was added on all switches with the use of the show vlan command.
C. Verify that the switch is configured to allow for trunking on the switch ports.
D. Verify that each switch port has the correct IP address space assigned to it for the new VLAN.
Correct Answer: B
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 49
Which two statements describe a routed switch port on a multilayer switch? (Choose two.)



A. Layer 2 switching and Layer 3 routing are mutually supported.
B. The port is not associated with any VLAN.
C. The routed switch port supports VLAN subinterfaces.
D. The routed switch port is used when a switch has only one port per VLAN or subnet.
E. The routed switch port ensures that STP remains in the forwarding state.
Correct Answer: BD
Section: Module 4: InterVLAN Routing, CEF
Explanation
Explanation/Reference:
Explanation:
QUESTION 50
Which two statements correctly describe VTP? (Choose two.)
A. Transparent mode always has a configuration revision number of 0.
B. Transparent mode cannot modify a VLAN database.
C. Client mode cannot forward received VTP advertisements.
D. Client mode synchronizes its VLAN database from VTP advertisements.
E. Server mode can synchronize across VTP domains.
Correct Answer: AD
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 51
Which two DTP modes permit trunking between directly connected switches? (Choose two.)
A. dynamic desirable (VTP domain A) to dynamic desirable (VTP domain A)
B. dynamic desirable (VTP domain A) to dynamic desirable (VTP domain B)
C. dynamic auto (VTP domain A) to dynamic auto (VTP domain A)
D. dynamic auto (VTP domain A) to dynamic auto (VTP domain B)
E. dynamic auto (VTP domain A) to nonegotiate (VTP domain A)
F. nonegotiate (VTP domain A) to nonegotiate (VTP domain B)
Correct Answer: AF
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation
Explanation/Reference:
Explanation:
QUESTION 52
Which two RSTP port roles include the port as part of the active topology? (Choose two.)
A. root
B. designated
C. alternate
D. backup
E. forwarding



F. learning
Correct Answer: AB
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 53
Which two statements correctly describe characteristics of the PortFast feature? (Choose two.)
A. STP is disabled on the port.
B. PortFast can also be configured on trunk ports.
C. PortFast is needed to enable port-based BPDU guard.
D. PortFast is used for STP and RSTP host ports.
E. PortFast is used for STP-only host ports.
Correct Answer: BD
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 54
Which statement correctly describes the Cisco implementation of RSTP?
A. PortFast, UplinkFast, and BackboneFast specific configurations are ignored in Rapid PVST mode.
B. RSTP is enabled globally and uses existing STP configuration.
C. Root and alternative ports transition immediately to the forwarding state.
D. Convergence is improved by using subsecond timers for the blocking, listening, learning, and forwarding
port states.
Correct Answer: B
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 55
What is the effect of applying the "switchport trunk encapsulation dot1q" command to a port on a Cisco Catalyst
switch?
A. By default, native VLAN packets going out this port are tagged.
B. Without an encapsulation command, 802.1Q is the default encapsulation if DTP fails to negotiate a trunking
protocol.
C. The interface supports the reception of tagged and untagged traffic.
D. If the device connected to this port is not 802.1Q-enabled, it is unable to handle 802.1Q packets.
Correct Answer: C
Section: Module 2: VLAN, PVLAN, Etherchannel
Explanation



Explanation/Reference:
Explanation:
QUESTION 56
You are the administrator of a switch and currently all host-connected ports are configured with the portfast
command. You have received a new directive from your manager that states that, in the future, any host-
connected port that receives a BPDU should automatically disable PortFast and begin transmitting BPDUs.
Which command will support this new requirement?
A. Switch(config)#spanning-tree portfast bpduguard default
B. Switch(config-if)#spanning-tree bpduguard enable
C. Switch(config-if)#spanning-tree bpdufilter enable
D. Switch(config)#spanning-tree portfast bpdufilter default
Correct Answer: D
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 57
A port in a redundant topology is currently in the blocking state and is not receiving BPDUs. To ensure that this
port does not erroneously transition to the forwarding state, which command should be configured?
A. Switch(config)#spanning-tree loopguard default
B. Switch(config-if)#spanning-tree bdpufilter
C. Switch(config)#udld aggressive
D. Switch(config-if)#spanning-tree bpduguard
Correct Answer: A
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 58
Which command can be issued without interfering with the operation of loop guard?
A. Switch(config-if)#spanning-tree guard root
B. Switch(config-if)#spanning-tree portfast
C. Switch(config-if)#switchport mode trunk
D. Switch(config-if)#switchport mode access
Correct Answer: C
Section: Module 3: STP, RSTP, MSTP
Explanation
Explanation/Reference:
Explanation:
QUESTION 59
Refer to the exhibit. On the basis of the information provided in the exhibit, which two sets of procedures are
best practices for Layer 2 and 3 failover alignment? (Choose two.)



A. Configure the D-SW1 switch as the active HSRP router and the STP root for all VLANs. Configure the D-
SW2 switch as the standby HSRP router and backup STP root for all VLANs.
B. Configure the D-SW1 switch as the standby HSRP router and the STP root for VLANs 11 and 110.
Configure the D-SW2 switch as the standby HSRP router and the STP root for VLANs 12 and 120.
C. Configure the D-SW1 switch as the active HSRP router and the STP root for VLANs 11 and 110. Configure
the D-SW2 switch as the active HSRP router and the STP root for VLANs 12 and 120.
D. Configure the D-SW2 switch as the active HSRP router and the STP root for all VLANs. Configure the D-
SW1 switch as the standby HSRP router and backup STP root for all VLANs.
E. Configure the D-SW1 switch as the active HSRP router and the backup STP root for VLANs 11 and 110.
Configure the D-SW2 switch as the active HSRP router and the backup STP root for VLANs 12 and 120.
F. Configure the D-SW1 switch as the standby HSRP router and the backup STP root for VLANs 12 and 120.
Configure the D-SW2 switch as the standby HSRP router and the backup STP root for VLANs 11 and 110.
Correct Answer: CF
Section: Module 6: HSRP, VRRP, GLBP
Explanation
Explanation/Reference:
Explanation:
Basically, each of the routers that provides redundancy for a given gateway address is assigned to a common
HSRP group. One router is elected as the primary, or active, HSRP router, another is elected as the standby
HSRP router, and all the others remain in the listen HSRP state. The routers exchange HSRP hello messages
at regular intervals, so they can remain aware of each other's existence, as well as that of the active router.
HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. By default,
the priority is 100. The router with the highest priority value (255 is highest) becomes the active router for the
group. If all router priorities are equal or set to the default value, the router with the highest IP address on the
HSRP interface becomes the active router. To set the priority, use the following interface configuration
command:
Switch(config-if)# standby group priority priority
When HSRP is configured on an interface, the router progresses through a series of states before becoming
active. This forces a router to listen for others in a group and see where it fits into the pecking order. The HSRP


state sequence is Disabled, Init, Listen, Speak, Standby, and, finally, Active.
You can configure a router to preempt or immediately take over the active role if its priority is the highest at any
time. Use the following interface configuration command to allow preemption:
Switch(config-if)# standby group preempt [delay seconds]


-->