CCNA 2 version 7 Final Exam Answers Full – Switching, Routing and Wireless Essentials 2020 ~ Réseaux Informatiques

1. What additional information is contained in the 12-bit extended system ID of a BPDU?

MAC address
VLAN ID
IP address
port ID

2. During the implementation of Spanning Tree Protocol, all switches are rebooted by the network administrator. What is the first step of the spanning-tree election process?

Each switch with a lower root ID than its neighbor will not send BPDUs.
All the switches send out BPDUs advertising themselves as the root bridge.
Each switch determines the best path to forward traffic.
Each switch determines what port to block to prevent a loop from occurring.

3. Which STP port role is adopted by a switch port if there is no other port with a lower cost to the root bridge?

designated port
root port
alternate
disabled port

4. Which two concepts relate to a switch port that is intended to have only end devices attached and intended never to be used to connect to another switch? (Choose two.)

bridge ID
edge port
extended system ID
PortFast
PVST+

5. Which three components are combined to form a bridge ID?

extended system ID
cost
IP address
bridge priority
MAC address
port ID

Explanation: The three components that are combined to form a bridge ID are bridge priority, extended system ID, and MAC address.

6. Match the STP protocol with the correct description. (Not all options are used.)

7. In which two port states does a switch learn MAC addresses and process BPDUs in a PVST network? (Choose two.)

disabled
forwarding
listening
blocking
learning

Explanation: Switches learn MAC addresses at the learning and forwarding port states. They receive and process BPDUs at the blocking, listening, learning, and forwarding port states.

8. If no bridge priority is configured in PVST, which criteria is considered when electing the root bridge?

lowest MAC address
lowest IP address
highest IP address
highest MAC address

Explanation: Only one switch can be the root bridge for a VLAN. The root bridge is the switch with the lowest BID. The BID is determined by priority and the MAC address. If no priority is configured then all switches use the default priority and the election of the root bridge will be based on the lowest MAC address.

9. Match the spanning-tree feature with the protocol type. (Not all options are used.)

10. When the show spanning-tree vlan 33 command is issued on a switch, three ports are shown in the forwarding state. In which two port roles could these interfaces function while in the forwarding state? (Choose two.)

alternate
designated
disabled
blocked
root

Explanation: The role of each of the three ports will be either designated port or root port. Ports in the disabled state are administratively disabled. Ports in the blocking state are alternate ports.

11. What is the function of STP in a scalable network?

It decreases the size of the failure domain to contain the impact of failures.
It protects the edge of the enterprise network from malicious activity.
It combines multiple switch trunk links to act as one logical link for increased bandwidth.
It disables redundant paths to eliminate Layer 2 loops.

12. What is a characteristic of spanning tree?

It is enabled by default on Cisco switches.
It is used to discover information about an adjacent Cisco device.
It has a TTL mechanism that works at Layer 2.
It prevents propagation of Layer 2 broadcast frames.

13. Which spanning tree standard supports only one root bridge so that traffic from all VLANs flows over the same path?

PVST+
802.1D
MST
Rapid PVST

Explanation: MST is the Cisco implementation of MSTP, an IEEE standard protocol that provides up to 16 instances of RSTP. PVST+ provides a separate 802.1D spanning-tree instance for each VLAN that is configured in the network. 802.1D is the original STP standard defined by the IEEE and allows for only one root bridge for all VLANs. 802.1w, or RSTP, provides faster convergence but still uses only one STP instance for all VLANs.

14. What is the purpose of the Spanning Tree Protocol (STP)?

creates smaller collision domains
prevents routing loops on a router
prevents Layer 2 loops
allows Cisco devices to exchange routing table updates
creates smaller broadcast domains

15. What is the value used to determine which port on a non-root bridge will become a root port in a STP network?

the path cost
the highest MAC address of all the ports in the switch
the lowest MAC address of all the ports in the switch
the VTP revision number

16. Refer to the exhibit. Which switch will be the root bridge after the election process is complete?

Explanation: The root bridge is determined by the lowest bridge ID, which consists of the priority value and the MAC address. Because the priority values of all of the switches are identical, the MAC address is used to determine the root bridge. Because S2 has the lowest MAC address, S2 becomes the root bridge.

17. What are two drawbacks to turning spanning tree off and having multiple paths through the Layer 2 switch network? (Choose two.)

The MAC address table becomes unstable.
The switch acts like a hub.
Port security becomes unstable.
Broadcast frames are transmitted indefinitely.
Port security shuts down all of the ports that have attached devices.

Explanation: Spanning tree should never be disabled. Without it, the MAC address table becomes unstable, broadcast storms can render network clients and the switches unusable, and multiple copies of unicast frames can be delivered to the end devices.

18. A small company network has six interconnected Layer 2 switches. Currently all switches are using the default bridge priority value. Which value can be used to configure the bridge priority of one of the switches to ensure that it becomes the root bridge in this design?

1
28672
32768
34816
61440

Explanation: The default bridge priority value for all Cisco switches is 32768. The range is 0 to 61440 in increments of 4096. Thus, the values 1 and 34816 are invalid. Configuring one switch with the lower value of 28672 (and leaving the bridge priority value of all other switches unchanged) will make the switch become the root bridge.

19. Refer to the exhibit. The administrator tried to create an EtherChannel between S1 and the other two switches via the commands that are shown, but was unsuccessful. What is the problem?

Traffic cannot be sent to two different switches through the same EtherChannel link.
Traffic cannot be sent to two different switches, but only to two different devices like an EtherChannel-enabled server and a switch.
Traffic can only be sent to two different switches if EtherChannel is implemented on Gigabit Ethernet interfaces.
Traffic can only be sent to two different switches if EtherChannel is implemented on Layer 3 switches.

20. Which statement is true regarding the use of PAgP to create EtherChannels?

It requires full duplex.
It increases the number of ports that are participating in spanning tree.
It requires more physical links than LACP does.
It mandates that an even number of ports (2, 4, 6, etc.) be used for aggregation.
It is Cisco proprietary.

Explanation: PAgP is used to automatically aggregate multiple ports into an EtherChannel bundle, but it only works between Cisco devices. LACP can be used for the same purpose between Cisco and non-Cisco devices. PAgP must have the same duplex mode at both ends and can use two ports or more. The number of ports depends on the switch platform or module. An EtherChannel aggregated link is seen as one port by the spanning-tree algorithm.

21. What are two requirements to be able to configure an EtherChannel between two switches? (Choose two.)

All the interfaces need to work at the same speed.
All interfaces need to be assigned to different VLANs.
Different allowed ranges of VLANs must exist on each end.
All the interfaces need to be working in the same duplex mode.
The interfaces that are involved need to be contiguous on the switch.

Explanation: All interfaces in the EtherChannel bundle must be assigned to the same VLAN or be configured as a trunk. If the allowed range of VLANs is not the same, the interfaces do not form an EtherChannel even when set to auto or desirable mode.

22. Refer to the exhibit. On the basis of the output that is shown, what can be determined about the EtherChannel bundle?

The EtherChannel bundle is down.
Two Gigabit Ethernet ports are used to form the EtherChannel.
A Cisco proprietary protocol was used to negotiate the EtherChannel link.
The EtherChannel bundle is operating at both Layer 2 and Layer 3.

Explanation: Two protocols can be used to send negotiation frames that are used to try to establish an EtherChannel link: PAgP and LACP. PAgP is Cisco proprietary, and LACP adheres to the industry standard.

23. Which two parameters must match on the ports of two switches to create a PAgP EtherChannel between the switches? (Choose two.)

port ID
PAgP mode
MAC address
speed
VLAN information

Explanation: For an EtherChannel to be created, the ports that are concerned on the two switches must match in terms of the speed, duplex, and VLAN information. The PAgP mode must be compatible but not necessarily equal. The port ID and the MAC addresses do not have to match.

24. Refer to the exhibit. A network administrator is configuring an EtherChannel link between two switches, SW1 and SW2. Which statement describes the effect after the commands are issued on SW1 and SW2?

The EtherChannel is established after SW2 initiates the link request.
The EtherChannel is established after SW1 initiates the link request.
The EtherChannel is established without negotiation.
The EtherChannel fails to establish.

25. Refer to the exhibit. A network administrator is configuring an EtherChannel link between two switches, SW1 and SW2. However, the EtherChannel link fails to establish. What change in configuration would correct the problem?

Configure SW2 EtherChannel mode to desirable.
Configure SW2 EtherChannel mode to on.
Configure SW1 EtherChannel mode to on.
Configure SW2 EtherChannel mode to auto.

Explanation: The EtherChannel mode must be compatible on each side for the link to work. The three modes from PAgP protocol are on, desirable, and auto. The three modes from LACP protocol are on, active, and passive. The compatible modes include on-on, auto-desirable, desirable-desirable, active-passive, and active-active. Any other combinations will not form an EtherChannel link.

26. A network administrator configured an EtherChannel link with three interfaces between two switches. What is the result if one of the three interfaces is down?

The remaining two interfaces continue to load balance traffic.
The remaining two interfaces become separate links between the two switches.
One interface becomes an active link for data traffic and the other becomes a backup link.
The EtherChannel fails.

Explanation: EtherChannel creates an aggregation that is seen as one logical link. It provides redundancy because the overall link is one logical connection. The loss of one physical link within the channel does not create a change in the topology; the EtherChannel remains functional.

27. A network administrator is configuring an EtherChannel link between switches SW1 and SW2 by using the command SW1(config-if-range)# channel-group 1 mode auto . Which command must be used on SW2 to enable this EtherChannel?

SW2(config-if-range)# channel-group 1 mode passive
SW2(config-if-range)# channel-group 1 mode desirable
SW2(config-if-range)# channel-group 1 mode on
SW2(config-if-range)# channel-group 1 mode active

Explanation: The possible combinations to establish an EtherChannel between SW1 and SW2 using LACP or PAgP are as follows:
PAgP
on on
auto desirable
desirable desirable
LACP
on on
active active
passive active
The EtherChannel mode chosen on each side of the EtherChannel must be compatible in order to enable it.

28. Which technology is an open protocol standard that allows switches to automatically bundle physical ports into a single logical link?

PAgP
LACP
Multilink PPP
DTP

Explanation: LACP, or Link Aggregation Control Protocol, is defined by IEEE 802.3ad and is an open standard protocol. LACP allows switches to automatically bundle switch ports into a single logical link to increase bandwidth. PAgP, or Port Aggregation Protocol, performs a similar function, but it is a Cisco proprietary protocol. DTP is Dynamic Trunking Protocol and is used to automatically and dynamically build trunks between switches. Multilink PPP is used to load-balance PPP traffic across multiple serial interfaces.

29. What is a requirement to configure a trunking EtherChannel between two switches?

The allowed range of VLANs must be the same on both switches.
The participating interfaces must be assigned the same VLAN number on both switches.
The participating interfaces must be physically contiguous on a switch.
The participating interfaces must be on the same module on a switch.

Explanation: To enable a trunking EtherChannel successfully, the range of VLANs allowed on all the interfaces must match; otherwise, the EtherChannel cannot be formed. The interfaces involved in an EtherChannel do not have to be physically contiguous, or on the same module. Because the EtherChannel is a trunking one, participating interfaces are configured as trunk mode, not access mode.

30. What are two advantages of using LACP? (Choose two.)

It allows directly connected switches to negotiate an EtherChannel link.
It eliminates the need for configuring trunk interfaces when deploying VLANs on multiple switches.
It decreases the amount of configuration that is needed on a switch.
It provides a simulated environment for testing link aggregation.
It allows the use of multivendor devices.
LACP allows Fast Ethernet and Gigabit Ethernet interfaces to be mixed within a single EtherChannel.

Explanation: The Link Aggregation Control Protocol (LACP) allows directly connected multivendor switches to negotiate an EtherChannel link. LACP helps create the EtherChannel link by detecting the configuration of each side and making sure that they are compatible so that the EtherChannel link can be enabled when needed.

31. A switch is configured to run STP. What term describes a non-root port that is permitted to forward traffic on the network?

root port
designated port
alternate port
disabled

32. What are two advantages of EtherChannel? (Choose two.)

Spanning Tree Protocol views the physical links in an EtherChannel as one logical connection.
Load balancing occurs between links configured as different EtherChannels.
Configuring the EtherChannel interface provides consistency in the configuration of the physical links.
Spanning Tree Protocol ensures redundancy by transitioning failed interfaces in an EtherChannel to a forwarding state.
EtherChannel uses upgraded physical links to provide increased bandwidth.

Explanation: EtherChannel configuration of one logical interface ensures configuration consistency across the physical links in the EtherChannel. The EtherChannel provides increased bandwidth using existing switch ports without requiring any upgrades to the physical interfaces. Load balancing methods are implemented between links that are part of the same Etherchannel. Because EtherChannel views the bundled physical links as one logical connection, spanning tree recalculation is not required if one of the bundled physical links fail. If a physical interface fails, STP cannot transition the failed interface into a forwarding state.

33. Refer to the exhibit. What are the possible port roles for ports A, B, C, and D in this RSTP-enabled network?

Modules 5 – 6: Redundant Networks Exam 33

alternate, designated, root, root
designated, alternate, root, root
alternate, root, designated, root
designated, root, alternate, root

Explanation: Because S1 is the root bridge, B is a designated port, and C and D root ports. RSTP supports a new port type, alternate port in discarding state, that can be port A in this scenario.

34. Refer to the exhibit. Which switching technology would allow each access layer switch link to be aggregated to provide more bandwidth between each Layer 2 switch and the Layer 3 switch?

trunking
HSRP
PortFast
EtherChannel

Explanation: PortFast is used to reduce the amount of time that a port spends going through the spanning-tree algorithm, so that devices can start sending data sooner. Trunking can be implemented in conjunction with EtherChannel, but trunking alone does not aggregate switch links. HSRP is used to load-balance traffic across two different connections to Layer 3 devices for default gateway redundancy. HSRP does not aggregate links at either Layer 2 or Layer 3 as EtherChannel does.

35. Refer to the exhibit. An administrator wants to form an EtherChannel between the two switches by using the Port Aggregation Protocol. If switch S1 is configured to be in auto mode, which mode should be configured on S2 to form the EtherChannel?

auto
on
off
desirable

Explanation: An EtherChannel will be formed via PAgP when both switches are in on mode or when one of them is in auto or desirable mode and the other is in desirable mode.

36. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
Which set of configuration commands issued on SW1 will successfully complete the EtherChannel link between SW1 and SW2?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 36

interface GigabitEthernet0/1
no shutdown
interface Port-channel 1
no shutdown
interface GigabitEthernet0/2
channel-group 2 mode desirable
interface GigabitEthernet0/1
channel-group 1 mode desirable

Explanation: Issuing the show running-configuration command on SW1 shows that interface GigabitEthernet0/1 is missing the channel-group 1 mode desirable command which will compete the EtherChannel configuration for interface GigabitEthernet0/1 and interface GigabitEthernet0/2.

37. A set of switches is being connected in a LAN topology. Which STP bridge priority value will make it least likely for the switch to be selected as the root?

65535
4096
32768
61440

38. In which two PVST+ port states are MAC addresses learned? (Choose two.)

learning
forwarding
disabled
listening
blocking

Explanation: The two PVST+ port states during which MAC addresses are learned and populate the MAC address table are the learning and the forwarding states.

39. Which port role is assigned to the switch port that has the lowest cost to reach the root bridge?

designated port
disabled port
root port
non-designated port

40. A switch is configured to run STP. What term describes the switch port closest, in terms of overall cost, to the root bridge

root port
designated port
alternate port
disabled

41. A switch is configured to run STP. What term describes a field used to specify a VLAN ID?

extended system ID
port ID
bridge priority
bridge ID

42. A switch is configured to run STP. What term describes the reference point for all path calculations?

root bridge
root port
designated port
alternate port

43. A switch is configured to run STP. What term describes a field that has a default value of 32,768 and is the initial deciding factor when electing a root bridge?

bridge priority
MAC Address
extended system ID
bridge ID

44. Which statement describes an EtherChannel implementation?

EtherChannel operates only at Layer 2.
PAgP cannot be used in conjunction with EtherChannel.
A trunked port can be part of an EtherChannel bundle.
EtherChannel can support up to a maximum of ten separate links.

45. Refer to the exhibit. A network administrator issued the show etherchannel summary command on the switch S1. What conclusion can be drawn?

CCNA2 v7 SRWE – Modules 5 – 6 Redundant Networks Exam Answers

The EtherChannel is suspended.
The EtherChannel is not functional.
The port aggregation protocol PAgP is misconfigured.
FastEthernet ports Fa0/1, Fa0/2, and Fa0/3 do not join the EtherChannel.

46. Which statement describes a characteristic of EtherChannel?

It can combine up to a maximum of 4 physical links.
It can bundle mixed types of 100 Mb/s and 1Gb/s Ethernet links.
It consists of multiple parallel links between a switch and a router.
It is made by combining multiple physical links that are seen as one link between two switches.

47. Which two channel group modes would place an interface in a negotiating state using PAgP? (Choose two.)

on
desirable
active
auto
passive

48. Which mode configuration setting would allow formation of an EtherChannel link between switches SW1 and SW2 without sending negotiation traffic?
SW1: on
SW2: on
SW1: desirable
SW2: desirable
SW1: auto
SW2: auto
trunking enabled on both switches
SW1: auto
SW2: auto
PortFast enabled on both switches
SW1: passive
SW2: active
49. Refer to the exhibit. An EtherChannel was configured between switches S1 and S2, but the interfaces do not form an EtherChannel. What is the problem?

CCNA2 v7 SRWE – Modules 5 – 6 Redundant Networks Exam Answers 50

The interface port-channel number has to be different on each switch.
The switch ports were not configured with speed and duplex mode.
The switch ports have to be configured as access ports with each port having a VLAN assigned.
The EtherChannel was not configured with the same allowed range of VLANs on each interface.

50. When EtherChannel is configured, which mode will force an interface into a port channel without exchanging aggregation protocol packets?

active
auto
on
desirable

51. What are two load-balancing methods in the EtherChannel technology? (Choose two.)

combination of source port and IP to destination port and IP
source IP to destination IP
source port to destination port
combination of source MAC and IP to destination MAC and IP
source MAC to destination MAC

52. Which protocol provides up to 16 instances of RSTP, combines many VLANs with the same physical and logical topology into a common RSTP instance, and provides support for PortFast, BPDU guard, BPDU filter, root guard, and loop guard?

STP
Rapid PVST+
PVST+
MST

53. What is the outcome of a Layer 2 broadcast storm?

Routers will take over the forwarding of frames as switches become congested.
New traffic is discarded by the switch because it is unable to be processed.
CSMA/CD will cause each host to continue transmitting frames.
ARP broadcast requests are returned to the transmitting host.

54. Which two network design features require Spanning Tree Protocol (STP) to ensure correct network operation? (Choose two.)

static default routes
implementing VLANs to contain broadcasts
redundant links between Layer 2 switches
link-state dynamic routing that provides redundant routes
removing single points of failure with multiple Layer 2 switches

55. A network administrator has configured an EtherChannel between two switches that are connected via four trunk links. If the physical interface for one of the trunk links changes to a down state, what happens to the EtherChannel?

Spanning Tree Protocol will transition the failed physical interface into forwarding mode.
Spanning Tree Protocol will recalculate the remaining trunk links.
The EtherChannel will transition to a down state.
The EtherChannel will remain functional.

56. Which feature on a Cisco router permits the forwarding of traffic for which there is no specific route?

next-hop
gateway of last resort
route source
outgoing interface

57. Which three advantages are provided by static routing? (Choose three.)

Static routing does not advertise over the network, thus providing better security.
Configuration of static routes is error-free.
Static routes scale well as the network grows.
Static routing typically uses less network bandwidth and fewer CPU operations than dynamic routing does.
The path a static route uses to send data is known.
No intervention is required to maintain changing route information.

58. What are two functions of dynamic routing protocols? (Choose two.)

to maintain routing tables
to assure low router overhead
to avoid exposing network information
to discover the network
to choose the path that is specified by the administrator

59. What is an advantage of using dynamic routing protocols instead of static routing?

easier to implement
more secure in controlling routing updates
fewer router resource overhead requirements
ability to actively search for new routes if the current path becomes unavailable

60. What happens to a static route entry in a routing table when the outgoing interface associated with that route goes into the down state?

The static route is removed from the routing table.
The router polls neighbors for a replacement route.
The router automatically redirects the static route to use another interface.
The static route remains in the table because it was defined as static.

Explanation: When the interface associated with a static route goes down, the router will remove the route because it is no longer valid.

61. What is a characteristic of a static route that matches all packets?

It uses a single network address to send multiple static routes to one destination address.
It identifies the gateway IP address to which the router sends all IP packets for which it does not have a learned or static route.
It backs up a route already discovered by a dynamic routing protocol.
It is configured with a higher administrative distance than the original dynamic routing protocol has.

Explanation: A default static route is a route that matches all packets. It identifies the gateway IP address to which the router sends all IP packets for which it does not have a learned or static route. A default static route is simply a static route with 0.0.0.0/0 as the destination IPv4 address. Configuring a default static route creates a gateway of last resort.

62. When would it be more beneficial to use a dynamic routing protocol instead of static routing?

in an organization where routers suffer from performance issues
on a stub network that has a single exit point
in an organization with a smaller network that is not expected to grow in size
on a network where there is a lot of topology changes

Explanation: Dynamic routing protocols consume more router resources, are suitable for larger networks, and are more useful on networks that are growing and changing.

63. Which route would be used to forward a packet with a source IP address of 192.168.10.1 and a destination IP address of 10.1.1.1?

C 192.168.10.0/30 is directly connected, GigabitEthernet0/1
O 10.1.1.0/24 [110/65] via 192.168.200.2, 00:01:20, Serial0/1/0
S* 0.0.0.0/0 [1/0] via 172.16.1.1
S 10.1.0.0/16 is directly connected, GigabitEthernet0/0

Explanation: Even though OSPF has a higher administrative distance value (less trustworthy), the best match is the route in the routing table that has the most number of far left matching bits.

64. Refer to the exhibit. What is the administrative distance value of the route for router R1 to reach the destination IPv6 address of 2001:DB8:CAFE:4::A?

120
110
1
4

Explanation: The RIP route with the source code R is used to forward data to the destination IPv6 address of 2001:DB8:CAFE:4::A. This route has an AD value of 120.

65. Which value in a routing table represents trustworthiness and is used by the router to determine which route to install into the routing table when there are multiple routes toward the same destination?

administrative distance
metric
outgoing interface
routing protocol

Explanation: The administrative distance represents the trustworthiness of a particular route. The lower an administrative distance, the more trustworthy the learned route is. When a router learns multiple routes toward the same destination, the router uses the administrative distance value to determine which route to place into the routing table. A metric is used by a routing protocol to compare routes received from the routing protocol. An exit interface is the interface used to send a packet in the direction of the destination network. A routing protocol is used to exchange routing updates between two or more adjacent routers.

66. A network administrator configures the interface fa0/0 on the router R1 with the command ip address 172.16.1.254 255.255.255.0. However, when the administrator issues the command show ip route, the routing table does not show the directly connected network. What is the possible cause of the problem?

The interface fa0/0 has not been activated.
No packets with a destination network of 172.16.1.0 have been sent to R1.
The configuration needs to be saved first.
The subnet mask is incorrect for the IPv4 address.

Explanation: A directly connected network will be added to the routing table when these three conditions are met: (1) the interface is configured with a valid IP address; (2) it is activated with no shutdown command; and (3) it receives a carrier signal from another device that is connected to the interface. An incorrect subnet mask for an IPv4 address will not prevent its appearance in the routing table, although the error may prevent successful communications.

67. Refer to the graphic. Which command would be used on router A to configure a static route to direct traffic from LAN A that is destined for LAN C?

A(config)# ip route 192.168.3.0 255.255.255.0 192.168.3.1
A(config)# ip route 192.168.3.2 255.255.255.0 192.168.4.0
A(config)# ip route 192.168.4.0 255.255.255.0 192.168.5.2
A(config)# ip route 192.168.5.0 255.255.255.0 192.168.3.2
A(config)# ip route 192.168.4.0 255.255.255.0 192.168.3.2

Explanation: The destination network on LAN C is 192.168.4.0 and the next-hop address from the perspective of router A is 192.168.3.2.

68. On which two routers would a default static route be configured? (Choose two.)

any router where a backup route to dynamic routing is needed for reliability
the router that serves as the gateway of last resort
any router running an IOS prior to 12.0
stub router connection to the rest of the corporate or campus network
edge router connection to the ISP

Explanation: A stub router or an edge router connected to an ISP has only one other router as a connection. A default static route works in those situations because all traffic will be sent to one destination. The destination router is the gateway of last resort. The default route is not configured on the gateway, but on the router sending traffic to the gateway. The router IOS does not matter.

69. Refer to the exhibit. This network has two connections to the ISP, one via router C and one via router B. The serial link between router A and router C supports EIGRP and is the primary link to the Internet. If the primary link fails, the administrator needs a floating static route that avoids recursive route lookups and any potential next-hop issues caused by the multiaccess nature of the Ethernet segment with router B. What should the administrator configure?

Create a static route pointing to 10.1.1.1 with an AD of 95.
Create a fully specified static route pointing to Fa0/0 with an AD of 1.
Create a fully specified static route pointing to Fa0/0 with an AD of 95.
Create a static route pointing to 10.1.1.1 with an AD of 1.
Create a static route pointing to Fa0/0 with an AD of 1.

Explanation: A floating static route is a static route with an administrative distance higher than that of another route already in the routing table. If the route in the table disappears, the floating static route will be put into the routing table in its place. Internal EIGRP has an AD of 90, so a floating static route in this scenario would need to have an AD higher than 90. Also, when creating a static route to a multiaccess interface like a FastEthernet segment a fully specified route should be used, with both a next-hop IP address and an exit interface. This prevents the router from doing a recursive lookup, but still ensures the correct next-hop device on the multiaccess segment forwards the packet.

70. What is a characteristic of a floating static route?

When it is configured, it creates a gateway of last resort.
It is used to provide load balancing between static routes.
It is simply a static route with 0.0.0.0/0 as the destination IPv4 address.
It is configured with a higher administrative distance than the original dynamic routing protocol has.

Explanation: Floating static routes are static routes used to provide a backup path to a primary static or dynamic route, in the event of a link failure. They must be configured with a higher administrative distance than the original dynamic routing protocol has. A default static route is simply a static route with 0.0.0.0/0 as the destination IPv4 address. Configuring a default static route creates a gateway of last resort.

71. What network prefix and prefix-length combination is used to create a default static route that will match any IPv6 destination?

FFFF::/128
::1/64
::/128
::/0

Explanation: A default static route configured for IPv6, is a network prefix of all zeros and a prefix mask of 0 which is expressed as ::/0.

72. Consider the following command:
ip route 192.168.10.0 255.255.255.0 10.10.10.2 5
What does the 5 at the end of the command signify?

exit interface
maximum number of hops to the 192.168.10.0/24 network
metric
administrative distance

Explanation: The 5 at the end of the command signifies administrative distance. This value is added to floating static routes or routes that only appear in the routing table when the preferred route has gone down. The 5 at the end of the command signifies administrative distance configured for the static route. This value indicates that the floating static route will appear in the routing table when the preferred route (with an administrative distance less than 5) is down.

73. Refer to the exhibit. The routing table for R2 is as follows:
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, Serial0/0/0
C 10.0.0.4 is directly connected, Serial0/0/1
192.168.10.0/26 is subnetted, 3 subnets
S 192.168.10.0 is directly connected, Serial0/0/0
C 192.168.10.64 is directly connected, FastEthernet0/0
S 192.168.10.128 [1/0] via 10.0.0.6
What will router R2 do with a packet destined for 192.168.10.129?

send the packet out interface FastEthernet0/0
send the packet out interface Serial0/0/1
drop the packet
send the packet out interface Serial0/0/0

Explanation: When a static route is configured with the next hop address (as in the case of the 192.168.10.128 network), the output of the show ip route command lists the route as “via” a particular IP address. The router has to look up that IP address to determine which interface to send the packet out. Because the IP address of 10.0.0.6 is part of network 10.0.0.4, the router sends the packet out interface Serial0/0/1.

74. An administrator issues the ipv6 route 2001:db8:acad:1::/32 gigabitethernet0/0 2001:db8:acad:6::1 100 command on a router. What administrative distance is assigned to this route?

0
1
32
100

Explanation: The command ipv6 route 2001:db8:acad:1::/32 gigabitethernet0/0 2001:db8:acad:6::1 100 will configure a floating static route on a router. The 100 at the end of the command specifies the administrative distance of 100 to be applied to the route.

75. Refer to the exhibit. Which default static route command would allow R1 to potentially reach all unknown networks on the Internet?

R1(config)# ipv6 route 2001:db8:32::/64 G0/0
R1(config)# ipv6 route ::/0 G0/0 fe80::2
R1(config)# ipv6 route 2001:db8:32::/64 G0/1 fe80::2
R1(config)# ipv6 route ::/0 G0/1 fe80::2

Explanation: To route packets to unknown IPv6 networks a router will need an IPv6 default route. The static route ipv6 route ::/0 G0/1 fe80::2 will match all networks and send packets out the specified exit interface G0/1 toward R2.

76. Refer to the exhibit. The network engineer for the company that is shown wants to use the primary ISP connection for all external connectivity. The backup ISP connection is used only if the primary ISP connection fails. Which set of commands would accomplish this goal?

ip route 0.0.0.0 0.0.0.0 s0/0/0
ip route 0.0.0.0 0.0.0.0 s0/1/0
ip route 0.0.0.0 0.0.0.0 s0/0/0
ip route 0.0.0.0 0.0.0.0 s0/1/0 10
ip route 198.133.219.24 255.255.255.252
ip route 64.100.210.80 255.255.255.252 10
ip route 198.133.219.24 255.255.255.252
ip route 64.100.210.80 255.255.255.252

Explanation: A static route that has no administrative distance added as part of the command has a default administrative distance of 1. The backup link should have a number higher than 1. The correct answer has an administrative distance of 10. The other quad zero route would load balance packets across both links and both links would appear in the routing table. The remaining answers are simply static routes (either a default route or a floating static default route).

77. Refer to the exhibit. Which set of commands will configure static routes that will allow the Park and the Alta routers to a) forward packets to each LAN and b) direct all other traffic to the Internet?

Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 198.18.222.0 255.255.255.255 s0/0/0
Park(config)# ip route 172.16.67.0 255.255.255.0 192.168.14.1
Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Park(config)# ip route 172.16.67.0 255.255.255.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1

Explanation: The LAN connected to the router Park is a stud network, therefore, a default route should be used to forward network traffic destined to non-local networks. The router Alta connects to both the internet and the Park router, it would require two static routes configured, one toward the internet and the other toward the LAN connected to the router Park.

78. Refer to the exhibit. The small company shown uses static routing. Users on the R2 LAN have reported a problem with connectivity. What is the issue?

R1 needs a static route to the R2 LAN.
R2 needs a static route to the R1 LANs.
R1 needs a default route to R2.
R2 needs a static route to the Internet.
R1 and R2 must use a dynamic routing protocol.

Explanation: R1 has a default route to the Internet. R2 has a default route to R1. R1 is missing a static route for the 10.0.60.0 network. Any traffic that reached R1 and is destined for 10.0.60.0/24 will be routed to the ISP.

79. Refer to the exhibit. An administrator is attempting to install an IPv6 static route on router R1 to reach the network attached to router R2. After the static route command is entered, connectivity to the network is still failing. What error has been made in the static route configuration?

The next hop address is incorrect.
The interface is incorrect.
The destination network is incorrect.
The network prefix is incorrect.

Explanation: In this example the interface in the static route is incorrect. The interface should be the exit interface on R1, which is s0/0/0.

80. Refer to the exhibit. How was the host route 2001:DB8:CAFE:4::1/128 installed in the routing table?

The route was dynamically created by router R1.
The route was dynamically learned from another router.
The route was manually entered by an administrator.
The route was automatically installed when an IP address was configured on an active interface.

Explanation: A host route is an IPv6 route with a 128-bit mask. A host route can be installed in a routing table automatically when an IP address is configured on a router interface or manually if a static route is created.

81. Refer to the exhibit. HostA is attempting to contact ServerB. Which two statements correctly describe the addressing that HostA will generate in the process? (Choose two.)

A packet with the destination IP address of RouterA.
A frame with the destination MAC address of SwitchA.
A packet with the destination IP address of ServerB.
A frame with the destination MAC address of RouterA.
A frame with the destination MAC address of ServerB.
A packet with the destination IP address of RouterB.

Explanation: In order to send data to ServerB, HostA will generate a packet that contains the IP address of the destination device on the remote network and a frame that contains the MAC address of the default gateway device on the local network.

82. Refer to the exhibit. A ping from R1 to 10.1.1.2 is successful, but a ping from R1 to any address in the 192.168.2.0 network fails. What is the cause of this problem?

There is no gateway of last resort at R1.
The static route for 192.168.2.0 is incorrectly configured.
A default route is not configured on R1.
The serial interface between the two routers is down.

83. Refer to the exhibit. An administrator is attempting to install a default static route on router R1 to reach the Site B network on router R2. After entering the static route command, the route is still not showing up in the routing table of router R1. What is preventing the route from installing in the routing table?

The netmask is incorrect.
The exit interface is missing.
The next hop address is incorrect.
The destination network is incorrect.

Explanation: The next hop address is incorrect. From R1 the next hop address should be that of the serial interface of R2, 209.165.202.130.

85. What characteristic completes the following statement?
When an IPv6 static route is configured, the next-hop address can be ……

a destination host route with a /128 prefix.
the “show ipv6 route static” command.
an IPv6 link-local address on the adjacent router.
the interface type and interface number.

86. Gateway of last resort is not set.
172.19.115.0/26 is variously subnetted, 7 subnets, 3 masks
O 172.19.115.0/26 [110/10] via 172.19.39.1, 00:00:24, Serial0/0/0
O 172.19.115.64/26 [110/20] via 172.19.39.6, 00:00:56, Serial 0/0/1
O 172.19.115.128/26 [110/10] via 172.19.39.1, 00:00:24, Serial 0/0/0
C 172.19.115.192/27 is directly connected, GigabitEthernet0/0
L 172.19.115.193/27 is directly connected, GigabitEthernet0/0
C 172.19.115.224/27 is directly connected, GigabitEthernet0/1
L 172.19.115.225/27 is directly connected, GigabitEthernet0/1
172.19.39.0/24 is variably subnetted, 4 subnets, 2 masks
C 172.19.39.0/30 is directly connected, Serial0/0/0
L 172.19.39.2/32 is directly connected, Serial0/0/0
C 172.19.39.4/30 is directly connected, Serial0/0/1
L 172.19.39.5/32 is directly connected, Serial0/0/1
S 172.19.40.0/26 [1/0] via 172.19.39.1, 00:00:24, Serial0/0/0
R1#
Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the destination IP address 172.19.115.206?

GigabitEthernet0/1
None, the packet will be dropped.
GigabitEthernet0/0
Serial0/0/1

87. Refer to the exhibit. What routing solution will allow both PC A and PC B to access the Internet with the minimum amount of router CPU and network bandwidth utilization?

Configure a dynamic routing protocol between R1 and Edge and advertise all routes.
Configure a static route from R1 to Edge and a dynamic route from Edge to R1.
Configure a static default route from R1 to Edge, a default route from Edge to the Internet, and a static route from Edge to R1.
Configure a dynamic route from R1 to Edge and a static route from Edge to R1.

Explanation: Two routes have to be created: a default route in R1 to reach Edge and a static route in Edge to reach R1 for the return traffic. This is a best solution once PC A and PC B belong to stub networks. Moreover, static routing consumes less bandwidth than dynamic routing.

88. Refer to the exhibit. What would happen after the IT administrator enters the new static route?

The 172.16.1.0 static route would be entered into the running-config but not shown in the routing table.
The 172.16.1.0 route learned from RIP would be replaced with the 172.16.1.0 static route.
The 0.0.0.0 default route would be replaced with the 172.16.1.0 static route.
The 172.16.1.0 static route is added to the existing routes in the routing table.

Explanation: A route will be installed in a routing table if there is not another routing source with a lower administrative distance. If a route with a lower administrative distance to the same destination network as a current route is entered, the route with the lower administrative distance will replace the route with a higher administrative distance.

89. What two pieces of information are needed in a fully specified static route to eliminate recursive lookups? (Choose two.)

the interface ID of the next-hop neighbor
the interface ID exit interface
the IP address of the exit interface
the IP address of the next-hop neighbor
the administrative distance for the destination network

Explanation: A fully specified static route can be used to avoid recursive routing table lookups by the router. A fully specified static route contains both the IP address of the next-hop router and the ID of the exit interface.

90. Refer to the exhibit. Which command will properly configure an IPv6 static route on R2 that will allow traffic from PC2 to reach PC1 without any recursive lookups by router R2?

R2(config)# ipv6 route ::/0 2001:db8:32::1
R2(config)# ipv6 route 2001:db8:10:12::/64 S0/0/0
R2(config)# ipv6 route 2001:db8:10:12::/64 2001:db8:32::1
R2(config)# ipv6 route 2001:db8:10:12::/64 S0/0/1

Explanation: A nonrecursive route must have an exit interface specified from which the destination network can be reached. In this example 2001:db8:10:12::/64 is the destination network and R2 will use exit interface S0/0/0 to reach that network. Therefore, the static route would be ipv6 route 2001:db8:10:12::/64 S0/0/0.

91. Refer to the exhibit. Which static route would an IT technician enter to create a backup route to the 172.16.1.0 network that is only used if the primary RIP learned route fails?

ip route 172.16.1.0 255.255.255.0 s0/0/0
ip route 172.16.1.0 255.255.255.0 s0/0/0 121
ip route 172.16.1.0 255.255.255.0 s0/0/0 111
ip route 172.16.1.0 255.255.255.0 s0/0/0 91

Explanation: A backup static route is called a floating static route. A floating static route has an administrative distance greater than the administrative distance of another static route or dynamic route.

92. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Modules 14 – 16: Routing Concepts and Configuration Exam

A user reports that PC0 cannot visit the web server www.server.com. Troubleshoot the network configuration to identify the problem.
What is the cause of the problem?

The clock rate on one of the serial links is configured incorrectly.
A serial interface on Branch is configured incorrectly.
The DNS server address on PC0 is configured incorrectly.
Routing between HQ and Branch is configured incorrectly.

Explanation: In order to allow communication to remote networks, proper routing, either static or dynamic, is necessary. Both routers must be configured with a routing method.

93. Match the routing table entry to the corresponding function. (Not all options are used.)

94. Refer to the exhibit. PC A sends a request to Server B. What IPv4 address is used in the destination field in the packet as the packet leaves PC A?

192.168.11.1
192.168.10.1
192.168.12.16
192.168.10.10

Explanation: The destination IP address in packets does not change along the path between the source and destination.

95. What does R1 use as the MAC address of the destination when constructing the frame that will go from R1 to Server B?

If the destination MAC address that corresponds to the IPv4 address is not in the ARP cache, R1 sends an ARP request.
R1 uses the destination MAC address of S1.
The packet is encapsulated into a PPP frame, and R1 adds the PPP destination address to the frame.
R1 leaves the field blank and forwards the data to the PC.

Explanation: Communication inside a local network uses Address Resolution Protocol to obtain a MAC address from a known IPv4 address. A MAC address is needed to construct the frame in which the packet is encapsulated.

96. What route would have the lowest administrative distance?

a route received through the OSPF routing protocol
a directly connected network
a static route
a route received through the EIGRP routing protocol

Explanation: The most believable route or the route with the lowest administrative distance is one that is directly connected to a router.

97. A network administrator configures the interface fa0/0 on the router R1 with the command ip address 172.16.1.254 255.255.255.0. However, when the administrator issues the command show ip route, the routing table does not show the directly connected network. What is the possible cause of the problem?

The subnet mask is incorrect for the IPv4 address.
The interface fa0/0 has not been activated.
The configuration needs to be saved first.
No packets with a destination network of 172.16.1.0 have been sent to R1.

Explanation: A directly connected network will be added to the routing table when these three conditions are met: (1) the interface is configured with a valid IP address; (2) it is activated with no shutdown command; and (3) it receives a carrier signal from another device that is connected to the interface. An incorrect subnet mask for an IPv4 address will not prevent its appearance in the routing table, although the error may prevent successful communications.

98. A router has used the OSPF protocol to learn a route to the 172.16.32.0/19 network. Which command will implement a backup floating static route to this network?

ip route 172.16.0.0 255.255.224.0 S0/0/0 100
ip route 172.16.0.0 255.255.240.0 S0/0/0 200
ip route 172.16.32.0 255.255.224.0 S0/0/0 200
ip route 172.16.32.0 255.255.0.0 S0/0/0 100

Explanation: OSPF has an administrative distance of 110, so the floating static route must have an administrative distance higher than 110. Because the target network is 172.16.32.0/19, that static route must use the network 172.16.32.0 and a netmask of 255.255.224.0.

99. Consider the following command:

ip route 192.168.10.0 255.255.255.0 10.10.10.2 5

How would an administrator test this configuration?

Delete the default gateway route on the router.
Manually shut down the router interface used as a primary route.
Ping from the 192.168.10.0 network to the 10.10.10.2 address.
Ping any valid address on the 192.168.10.0/24 network.

Explanation: A floating static is a backup route that only appears in the routing table when the interface used with the primary route is down. To test a floating static route, the route must be in the routing table. Therefore, shutting down the interface used as a primary route would allow the floating static route to appear in the routing table.

100. Refer to the exhibit. Which type of IPv6 static route is configured in the exhibit?

floating static route
fully specified static route
recursive static route
directly attached static route

Explanation: The route provided points to another address that must be looked up in the routing table. This makes the route a recursive static route.

101. What characteristic completes the following statement?
When an IPv6 static route is configured, it is first necessary to configure ……

the next-hop address of two different adjacent routers.
the “ipv6 unicast-routing” command.
an IPv6 link-local address on the adjacent router.
an administrative distance of 2.

102. Gateway of last resort is not set.

172.18.109.0/26 is variously subnetted, 7 subnets, 3 masks
O 172.18.109.0/26 [110/10] via 172.18.32.1, 00:00:24, Serial0/0/0
O 172.18.109.64/26 [110/20] via 172.18.32.6, 00:00:56, Serial 0/0/1
O 172.18.109.128/26 [110/10] via 172.18.32.1, 00:00:24, Serial 0/0/0
C 172.18.109.192/27 is directly connected, GigabitEthernet0/0
L 172.18.109.193/27 is directly connected, GigabitEthernet0/0
C 172.18.109.224/27 is directly connected, GigabitEthernet0/1
L 172.18.109.225/27 is directly connected, GigabitEthernet0/1
172.18.32.0/24 is variably subnetted, 4 subnets, 2 masks
C 172.18.32.0/30 is directly connected, Serial0/0/0
L 172.18.32.2/32 is directly connected, Serial0/0/0
C 172.18.32.4/30 is directly connected, Serial0/0/1
L 172.18.32.5/32 is directly connected, Serial0/0/1
S 172.18.33.0/26 [1/0] via 172.18.32.1, 00:00:24, Serial0/0/0
R1#

Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the destination IP address 172.18.109.152?

GigabitEthernet0/0
GigabitEthernet0/1
Serial0/0/0
None, the packet will be dropped.

103. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
A user reports that PC0 cannot visit the web server www.server.com. Troubleshoot the network configuration to identify the problem.
What is the cause of the problem?

The clock rate on one of the serial links is configured incorrectly.
A serial interface on Branch is configured incorrectly.
The DNS server address on PC0 is configured incorrectly.
Routing between HQ and Branch is configured incorrectly.

Explanation: In order to allow communication to remote networks, proper routing, either static or dynamic, is necessary. Both routers must be configured with a routing method.

104. Which Layer 2 attack will result in legitimate users not getting valid IP addresses?

ARP spoofing
DHCP starvation
IP address spoofing
MAC address flooding

105. What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?

Disable DTP.
Disable STP.
Enable port security.
Place unused ports in an unused VLAN.

106. Which three Cisco products focus on endpoint security solutions? (Choose three.)

IPS Sensor Appliance
Web Security Appliance
Email Security Appliance
SSL/IPsec VPN Appliance
Adaptive Security Appliance
NAC Appliance

107. True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.

true
false

108. Which authentication method stores usernames and passwords in the router and is ideal for small networks?

server-based AAA over TACACS+
local AAA over RADIUS
server-based AAA
local AAA over TACACS+
local AAA
server-based AAA over RADIUS

Explanation: In a small network with a few network devices, AAA authentication can be implemented with the local database and with usernames and passwords stored on the network devices. Authentication using the TACACS+ or RADIUS protocol will require dedicated ACS servers although this authentication solution scales well in a large network.

109. What represents a best practice concerning discovery protocols such as CDP and LLDP on network devices?

Enable CDP on edge devices, and enable LLDP on interior devices.
Use the open standard LLDP rather than CDP.
Use the default router settings for CDP and LLDP.
Disable both protocols on all interfaces where they are not required.

Explanation: Both discovery protocols can provide hackers with sensitive network information. They should not be enabled on edge devices, and should be disabled globally or on a per-interface basis if not required. CDP is enabled by default.

110. Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices?

SNMP
TFTP
SSH
SCP

Explanation: Telnet uses plain text to communicate in a network. The username and password can be captured if the data transmission is intercepted. SSH encrypts data communications between two network devices. TFTP and SCP are used for file transfer over the network. SNMP is used in network management solutions.

111. Which statement describes the behavior of a switch when the MAC address table is full?

It treats frames as unknown unicast and floods all incoming frames to all ports on the switch.
It treats frames as unknown unicast and floods all incoming frames to all ports across multiple switches.
It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.
It treats frames as unknown unicast and floods all incoming frames to all ports within the collision domain.

Explanation: When the MAC address table is full, the switch treats the frame as an unknown unicast and begins to flood all incoming traffic to all ports only within the local VLAN.

112. What device is considered a supplicant during the 802.1X authentication process?

the router that is serving as the default gateway
the authentication server that is performing client authentication
the client that is requesting authentication
the switch that is controlling network access

Explanation: The devices involved in the 802.1X authentication process are as follows:

The supplicant, which is the client that is requesting network access
The authenticator, which is the switch that the client is connecting to and that is actually controlling physical network access
The authentication server, which performs the actual authentication

113. Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator has the following goals?

No one is allowed to disconnect the IP phone or the PC and connect some other wired device.
If a different device is connected, port Fa0/2 is shut down.
The switch should automatically detect the MAC address of the IP phone and the PC and add those addresses to the running configuration.

SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security violation restrict
SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky

Explanation: The default mode for a port security violation is to shut down the port so the switchport port-security violation command is not necessary. The switchport port-security command must be entered with no additional options to enable port security for the port. Then, additional port security options can be added.

114. Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action will occur when PC1 is attached to switch S1 with the applied configuration?

Frames from PC1 will be forwarded since the switchport port-security violation command is missing.
Frames from PC1 will be forwarded to its destination, and a log entry will be created.
Frames from PC1 will be forwarded to its destination, but a log entry will not be created.
Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made.
Frames from PC1 will be dropped, and there will be no log of the violation.
Frames from PC1 will be dropped, and a log message will be created.

Explanation: Manual configuration of the single allowed MAC address has been entered for port fa0/12. PC1 has a different MAC address and when attached will cause the port to shut down (the default action), a log message to be automatically created, and the violation counter to increment. The default action of shutdown is recommended because the restrict option might fail if an attack is underway.

115. Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?

DHCP spoofing
DHCP starvation
VLAN double-tagging
DTP spoofing

Explanation: Spoofing DTP messages forces a switch into trunking mode as part of a VLAN-hopping attack, but VLAN double tagging works even if trunk ports are disabled. Changing the native VLAN from the default to an unused VLAN reduces the possibility of this type of attack. DHCP spoofing and DHCP starvation exploit vulnerabilities in the DHCP message exchange.

116. A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?

It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs.
It checks the source MAC address in the Ethernet header against the MAC address table.
It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body.

Explanation: DAI can be configured to check for both destination or source MAC and IP addresses:

Destination MAC – Checks the destination MAC address in the Ethernet header against the target MAC address in the ARP body.
Source MAC – Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
IP address – Checks the ARP body for invalid and unexpected IP addresses including addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses.

117. Which two commands can be used to enable BPDU guard on a switch? (Choose two.)

S1(config)# spanning-tree bpduguard default
S1(config-if)# spanning-tree portfast bpduguard
S1(config)# spanning-tree portfast bpduguard default
S1(config-if)# enable spanning-tree bpduguard
S1(config-if)# spanning-tree bpduguard enable

Explanation: BPDU guard can be enabled on all PortFast-enabled ports by using the spanning-tree portfast bpduguard default global configuration command. Alternatively, BPDU guard can be enabled on a PortFast-enabled port through the use of the spanning-tree bpduguard enable interface configuration command.

118. As part of the new security policy, all switches on the network are configured to automatically learn MAC addresses for each port. All running configurations are saved at the start and close of every business day. A severe thunderstorm causes an extended power outage several hours after the close of business. When the switches are brought back online, the dynamically learned MAC addresses are retained. Which port security configuration enabled this?

auto secure MAC addresses
dynamic secure MAC addresses
static secure MAC addresses
sticky secure MAC addresses

Explanation: With sticky secure MAC addressing, the MAC addresses can be either dynamically learned or manually configured and then stored in the address table and added to the running configuration file. In contrast, dynamic secure MAC addressing provides for dynamically learned MAC addressing that is stored only in the address table.

119. Which type of management frame may regularly be broadcast by an AP?

authentication
probe request
probe response
beacon

Explanation: Beacons are the only management frame that may regularly be broadcast by an AP. Probing, authentication, and association frames are used only during the association (or reassociation) process.

120. What are the two methods that are used by a wireless NIC to discover an AP? (Choose two.)

delivering a broadcast frame
receiving a broadcast beacon frame
initiating a three-way handshake
sending an ARP request
transmitting a probe request

Explanation: Two methods can be used by a wireless device to discover and register with an access point: passive mode and active mode. In passive mode, the AP sends a broadcast beacon frame that contains the SSID and other wireless settings. In active mode, the wireless device must be manually configured for the SSID, and then the device broadcasts a probe request.

121. A technician is configuring the channel on a wireless router to either 1, 6, or 11. What is the purpose of adjusting the channel?

to enable different 802.11 standards
to avoid interference from nearby wireless devices
to disable broadcasting of the SSID
to provide stronger security modes

Explanation: Channels 1, 6, and 11 are selected because they are 5 channels apart. thus minimizing the interference with adjacent channels. A channel frequency can interfere with channels on either side of the main frequency. All wireless devices need to be used on nonadjacent channels.

122. While attending a conference, participants are using laptops for network connectivity. When a guest speaker attempts to connect to the network, the laptop fails to display any available wireless networks. The access point must be operating in which mode?

mixed
passive
active
open

Explanation: Active is a mode used to configure an access point so that clients must know the SSID to connect to the access point. APs and wireless routers can operate in a mixed mode meaning that that multiple wireless standards are supported. Open is an authentication mode for an access point that has no impact on the listing of available wireless networks for a client. When an access point is configured in passive mode, the SSID is broadcast so that the name of wireless network will appear in the listing of available networks for clients.

123. A network administrator is required to upgrade wireless access to end users in a building. To provide data rates up to 1.3 Gb/s and still be backward compatible with older devices, which wireless standard should be implemented?

802.11n
802.11ac
802.11g
802.11b

Explanation: 802.11ac provides data rates up to 1.3 Gb/s and is still backward compatible with 802.11a/b/g/n devices. 802.11g and 802.11n are older standards that cannot reach speeds over 1Gb/s. 802.11ad is a newer standard that can offer theoretical speeds of up to 7 Gb/s.

124. A technician is about to install and configure a wireless network at a small branch office. What is the first security measure the technician should apply immediately upon powering up the wireless router?

Enable MAC address filtering on the wireless router.
Configure encryption on the wireless router and the connected wireless devices.
Change the default user-name and password of the wireless router.
Disable the wireless network SSID broadcast.

Explanation: The first action a technician should do to secure a new wireless network is to change the default user-name and password of the wireless router. The next action would usually be to configure encryption. Then once the initial group of wireless hosts have connected to the network, MAC address filtering would be enabled and SSID broadcast disabled. This will prevent new unauthorized hosts from finding and connecting to the wireless network.

125. On a Cisco 3504 WLC dashboard, which option provides access to the full menu of features?

Access Points
Network Summary
Advanced
Rogues

Explanation: The Cisco 3504 WLC dashboard displays when a user logs into the WLC. It provides some basic settings and menus that users can quickly access to implement a variety of common configurations. By clicking the Advanced button, the user will access the advanced Summary page and access all the features of the WLC.

126. Which step is required before creating a new WLAN on a Cisco 3500 series WLC?

Create a new SSID.
Build or have an SNMP server available.
Build or have a RADIUS server available.
Create a new VLAN interface.

Explanation: Each new WLAN configured on a Cisco 3500 series WLC needs its own VLAN interface. Thus it is required that a new VLAN interface to be created first before a new WLAN can be created.

127. A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?

Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will result in fewer users accessing these services.
The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.
The 5 GHz band has a greater range and is therefore likely to be interference-free.
The only users that can switch to the 5 GHz band will be those with the latest wireless NICs, which will reduce usage.

Explanation: Wireless range is determined by the access point antenna and output power, not the frequency band that is used. In this scenario it is stated that all users have wireless NICs that comply with the latest standard, and so all can access the 5 GHz band. Although some users may find it inconvenient to switch to the 5 Ghz band to access streaming services, it is the greater number of channels, not just fewer users, that will improve network performance.

128. A network administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The configuration requires a shared secret password. What is the purpose for the shared secret password?

It is used by the RADIUS server to authenticate WLAN users.
It is used to authenticate and encrypt user data on the WLAN.
It is used to encrypt the messages between the WLC and the RADIUS server.
It allows users to authenticate and access the WLAN.

Explanation: The RADIUS protocol uses security features to protect communications between the RADIUS server and clients. A shared secret is the password used between the WLC and the RADIUS server. It is not for end users.

129. Which three parameters would need to be changed if best practices are being implemented for a home wireless AP? (Choose three.)

wireless client operating system password
antenna frequency
wireless network password
wireless beacon time
AP password
SSID

Explanation: As soon as an AP is taken out of a box, the default device password, SSID, and security parameters (wireless network password) should be set. The frequency of a wireless antenna can be adjusted, but doing so is not required. The beacon time is not normally configured. The wireless client operating system password is not affected by the configuration of a home wireless network.

130. Which access control component, implementation, or protocol is based upon usernames and passwords?

802.1X
accounting
authentication
authorization

131. Which type of wireless network is based on the 802.11 standard and a 2.4-GHz or 5-GHz radio frequency?

wireless metropolitan-area network
wireless wide-area network
wireless local-area network
wireless personal-area network

132. Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.)

DHCP Snooping
IP Source Guard
Dynamic ARP Inspection
Port Security
Web Security Appliance

Explanation: Cisco provides solutions to help mitigate Layer 2 attacks including these:

IP Source Guard (IPSG) – prevents MAC and IP address spoofing attacks
Dynamic ARP Inspection (DAI) – prevents ARP spoofing and ARP poisoning attacks
DHCP Snooping – prevents DHCP starvation and SHCP spoofing attacks
Port Security – prevents many types of attacks including MAC table overflow attacks and DHCP starvation attacks

Web Security Appliance (WSA) is a mitigation technology for web-based threats.

133. What are three techniques for mitigating VLAN attacks? (Choose three.)

Enable trunking manually.
Disable DTP.
Enable Source Guard.
Set the native VLAN to an unused VLAN.
Use private VLANs.
Enable BPDU guard.

Explanation: Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use.

134. Refer to the exhibit. What can be determined about port security from the information that is shown?

The port has the maximum number of MAC addresses that is supported by a Layer 2 switch port which is configured for port security.
The port has been shut down.
The port violation mode is the default for any port that has port security enabled.
The port has two attached devices.

Explanation: The Port Security line simply shows a state of Enabled if the switchport port-security command (with no options) has been entered for a particular switch port. If a port security violation had occurred, a different error message appears such as Secure-shutdown. The maximum number of MAC addresses supported is 50. The Maximum MAC Addresses line is used to show how many MAC addresses can be learned (2 in this case). The Sticky MAC Addresses line shows that only one device has been attached and learned automatically by the switch. This configuration could be used when a port is shared by two cubicle-sharing personnel who bring in separate laptops.

135. A network administrator of a college is configuring the WLAN user authentication process. Wireless users are required to enter username and password credentials that will be verified by a server. Which server would provide such service?

AAA
NAT
RADIUS
SNMP

Explanation: Remote Authentication Dial-In User Service (RADIUS) is a protocol and server software that provides user-based authentication for an organization. When a WLAN is configured to use a RADIUS server, users will enter username and password credentials that are verified by the RADIUS server before allowing to the WLAN.

136. A technician is troubleshooting a slow WLAN that consists of 802.11b and 802.11g devices . A new 802.11n/ac dual-band router has been deployed on the network to replace the old 802.11g router. What can the technician do to address the slow wireless speed?

Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band.
Update the firmware on the new router.
Configure devices to use a different channel.
Change the SSID.

Explanation: Splitting the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band will allow for the 802.11n to use the two bands as two separate wireless networks to help manage the traffic, thus improving wireless performance.

137. The company handbook states that employees cannot have microwave ovens in their offices. Instead, all employees must use the microwave ovens located in the employee cafeteria. What wireless security risk is the company trying to avoid?

improperly configured devices
rogue access points
accidental interference
interception of data

Explanation: Denial of service attacks can be the result of improperly configured devices which can disable the WLAN. Accidental interference from devices such as microwave ovens and cordless phones can impact both the security and performance of a WLAN. Man-in-the-middle attacks can allow an attacker to intercept data. Rogue access points can allow unauthorized users to access the wireless network.

138. What is the function provided by CAPWAP protocol in a corporate wireless network?

CAPWAP creates a tunnel on Transmission Control Protocol (TCP) ports in order to allow a WLC to configure an autonomous access point.
CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access point and a wireless LAN controller.
CAPWAP provides connectivity between an access point using IPv6 addressing and a wireless client using IPv4 addressing.
CAPWAP provides the encryption of wireless user traffic between an access point and a wireless client.

Explanation: CAPWAP is an IEEE standard protocol that enables a WLC to manage multiple APs and WLANs. CAPWAP is also responsible for the encapsulation and forwarding of WLAN client traffic between an AP and a WLC.

139. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Modules 10 – 13: L2 Security and WLANs Exam Answers

Which event will take place if there is a port security violation on switch S1 interface Fa0/1?

A syslog message is logged.
The interface will go into error-disabled state.
Packets with unknown source addresses will be dropped.
A notification is sent.

Explanation: The violation mode can be viewed by issuing the show port-security interface <int>command. Interface FastEthernet 0/1 is configured with the violation mode of protect. If there is a violation, interface FastEthernet 0/1 will drop packets with unknown MAC addresses.

140. Match each functional component of AAA with its description. (Not all options are used.)

141. What are two protocols that are used by AAA to authenticate users against a central database of usernames and password? (Choose two.)

SSH
HTTPS
TACACS+
RADIUS
CHAP
NTP

Explanation: By using TACACS+ or RADIUS, AAA can authenticate users from a database of usernames and passwords stored centrally on a server such as a Cisco ACS server.

142. What is the result of a DHCP starvation attack?

The attacker provides incorrect DNS and default gateway information to clients.
The IP addresses assigned to legitimate clients are hijacked.
Clients receive IP address assignments from a rogue DHCP server.
Legitimate clients are unable to lease IP addresses.

Explanation: DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.

143. Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks?

the limited size of content-addressable memory space
the automatic trunking port feature enabled for all ports by default
the native VLAN of the trunking port being the same as a user VLAN
mixed duplex mode enabled for all ports by default

Explanation: A double-tagging (or double-encapsulated) VLAN hopping attack takes advantage of the way that hardware on most switches operates. Most switches perform only one level of 802.1Q de-encapsulation, which allows an attacker to embed a hidden 802.1Q tag inside the frame. This tag allows the frame to be forwarded to a VLAN that the original 802.1Q tag did not specify. An important characteristic of the double-encapsulated VLAN hopping attack is that it works even if trunk ports are disabled, because a host typically sends a frame on a segment that is not a trunk link. This type of attack is unidirectional and works only when the attacker is connected to a port residing in the same VLAN as the native VLAN of the trunk port.

144. Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?

authentication
accounting
accessibility
authorization

Explanation: One of the components in AAA is accounting. After a user is authenticated through AAA, AAA servers keep a detailed log of exactly what actions the authenticated user takes on the device.

145. Refer to the exhibit. PC1 and PC2 should be able to obtain IP address assignments from the DHCP server. How many ports among switches should be assigned as trusted ports as part of the DHCP snooping configuration?

Explanation: The DHCP snooping configuration includes building the DHCP Snooping Binding Database and assigning necessary trusted ports on switches. A trusted port points to the legitimate DHCP servers. In this network design, because the DHCP server is attached to AS3, seven switch ports should be assigned as trusted ports, one on AS3 toward the DHCP server, one on DS1 toward AS3, one on DS2 toward AS3, and two connections on both AS1 and AS2 (toward DS1 and DS2), for a total of seven.

146. An IT security specialist enables port security on a switch port of a Cisco switch. What is the default violation mode in use until the switch port is configured to use a different violation mode?

shutdown
disabled
restrict
protect

Explanation: If no violation mode is specified when port security is enabled on a switch port, then the security violation mode defaults to shutdown.

147. A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?

It checks the source MAC address in the Ethernet header against the MAC address table.
It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs.
It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body.
It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.

Explanation: DAI can be configured to check for both destination or source MAC and IP addresses:

Destination MAC – Checks the destination MAC address in the Ethernet header against the target MAC address in the ARP body.
Source MAC – Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
IP address – Checks the ARP body for invalid and unexpected IP addresses including addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses.

148. What is an advantage of SSID cloaking?

Clients will have to manually identify the SSID to connect to the network.
It is the best way to secure a wireless network.
SSIDs are very difficult to discover because APs do not broadcast them.
It provides free Internet access in public locations where knowing the SSID is of no concern.

Explanation: SSID cloaking is a weak security feature that is performed by APs and some wireless routers by allowing the SSID beacon frame to be disabled. Although clients have to manually identify the SSID to be connected to the network, the SSID can be easily discovered. The best way to secure a wireless network is to use authentication and encryption systems. SSID cloaking does not provide free Internet access in public locations, but an open system authentication could be used in that situation.

149. What is a wireless security mode that requires a RADIUS server to authenticate wireless users?

personal
shared key
enterprise
WEP

Explanation: WPA and WPA2 come in two types: personal and enterprise. Personal is used in home and small office networks. Shared key allows three different authentication techniques: (1) WEP, (2) WPA, and (3) 802.11i/WPA2. WEP is an encryption method.

150. A company has recently implemented an 802.11n wireless network. Some users are complaining that the wireless network is too slow. Which solution is the best method to enhance the performance of the wireless network?

Disable DHCP on the access point and assign static addresses to the wireless clients.
Upgrade the firmware on the wireless access point.
Split the traffic between the 2.4 GHz and 5 GHz frequency bands.
Replace the wireless NICs on the computers that are experiencing slow connections.

Explanation: Because some users are complaining about the network being too slow, the correct option would be to split the traffic so that there are two networks using different frequencies at the same time. Replacing the wireless NICs will not necessarily correct the network being slow and it could be expensive for the company. DHCP versus static addressing should have no impact of the network being slow and it would be a huge task to have all users assigned static addressing for their wireless connection. Upgrading the firmware on the wireless access point is always a good idea. However, if some of the users are experiencing a slow network connection, it is likely that this would not substantially improve network performance.

151. Which protocol can be used to monitor the network?

DHCP
SNMP
RADIUS
AAA

Explanation: Simple Network Management Protocol (SNMP) is used to monitor the network.

152. A network administrator deploys a wireless router in a small law firm. Employee laptops join the WLAN and receive IP addresses in the 10.0.10.0/24 network. Which service is used on the wireless router to allow the employee laptops to access the internet?

DHCP
RADIUS
DNS
NAT

Explanation: Any address with the 10 in the first octet is a private IPv4 address and cannot be routed on the internet. The wireless router will use a service called Network Address Translation (NAT) to convert private IPv4 addresses to internet-routable IPv4 addresses for wireless devices to gain access to the internet.

153. Which service can be used on a wireless router to prioritize network traffic among different types of applications so that voice and video data are prioritized over email and web data?

QoS
DNS
DHCP
NAT

Explanation: Many wireless routers have an option for configuring quality of service (QoS). By configuring QoS, certain time-sensitive traffic types, such as voice and video, are prioritized over traffic that is not as time-sensitive, such as email and web browsing.

154. Which access control component, implementation, or protocol is based on device roles of supplicant, authenticator, and authentication server?

accounting
authentication
authorization
802.1X

155. Which type of wireless network is suitable for national and global communications?

wireless metropolitan-area network
wireless local-area network
wireless personal-area network
wireless wide-area network

156. Which feature on a switch makes it vulnerable to VLAN hopping attacks?

the mixed duplex mode enabled for all ports by default
the limited size of content-addressable memory space
mixed port bandwidth support enabled for all ports by default
the automatic trunking port feature enabled for all ports by default

Explanation: A VLAN hopping attack enables traffic from one VLAN to be seen by another VLAN without routing. In a basic VLAN hopping attack, the attacker takes advantage of the automatic trunking port feature enabled by default on most switch ports.

157. Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?

accounting
authentication
auditing
authorization

Explanation: One of the components in AAA is authorization. After a user is authenticated through AAA, authorization services determine which resources the user can access and which operations the user is allowed to perform.

158. Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown?

CCNA 2 v7 Modules 10 – 13: L2 Security and WLANs Exam Answers 55

The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface.
The connection between S1 and PC1 is via a crossover cable.
S1 has been configured with a switchport port-security aging command.
The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.

Explanation: The security violation counter for Fa0/2 has been incremented (evidenced by the 1 in the SecurityViolation column). The most secure addresses allowed on port Fa0/2 is 1 and that address was manually entered. Therefore, PC1 must have a different MAC address than the one configured for port Fa0/2. Connections between end devices and the switch, as well as connections between a router and a switch, are made with a straight-through cable.

159. A network administrator enters the following commands on the switch SW1.

SW1(config)# interface range fa0/5 - 10
SW1(config-if)# ip dhcp snooping limit rate 6

What is the effect after these commands are entered?

If any of the FastEthernet ports 5 through 10 receive more than 6 DHCP messages per second, the port will be shut down.
FastEthernet ports 5 through 10 can receive up to 6 DHCP messages per second of any type.
If any of the FastEthernet ports 5 through 10 receive more than 6 DHCP messages per second, the port will continue to operate and an error message will be sent to the network administrator.
FastEthernet ports 5 through 10 can receive up to 6 DHCP discovery messages per second.

Explanation: When DHCP snooping is being configured, the number of DHCP discovery messages that untrusted ports can receive per second should be rate-limited by using the ip dhcp snooping limit rate interface configuration command. When a port receives more messages than the rate allows, the extra messages will be dropped.

160. A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?

It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs.
It checks the source MAC address in the Ethernet header against the MAC address table.
It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body.
It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.

Explanation:
DAI can be configured to check for both destination or source MAC and IP addresses:

Destination MAC – Checks the destination MAC address in the Ethernet header against the target MAC address in the ARP body.
Source MAC – Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
IP address – Checks the ARP body for invalid and unexpected IP addresses including addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses.

161. A network administrator is working to improve WLAN performance on a dual-band wireless router. What is a simple way to achieve a split-the-traffic result?

Add a Wi-Fi range extender to the WLAN and set the AP and the range extender to serve different bands.
Check and keep the firmware of the wireless router updated.
Make sure that different SSIDs are used for the 2.4 GHz and 5 GHz bands.
Require all wireless devices to use the 802.11n standard.

Explanation: By default, dual-band routers and APs use the same network name on both the 2.4 GHz band and the 5 GHz band. The simplest way to segment traffic is to rename one of the wireless networks.

162. Which access control component, implementation, or protocol controls what users can do on the network?

accounting
802.1X
authorization
authentication

163. Which type of wireless network is suitable for providing wireless access to a city or district?

wireless wide-area network
wireless personal-area network
wireless local-area network
wireless metropolitan-area network

164. On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to access and configure a WLAN for a specific security option such as WPA2?

MANAGEMENT
WIRELESS
WLANs
SECURITY

165. What type of wireless antenna is best suited for providing coverage in large open spaces, such as hallways or large conference rooms?

Yagi
omnidirectional
dish
directional

166. What two IEEE 802.11 wireless standards operate only in the 5 GHz range? (Choose two.)

802.11g
802.11ad
802.11ac
802.11a
802.11n
802.11b

167. What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?

preventing buffer overflow attacks
preventing rogue switches from being added to the network
protecting against Layer 2 loops
enforcing the placement of root bridges

Explanation: BPDU guard immediately error-disables a port that receives a BPDU. This prevents rogue switches from being added to the network. BPDU guard should only be applied to all end-user ports.

168. Which access control component, implementation, or protocol logs EXEC and configuration commands configured by a user?

authentication
authorization
802.1X
accounting

169. A DHCP-enabled client PC has just booted. During which two steps will the client PC use broadcast messages when communicating with a DHCP server? (Choose two.)

DHCPDISCOVER
DHCPACK
DHCPOFFER
DHCPREQUEST
DHCPNAK

170. An administrator issues the commands:

Router(config)# interface g0/1
Router(config-if)# ip address dhcp

What is the administrator trying to achieve?

configuring the router to act as a DHCPv4 server
configuring the router to obtain IP parameters from a DHCPv4 server
configuring the router to act as a relay agent
configuring the router to resolve IP address conflicts

171. When a client is requesting an initial address lease from a DHCP server, why is the DHCPREQUEST message sent as a broadcast?

The client does not yet know the IP address of the DHCP server that sent the offer.
The DHCP server may be on a different subnet, so the request must be sent as a broadcast.
The client does not have a MAC address assigned yet, so it cannot send a unicast message at Layer 2.
The client may have received offers from multiple servers, and the broadcast serves to implicitly decline those other offers.

172. Which DHCP IPv4 message contains the following information?
Destination address: 255.255.255.255
Client IPv4 address: 0.0.0.0
Default gateway address: 0.0.0.0
Subnet mask: 0.0.0.0

DHCPACK
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST

173. Place the options in the following order:

a client initiating a message to find a DHCP server – DHCPDISCOVER
a DHCP server responding to the initial request by a client – DHCPOFFER
the client accepting the IP address provided by the DHCP server – DHCPREQUEST
the DHCP server confirming that the lease has been accepted – DHCPACK

174. Which protocol automates assignment of IP addresses on a network, and which port number does it use? (Choose two.)

DHCP
DNS
SMB
53
67
80

Explanation: DNS uses port 53 and translates URLs to IP addresses. SMB provides shared access to files and printers and uses port 445. Port 80 is used by HTTP. HTTP is a protocol used to communicate between a web browser and a server.

175. Refer to the exhibit. PC1 is configured to obtain a dynamic IP address from the DHCP server. PC1 has been shut down for two weeks. When PC1 boots and tries to request an available IP address, which destination IP address will PC1 place in the IP header?

192.168.1.1
192.168.1.255
255.255.255.255
192.168.1.8

Explanation: When a host boots and has been configured for dynamic IP addressing, the device tries to obtain a valid IP address. It sends a DHCPDISCOVER message. This is a broadcast message because the DHCP server address is unknown (by design). The destination IP address in the IP header is 255.255.255.255 and the destination MAC address is FF:FF:FF:FF:FF:FF.

176. Which message does an IPv4 host use to reply when it receives a DHCPOFFER message from a DHCP server?

DHCPOFFER
DHCPDISCOVER
DHCPREQUEST
DHCPACK

Explanation: When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST broadcast message. On receiving the DHCPREQUEST message, the server replies with a unicast DHCPACK message.

177. Which command, when issued in the interface configuration mode of a router, enables the interface to acquire an IPv4 address automatically from an ISP, when that link to the ISP is enabled?

service dhcp
ip address dhcp
ip helper-address
ip dhcp pool

Explanation: The ip address dhcp interface configuration command configures an Ethernet interface as a DHCP client. The service dhcp global configuration command enables the DHCPv4 server process on the router. The ip helper-address command is issued to enable DHCP relay on the router. The ip dhcp pool command creates the name of a pool of addresses that the server can assign to hosts.

178. Which kind of message is sent by a DHCP client when its IP address lease has expired?

a DHCPDISCOVER unicast message
a DHCPREQUEST broadcast message
a DHCPREQUEST unicast message
a DHCPDISCOVER broadcast message

Explanation: When the IP address lease time of the DHCP client expires, it sends a DHCPREQUEST unicast message directly to the DHCPv4 server that originally offered the IPv4 address.

179. A host PC is attempting to lease an address through DHCP. What message is sent by the server to let the client know it is able to use the provided IP information?

DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
DHCPACK
DHCPNACK

Explanation: When a host uses DHCP to automatically configure an IP address, the typically sends two messages: the DHCPDISCOVER message and the DHCPREQUEST message. These two messages are usually sent as broadcasts to ensure that all DHCP servers receive them. The servers respond to these messages using DHCPOFFER, DHCPACK, and DHCPNACK messages, depending on the circumstance.

180. What is one indication that a Windows computer did not receive an IPv4 address from a DHCP server?

The computer cannot ping 127.0.0.1.
The computer receives an IP address that starts with 169.254.
Windows displays a DHCP timeout message.
The computer cannot ping other devices on the same network with IP addresses in the 169.254.0.0/16 range.

Explanation: When a Windows PC cannot communicate with an IPv4 DHCP server, the computer automatically assigns an IP address in the 169.254.0.0/16 range. Any other device on the same network that receives an address in the same range is reachable.

181. Which DHCPv4 message will a client send to accept an IPv4 address that is offered by a DHCP server?

broadcast DHCPACK
broadcast DHCPREQUEST
unicast DHCPACK
unicast DHCPREQUEST

Explanation: When a DHCP client receives DHCPOFFER messages, it will send a broadcast DHCPREQUEST message for two purposes. First, it indicates to the offering DHCP server that it would like to accept the offer and bind the IP address. Second, it notifies any other responding DHCP servers that their offers are declined.

182. A small coffee shop is offering free Wi-Fi to customers. The network includes a wireless router and a DSL modem that is connected to the local phone company. What method is typically used to configure the connection to the phone company?

Set the WAN connection in the wireless router as a DHCP client.
Set the connection between the wireless router and the DSL modem as a private IP network.
Set the DSL modem as a DHCP client to get a public IP address from the wireless router.
Set the DSL modem as a DHCP client to the phone company and a DHCP server for the internal connection.

Explanation: In a SOHO environment, a wireless router connects to an ISP via a DSL or cable modem. The IP address between the wireless router and ISP site is typically assigned by the ISP through DHCP. The DSL modem does not manage IP address allocation.

183. A company uses DHCP to manage IP address deployment for employee workstations. The IT department deploys multiple DHCP servers in the data center and uses DHCP relay agents to facilitate the DHCP requests from workstations. Which two UDP ports are used to forward DHCP traffic? (Choose two.)

Explanation: The DHCP protocol operates with 2 UDP ports. UDP port 67 is the destination port for DHCP servers, and DHCP clients use UDP port 68.

184. A client device on an Ethernet segment needs an IP address in order to communicate on the network. A DHCP server with IP address 192.168.1.1 has been configured and enabled on the network. How will a client device obtain a usable IP address for this network?

Send a DHCPACK packet to the default gateway address.
Use a statically configured IP address from the pool of IP addresses that is offered by the DHCP server.
Send a DHCPDISCOVER message to physical address FF-FF-FF-FF-FF-FF.
Send a DHCPREQUEST packet to IP address 255.255.255.255.

Explanation: Like IP addressing, there is also a special MAC address for broadcast purposes: FF-FF-FF-FF-FF-FF. When a DHCP client needs to send a DHCP Discover message in order to seek DHCP servers, the client will use this MAC address as the destination MAC address in the Ethernet frame. It does this because it has no knowledge of the IP and MAC addresses of DHCP servers.

185. What is an advantage of configuring a Cisco router as a relay agent?

It can provide relay services for multiple UDP services.
It reduces the response time from a DHCP server.
It can forward both broadcast and multicast messages on behalf of clients.
It will allow DHCPDISCOVER messages to pass without alteration.

Explanation: By default, the ip helper-address command forwards the following eight UDP services:
Port 37: Time
Port 49: TACACS
Port 53: DNS
Port 67: DHCP/BOOTP client
Port 68: DHCP/BOOTP server
Port 69: TFTP
Port 137: NetBIOS name service
Port 138: NetBIOS datagram service

186. Which statement is true about DHCP operation?

When a device that is configured to use DHCP boots, the client broadcasts a DHCPDISCOVER message to identify any available DHCP servers on the network.
A client must wait for lease expiration before it sends another DHCPREQUEST message.
If the client receives several DHCPOFFER messages from different servers, it sends a unicast DHCPREQUEST message to the server from which it chooses to obtain the IP information.
The DHCPDISCOVER message contains the IP address and subnet mask to be assigned, the IP address of the DNS server, and the IP address of the default gateway.

Explanation: The client broadcasts a DHCPDISCOVER message to identify any available DHCP servers on the network. A DHCP server replies with a DHCPOFFER message. This message offers to the client a lease that contains such information as the IP address and subnet mask to be assigned, the IP address of the DNS server, and the IP address of the default gateway. After the client receives the lease, the received information must be renewed through another DHCPREQUEST message prior to the lease expiration.

187. Question as presented:
The DHCPDISCOVER message is used to identify any DHCP servers on a network. The DHCPOFFER message is used by a server to offer a lease to a client. The DHCPREQUEST message is used to identify both the specific DHCP server and the lease that the client is accepting.
The DHCPACK message is used by a server to finalize a successful lease with a client.
The DHCPNAK message is used when an offered lease is no longer valid.
188. A network administrator configures a router to send RA messages with M flag as 0 and O flag as 1. Which statement describes the effect of this configuration when a PC tries to configure its IPv6 address?

It should contact a DHCPv6 server for the prefix, the prefix-length information, and an interface ID that is both random and unique.
It should use the information that is contained in the RA message and contact a DHCPv6 server for additional information.
It should use the information that is contained in the RA message exclusively.
It should contact a DHCPv6 server for all the information that it needs.

Explanation: ICMPv6 RA messages contain two flags to indicate whether a workstation should use SLAAC, a DHCPv6 server, or a combination to configure its IPv6 address. These two flags are M flag and O flag. When both flags are 0 (by default), a client must only use the information in the RA message. When M flag is 0 and O flag is 1, a client should use the information in the RA message and look for the other configuration parameters (such as DNS server addresses) on DHCPv6 servers.

189. Refer to the exhibit. What should be done to allow PC-A to receive an IPv6 address from the DHCPv6 server?

Add the ipv6 dhcp relay command to interface Fa0/0.
Change the ipv6 nd managed-config-flag command to ipv6 nd other-config-flag.
Configure the ipv6 nd managed-config-flag command on interface Fa0/1.
Add the IPv6 address 2001:DB8:1234:5678::10/64 to the interface configuration of the DHCPv6 server.

Explanation: Client DHCPv6 messages are sent to a multicast address with link-local scope, which means that the messages will not be forwarded by routers. Because the client and server are on different subnets on different interfaces, the message will not reach the server. The router can be configured to relay the DHCPv6 messages from the client to the server by configuring the ipv6 dhcp relay command on the interface that is connected to the client.

190. Refer to the exhibit. A network administrator is implementing the stateless DHCPv6 operation for the company. Clients are configuring IPv6 addresses as expected. However, the clients are not getting the DNS server address and the domain name information configured in the DHCP pool. What could be the cause of the problem?

The DNS server address is not on the same network as the clients are on.
The router is configured for SLAAC operation.
The GigabitEthernet interface is not activated.
The clients cannot communicate with the DHCPv6 server, evidenced by the number of active clients being 0.

Explanation: The router is configured for SLAAC operation because there is no configuration command to change the RA M and O flag value. By default, both M and O flags are set to 0. In order to permint stateless DHCPv6 operation, the interface command ipv6 nd other-config-flag should be issued. The GigabitEthernet interface is in working condition because clients can get RA messages and configure their IPv6 addresses as expected. Also, the fact that R1 is the DHCPv6 server and clients are getting RA messages indicates that clients can communicate with the DHCP server. The number of active clients is 0 because the DHCPv6 server does not maintain the state of clients IPv6 addresses (it is not configured for stateful DHCPv6 operation). The DNS server address issue is not relevant to the problem.

191. Question as presented:
A stateless DHCPv6 client would send a DHCPv6 INFORMATION-REQUEST message as step 3 in the process.
192. A company uses the SLAAC method to configure IPv6 addresses for the employee workstations. Which address will a client use as its default gateway?

the global unicast address of the router interface that is attached to the network
the unique local address of the router interface that is attached to the network
the all-routers multicast address
the link-local address of the router interface that is attached to the network

Explanation: When a PC is configured to use the SLAAC method for configuring IPv6 addresses, it will use the prefix and prefix-length information that is contained in the RA message, combined with a 64-bit interface ID (obtained by using the EUI-64 process or by using a random number that is generated by the client operating system), to form an IPv6 address. It uses the link-local address of the router interface that is attached to the LAN segment as its IPv6 default gateway address.

193. Refer to the exhibit. A network administrator is configuring a router for DHCPv6 operation. Which conclusion can be drawn based on the commands?

The router is configured for stateful DHCPv6 operation, but the DHCP pool configuration is incomplete.
The DHCPv6 server name is ACAD_CLASS.
Clients would configure the interface IDs above 0010.
The router is configured for stateless DHCPv6 operation.

Explanation: The DHCPv6 is for the stateless DHCPv6 operation that is indicated by changing the O flag to 1 and leaving the M flag as default, which is 0. Therefore, it is not configured for stateful DHCPv6 operation. Although the DNS server has the interface ID 0010, clients in stateless DHCPv6 operation will configure their interface IDs either by EUI-64 or a random number. The ACAD_CLASS is the name of the DHCP pool, not the DHCP server name.

194. A network administrator is analyzing the features that are supported by different first-hop router redundancy protocols. Which statement describes a feature that is associated with HSRP?

HSRP uses active and standby routers.
HSRP is nonproprietary.
It allows load balancing between a group of redundant routers.
It uses ICMP messages in order to assign the default gateway to hosts.

Explanation: The HSRP first-hop router redundancy protocol is Cisco proprietary and supports standby and active devices. VRRPv2 and VRRPv3 are nonproprietary. GLBP is Cisco proprietary and supports load balancing between a group of redundant routers.

195. Refer to the exhibit. What protocol can be configured on gateway routers R1 and R2 that will allow traffic from the internal LAN to be load balanced across the two gateways to the Internet?

GLBP
PVST+
PVST
STP

Explanation: GLBP, or Group Load Balancing Protocol, allows multiple routers to act as a single default gateway for hosts. GLBP load balances the traffic across the individual routers on a per host basis.

196. Refer to the exhibit. A network engineer is troubleshooting host connectivity on a LAN that uses a first hop redundancy protocol. Which IPv4 gateway address should be configured on the host?

192.168.2.0
192.168.2.1
192.168.2.2
192.168.2.100

Explanation: The host default gateway address should be the FHRP (in this case GLBP) virtual IP address.

197. Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to the default gateway?

MAC address of the virtual router
MAC address of the standby router
MAC addresses of both the forwarding and standby routers
MAC address of the forwarding router

Explanation: The IP address of the virtual router acts as the default gateway for all the workstations. Therefore, the MAC address that is returned by the Address Resolution Protocol to the workstation will be the MAC address of the virtual router.

198. Question as presented:
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow for transparent failover of a first-hop IPv4 device.
199. Which FHRP implementation is a Cisco-proprietary protocol that suppports IPv4 load sharing?

IRDP
GLBP
VRRPv3
GLBP for IPv6

200. The address pool of a DHCP server is configured with 10.92.71.0/25. The network administrator reserves 8 IP addresses for servers. How many IP addresses are left in the pool to be assigned to other hosts?

122
118
119
108
116

Explanation: Calculate the maximum number of hosts available for the slash value and subtract the required static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts

201. Question as presented:
The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the DHCPv4 server receives a DHCPDISCOVER message, it reserves an available IPv4 address to lease to the client and sends the unicast DHCPOFFER message to the requesting client. When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST. On receiving the DHCPREQUEST message the server replies with a unicast DHCPACK message. DHCPREPLY and DHCPINFORMATION-REQUEST are DHCPv6 messages.
202. After a host has generated an IPv6 address by using the DHCPv6 or SLAAC process, how does the host verify that the address is unique and therefore usable?

The host sends an ICMPv6 echo request message to the DHCPv6 or SLAAC-learned address and if no reply is returned, the address is considered unique.
The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address and if no neighbor advertisement is returned, the address is considered unique.
The host checks the local neighbor cache for the learned address and if the address is not cached, it it considered unique.
The host sends an ARP broadcast to the local link and if no hosts send a reply, the address is considered unique.

Explanation: Before a host can actually configure and use an IPv6 address learned through SLAAC or DHCP, the host must verify that no other host is already using that address. To verify that the address is indeed unique, the host sends an ICMPv6 neighbor solicitation to the address. If no neighbor advertisement is returned, the host considers the address to be unique and configures it on the interface.

203. Which statement describes HSRP?

It is used within a group of routers for selecting an active device and a standby device to provide gateway services to a LAN.
It uses ICMP to allow IPv4 hosts to locate routers that provide IPv4 connectivity to remote IP networks.
If the virtual router master fails, one router is elected as the virtual router master with the other routers acting as backups.
It is an open standard protocol.

Explanation: It is VRRP that elects one router as the virtual router master, with the other routers acting as backups in case the virtual router master fails. HSRP is a Cisco-proprietary protocol. IRDP uses ICMP messages to allow IPv4 hosts to locate routers that provide IPv4 connectivity to other (nonlocal) IP networks. HSRP selects active and standby routers to provide gateway services to hosts on a LAN.

204.Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
What is the keyword that is displayed on www.netacad.com?

DHCP
switch
Router
networking
Cisco
IPv6

Explanation: In order for the host to receive the address of the DNS server, the host must use stateless DHCPv6. The router is configured with the correct DHCPv6 pool, but is missing the command ipv6 nd other-config-flag that signals to the host that it should use DHCPv6 to get additional address information. This command should be added to the interface Gigabit0/0 configuration on the router.

205. Match each DHCP message type with its description. (Not all options are used.)

206. Match the purpose with its DHCP message type. (Not all options are used.)

207. Match the DHCP message types to the order of the stateful DHCPv6 process when a client first connects to an IPv6 network. (Not all options are used.)

208. Match the step number to the sequence of stages that occur during the HSRP failover process. (Not all options are used.)

209. Match the FHRP protocols to the appropriate description. (Not all options are used.)

210. Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)

211. The address pool of a DHCP server is configured with 192.168.234.0/27. The network administrator reserves 22 IP addresses for IP phones. How many IP addresses are left in the pool to be assigned to other hosts?

212. A company uses DHCP servers to dynamically assign IPv4 addresses to employee workstations. The address lease duration is set as 5 days. An employee returns to the office after an absence of one week. When the employee boots the workstation, it sends a message to obtain an IP address. Which Layer 2 and Layer 3 destination addresses will the message contain?

both MAC and IPv4 addresses of the DHCP server
FF-FF-FF-FF-FF-FF and IPv4 address of the DHCP server
FF-FF-FF-FF-FF-FF and 255.255.255.255
MAC address of the DHCP server and 255.255.255.255

Explanation:When the lease of a dynamically assigned IPv4 address has expired, a workstation will send a DHCPDISCOVER message to start the process of obtaining a valid IP address. Because the workstation does not know the addresses of DHCP servers, it sends the message via broadcast, with destination addresses of FF-FF-FF-FF-FF-FF and 255.255.255.255.

213. Which command will allow a network administrator to check the IP address that is assigned to a particular MAC address?

Router# show running-config I section_dhcp
Router# show ip dhcp server statistics
Router# show ip dhcp binding
Router# show ip dhcp pool

Explanation: The show ip dhcp binding command will show the leases, including IP addresses, MAC addresses, lease expiration, type of lease, client ID, and user name.

214. What is the reason that an ISP commonly assigns a DHCP address to a wireless router in a SOHO environment?

better network performance
better connectivity
easy IP address management
easy configuration on ISP firewall

Explanation:In a SOHO environment, a wireless router connects to the ISP via a DSL or cable modem. The IP address between the wireless router and ISP site is typically assigned by the ISP through DHCP. This method facilitates the IP addressing management in that IP addresses for clients are dynamically assigned so that if a client is dropped, the assigned IP address can be easily reassigned to another client.

215. What information can be verified through the show ip dhcp binding command?

the IPv4 addresses that are assigned to hosts by the DHCP server
that DHCPv4 discover messages are still being received by the DHCP server
the IPv4 addresses that have been excluded from the DHCPv4 pool
the number of IP addresses remaining in the DHCP pool

Explanation:The show ip dhcp binding command shows a list of IPv4 addresses and the MAC addresses of the hosts to which they are assigned. Using this information an administrator can determine which host interfaces have been assigned to specific hosts.

216. What is the result of a network technician issuing the command ip dhcp excluded-address 10.0.15.1 10.0.15.15 on a Cisco router?

The Cisco router will exclude only the 10.0.15.1 and 10.0.15.15 IP addresses from being leased to DHCP clients.
The Cisco router will exclude 15 IP addresses from being leased to DHCP clients.
The Cisco router will automatically create a DHCP pool using a /28 mask.
The Cisco router will allow only the specified IP addresses to be leased to clients.

Explanation: The ip dhcp excluded-address command is followed by the first and the last addresses to be excluded from being leased to DHCP clients.

217. Match the descriptions to the corresponding DHCPv6 server type. (Not all options are used.)

218. Refer to the exhibit. Based on the output that is shown, what kind of IPv6 addressing is being configured?

CCNA 2 v7 Modules 7 – 9: Available and Reliable Networks Exam Answers

stateless DHCPv6
SLAAC
static link-local
stateful DHCPv6

Explanation: Stateful DHCPv6 pools are configured with address prefixes for hosts via the address command, whereas stateless DHCPv6 pools typically only contain information such as DNS server addresses and the domain name. RA messages that are sent from routers that are configured as stateful DHCPv6 servers have the M flag set to 1 with the command ipv6 nd managed-config-flag, whereas stateless DHCPv6 servers are indicated by setting the O flag to 1 with the ipv6 nd other-config-flag command.

219. Which FHRP implementation is a Cisco-proprietary protocol that suppports IPv6 load balancing?

GLBP
GLBP for IPv6
VRRPv3
VRRPv2

220. Which set of commands will configure a router as a DHCP server that will assign IPv4 addresses to the 192.168.100.0/23 LAN while reserving the first 10 and the last addresses for static assignment?

ip dhcp excluded-address 192.168.100.1 192.168.100.9
ip dhcp excluded-address 192.168.101.254
ip dhcp pool LAN-POOL-100
ip network 192.168.100.0 255.255.254.0
ip default-gateway 192.168.100.1
dhcp pool LAN-POOL-100
ip dhcp excluded-address 192.168.100.1 192.168.100.9
ip dhcp excluded-address 192.168.100.254
network 192.168.100.0 255.255.254.0
default-router 192.168.101.1
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.100.254
ip dhcp pool LAN-POOL-100
network 192.168.100.0 255.255.255.0
ip default-gateway 192.168.100.1
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.101.254
ip dhcp pool LAN-POOL-100
network 192.168.100.0 255.255.254.0
default-router 192.168.100.1

Explanation: The /23 prefix is equivalent to a network mask of 255.255.254.0. The network usable IPv4 address range is 192.168.100.1 to 192.168.101.254 inclusive. The commands dhcp pool, ip default-gateway, and ip network are not valid DHCP configuration commands.

221. What is a result when the DHCP servers are not operational in a network?

Workstations are assigned with the IP address 127.0.0.1.
Workstations are assigned with IP addresses in the 10.0.0.0/8 network.
Workstations are assigned with IP addresses in the 169.254.0.0/16 network.
Workstations are assigned with the IP address 0.0.0.0.

Explanation: When workstations are configured with obtaining IP address automatically but DHCP servers are not available to respond to the requests, a workstation can assign itself an IP addresses from the 169.254.0.0/16 network.

222. A company uses the method SLAAC to configure IPv6 addresses for the workstations of the employees. A network administrator configured the IPv6 address on the LAN interface of the router. The interface status is UP. However, the workstations on the LAN segment did not obtain the correct prefix and prefix length. What else should be configured on the router that is attached to the LAN segment for the workstations to obtain the information?

R1(config)# ipv6 dhcp pool
R1(config-if)# ipv6 enable
R1(config)# ipv6 unicast-routing
R1(config-if)# ipv6 nd other-config-flag

Explanation: A PC that is configured to use the SLAAC method obtains the IPv6 prefix and prefix length from a router. When the PC boots, it sends an RS message to inform the routers that it needs the information. A router sends an RA message that includes the required information. For a router to be able to send RA messages, it must be enabled as an IPv6 router by the unicast ipv6-routing command in global configuration mode. The other options are not used to enable IPv6 routing on a router.

223. Which FHRP implementation is a nonproprietary protocol which relies on ICMP to provide IPv4 redundancy?

VRRPv3
GLBP for IPv6
IRDP
GLBP

224. Refer to the exhibit. PC-A is unable to receive an IPv6 address from the stateful DHCPv6 server. What is the problem?

The ipv6 dhcp relay command should be applied to interface Gig0/0.
The ipv6 nd managed-config-flag should be applied to interface Gig0/1.
The ipv6 dhcp relay command should use the link-local address of the DHCP server.
The ipv6 nd managed-config-flag command should be ipv6 nd other-config-flag .

225. Which tasks can be accomplished by using the command history feature? (Choose two.)

View a list of commands entered in a previous session.
Recall up to 15 command lines by default.
Set the command history buffer size.
Recall previously entered commands.
Save command lines in a log file for future reference.

226. What is the first action in the boot sequence when a switch is powered on?

load the default Cisco IOS software
load boot loader software
low-level CPU initialization
load a power-on self-test program

227. What must an administrator have in order to reset a lost password on a router?

a TFTP server
a crossover cable
access to another router
physical access to the router

228. When configuring a switch for SSH access, what other command that is associated with the login local command is required to be entered on the switch?

enable secret password
password password
username username secret secret
login block-for seconds attempts number within*seconds*

229. Which command displays information about the auto-MDIX setting for a specific interface?

show interfaces
show controllers
show processes
show running-config

230. If one end of an Ethernet connection is configured for full duplex and the other end of the connection is configured for half duplex, where would late collisions be observed?

on both ends of the connection
on the full-duplex end of the connection
only on serial interfaces
on the half-duplex end of the connection

231. Which command is used to set the BOOT environment variable that defines where to find the IOS image file on a switch?

config-register
boot system
boot loader
confreg

232. What does a switch use to locate and load the IOS image?

BOOT environment variable
IOS image file
POST
startup-config
NVRAM

233. Which protocol adds security to remote connections?

FTP
HTTP
NetBEUI
POP
SSH

234. What is a characteristic of an IPv4 loopback interface on a Cisco IOS router?

The no shutdown command is required to place this interface in an UP state.
It is a logical interface internal to the router.
Only one loopback interface can be enabled on a router.
It is assigned to a physical port and can be connected to other devices.

235. What is the minimum Ethernet frame size that will not be discarded by the receiver as a runt frame?

64 bytes
512 bytes
1024 bytes
1500 bytes

236. After which step of the switch bootup sequence is the boot loader executed?

after CPU initialization
after IOS localization
after flash file system initialization
after POST execution

237. Which impact does adding a Layer 2 switch have on a network?

an increase in the number of dropped frames
an increase in the size of the broadcast domain
an increase in the number of network collisions
an increase in the size of the collision domain

238. Which characteristic describes cut-through switching?

Error-free fragments are forwarded, so switching occurs with lower latency.
Frames are forwarded without any error checking.
Only outgoing frames are checked for errors.
Buffering is used to support different Ethernet speeds.

239. What is the significant difference between a hub and a Layer 2 LAN switch?

A hub extends a collision domain, and a switch divides collision domains.
A hub divides collision domains, and a switch divides broadcast domains.
Each port of a hub is a collision domain, and each port of a switch is a broadcast domain.
A hub forwards frames, and a switch forwards only packets.

240. Which statement is correct about Ethernet switch frame forwarding decisions?

Frame forwarding decisions are based on MAC address and port mappings in the CAM table.
Cut-through frame forwarding ensures that invalid frames are always dropped.
Only frames with a broadcast destination address are forwarded out all active switch ports.
Unicast frames are always forwarded regardless of the destination MAC address.

241. How do switch buffers affect network performance?

They provide error checking on the data received.
They store frames received, thus preventing premature frame discarding when network congestion occurs.
They provide extra memory for a particular port if autonegotiation of speed or duplex fails.
They hold data temporarily when a collision occurs until normal data transmission resumes.

242. Which switch characteristic helps keep traffic local and alleviates network congestion?

high port density
fast port speed
large frame buffers
fast internal switching

243. Which switch component reduces the amount of packet handling time inside the switch?

ASIC
dual processors
large buffer size
store-and-forward RAM

244. Refer to the exhibit. A switch receives a Layer 2 frame that contains a source MAC address of 000b.a023.c501 and a destination MAC address of 0050.0fae.75aa. Place the switch steps in the order they occur. (Not all options are used.)

CCNA2 v7 SRWE – Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing Exam Answers

CCNA 2 v7 Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 20

Explanation: The first step a switch does when processing a frame is to see if the source MAC address is in the MAC address table. If the address is not there, the switch adds it. The switch then examines the destination MAC address and compares it to the MAC address table. If the address is in the table, the switch forwards the frame out the corresponding port. If the address is missing from the table, the switch will forward the frame to all ports except the port through which the frame arrived.

245. What information is added to the switch table from incoming frames?

source MAC address and incoming port number
destination MAC address and incoming port number
source IP address and incoming port number
destination IP address and incoming port number

246. Which switching method ensures that the incoming frame is error-free before forwarding?

cut-through
FCS
fragment free
store-and-forward

247. Refer to the exhibit. How many broadcast domains are displayed?

CCNA2 v7 SRWE – Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 23

248. Under which two occasions should an administrator disable DTP while managing a local area network? (Choose two.)

when connecting a Cisco switch to a non-Cisco switch
when a neighbor switch uses a DTP mode of dynamic auto
when a neighbor switch uses a DTP mode of dynamic desirable
on links that should not be trunking
on links that should dynamically attempt trunking

249. Which two characteristics describe the native VLAN? (Choose two.)

Designed to carry traffic that is generated by users, this type of VLAN is also known as the default VLAN.
The native VLAN traffic will be untagged across the trunk link.
This VLAN is necessary for remote management of a switch.
High priority traffic, such as voice traffic, uses the native VLAN.
The native VLAN provides a common identifier to both ends of a trunk.

250. On a switch that is configured with multiple VLANs, which command will remove only VLAN 100 from the switch?

Switch# delete flash:vlan.dat
Switch(config-if)# no switchport access vlan 100
Switch(config-if)# no switchport trunk allowed vlan 100
Switch(config)# no vlan 100

251. Refer to the exhibit. A network administrator is reviewing port and VLAN assignments on switch S2 and notices that interfaces Gi0/1 and Gi0/2 are not included in the output. Why would the interfaces be missing from the output?

CCNA 2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam 27

There is a native VLAN mismatch between the switches.
There is no media connected to the interfaces.
They are administratively shut down.
They are configured as trunk interfaces.

252. A network contains multiple VLANs spanning multiple switches. What happens when a device in VLAN 20 sends a broadcast Ethernet frame?

All devices in all VLANs see the frame.
Devices in VLAN 20 and the management VLAN see the frame.
Only devices in VLAN 20 see the frame.
Only devices that are connected to the local switch see the frame.

253. Refer to the exhibit. All workstations are configured correctly in VLAN 20. Workstations that are connected to switch SW1 are not able to send traffic to workstations on SW2. What could be done to remedy the problem?

CCNA2 v7 SRWE – Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 29

Allow VLAN 20 on the trunk link.
Enable DTP on both ends of the trunk.
Configure all workstations on SW1 to be part of the default VLAN.
Configure all workstations on SW2 to be part of the native VLAN.

254. What happens to switch ports after the VLAN to which they are assigned is deleted?

The ports are disabled.
The ports are placed in trunk mode.
The ports are assigned to VLAN1, the default VLAN.
The ports stop communicating with the attached devices.

255. Match the IEEE 802.1Q standard VLAN tag field with the description. (Not all options are used.)

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 31

Explanation: The IEEE 802.1Q standard header includes a 4-byte VLAN tag:

Type – A 2-byte value called the tag protocol ID (TPID) value.
User priority – A 3-bit value that supports level or service implementation.
Canonical Format Identifier (CFI) – A 1-bit identifier that enables Token Ring frames to be carried across Ethernet links.
VLAN ID (VID) – A 12-bit VLAN identification number that supports up to 4096 VLAN IDs.

256. Refer to the exhibit. In what switch mode should port G0/1 be assigned if Cisco best practices are being used?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 32

access
trunk
native
auto

257. Match the DTP mode with its function. (Not all options are used.)

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 33

258. Port Fa0/11 on a switch is assigned to VLAN 30. If the command no switchport access vlan 30 is entered on the Fa0/11 interface, what will happen?

Port Fa0/11 will be shutdown.
An error message would be displayed.
Port Fa0/11 will be returned to VLAN 1.
VLAN 30 will be deleted.

259. Which command displays the encapsulation type, the voice VLAN ID, and the access mode VLAN for the Fa0/1 interface?

show vlan brief
show interfaces Fa0/1 switchport
show mac address-table interface Fa0/1
show interfaces trunk

260. Refer to the exhibit. A technician is programming switch SW3 to manage voice and data traffic through port Fa0/20. What, if anything, is wrong with the configuration?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 38

There is nothing wrong with the configuration.
Interface Fa0/20 can only have one VLAN assigned.
The mls qos trust cos command should reference VLAN 35.
The command used to assign the voice VLAN to the switch port is incorrect.

261. Which four steps are needed to configure a voice VLAN on a switch port? (Choose four).

Configure the interface as an IEEE 802.1Q trunk.
Assign the voice VLAN to the switch port.
Activate spanning-tree PortFast on the interface.
Ensure that voice traffic is trusted and tagged with a CoS priority value.
Add a voice VLAN.
Configure the switch port interface with subinterfaces.
Assign a data VLAN to the switch port.
Configure the switch port in access mode.

262. Refer to the exhibit. PC1 is unable to communicate with server 1. The network administrator issues the show interfaces trunk command to begin troubleshooting. What conclusion can be made based on the output of this command?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 38

Interface G0/2 is not configured as a trunk.
VLAN 20 has not been created.
The encapsulation on interface G0/1 is incorrect.
The DTP mode is incorrectly set to dynamic auto on interface G0/1.

263. Refer to the exhibit. What is the cause of the error that is displayed in the configuration of inter-VLAN routing on router CiscoVille?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 39

The gig0/0 interface does not support inter-VLAN routing.
The no shutdown command has not been configured.
The IP address on CiscoVille is incorrect.
The encapsulation dot1Q 20 command has not been configured.

264. Refer to the exhibit. A network administrator has configured router CiscoVille with the above commands to provide inter-VLAN routing. What command will be required on a switch that is connected to the Gi0/0 interface on router CiscoVille to allow inter-VLAN routing?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 40

switchport mode access
no switchport
switchport mode trunk
switchport mode dynamic desirable

265. A high school uses VLAN15 for the laboratory network and VLAN30 for the faculty network. What is required to enable communication between these two VLANs while using the router-on-a-stick approach?

A multilayer switch is needed.
A router with at least two LAN interfaces is needed.
Two groups of switches are needed, each with ports that are configured for one VLAN.
A switch with a port that is configured as a trunk is needed when connecting to the router.

266. When routing a large number of VLANs, what are two disadvantages of using the router-on-a-stick inter-VLAN routing method rather than the multilayer switch inter-VLAN routing method? (Choose two.)

Multiple SVIs are needed.
A dedicated router is required.
Router-on-a-stick requires subinterfaces to be configured on the same subnets.
Router-on-a-stick requires multiple physical interfaces on a router.
Multiple subinterfaces may impact the traffic flow speed.

267. Refer to the exhibit. A network administrator is verifying the configuration of inter-VLAN routing. Users complain that PCs on different VLANs cannot communicate. Based on the output, what are two configuration errors on switch interface Gi1/1? (Choose two.)

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 43

Gi1/1 is in the default VLAN.
Voice VLAN is not assigned to Gi1/1.
Gi1/1 is configured as trunk mode.
Negotiation of trunking is turned on on Gi1/1.
The trunking encapsulation protocol is configured wrong.

268. Refer to the exhibit. A network administrator is verifying the configuration of inter-VLAN routing. Users complain that PC2 cannot communicate with PC1. Based on the output, what is the possible cause of the problem?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 44

Gi0/0 is not configured as a trunk port.
The command interface GigabitEthernet0/0.5 was entered incorrectly.
There is no IP address configured on the interface Gi0/0.
The no shutdown command is not entered on subinterfaces.
The encapsulation dot1Q 5 command contains the wrong VLAN.

269. Refer to the exhibit. A network administrator has configured router CiscoVille with the above commands to provide inter-VLAN routing. What type of port will be required on a switch that is connected to Gi0/0 on router CiscoVille to allow inter-VLAN routing?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 45

routed port
access port
trunk port
SVI

270. Refer to the exhibit. A network administrator is configuring RT1 for inter-VLAN routing. The switch is configured correctly and is functional. Host1, Host2, and Host3 cannot communicate with each other. Based on the router configuration, what is causing the problem?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 46

Interface Fa0/0 is missing IP address configuration information.
IP addresses on the subinterfaces are incorrectly matched to the VLANs.
Each subinterface of Fa0/0 needs separate no shutdown commands.
Routers do not support 802.1Q encapsulation on subinterfaces.

271. Refer to the exhibit. A router-on-a-stick configuration was implemented for VLANs 15, 30, and 45, according to the show running-config command output. PCs on VLAN 45 that are using the 172.16.45.0 /24 network are having trouble connecting to PCs on VLAN 30 in the 172.16.30.0 /24 network. Which error is most likely causing this problem?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 47

The wrong VLAN has been configured on GigabitEthernet 0/0.45.
The command no shutdown is missing on GigabitEthernet 0/0.30.
The GigabitEthernet 0/0 interface is missing an IP address.
There is an incorrect IP address configured on GigabitEthernet 0/0.30.

272. What is a characteristic of a routed port on a Layer 3 switch?

It supports trunking.
It is not assigned to a VLAN.
It is commonly used as a WAN link.
It cannot have an IP address assigned to it.

273. Refer to the exhibit. A network administrator needs to configure router-on-a-stick for the networks that are shown. How many subinterfaces will have to be created on the router if each VLAN that is shown is to be routed and each VLAN has its own subinterface?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 49

274. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-if)# mdix auto command?

It automatically adjusts the port to allow device connections to use either a straight-through or a crossover cable.
It applies an IPv4 address to the virtual interface.
It applies an IPv6 address to the virtual interface.
It permits an IPv6 address to be configured on a switch physical interface.
It updates the MAC address table for the associated port.

275. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-if)# ip address 172.18.33.88 255.255.255.0 command?

It applies an IPv4 address to the virtual interface.
It applies an IPv6 address to the virtual interface.
It activates a virtual or physical switch interface.
It permits an IPv6 address to be configured on a switch physical interface.
It updates the MAC address table for the associated port.

276. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw# configure terminal command?

It enters the global configuration mode.
It enters configuration mode for a switch virtual interface.
It applies an IPv4 address to the virtual interface.
It updates the MAC address table for the associated port.
It permits an IPv6 address to be configured on a switch physical interface.

277. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw# configure terminal command?

It enters the global configuration mode.
It saves the running configuration to NVRAM.
It disables a virtual or physical switch interface.
It updates the MAC address table for the associated port.
It saves the startup configuration to the running configuration.

278. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-if)# shutdown command?

It disables a virtual or physical switch interface.
It saves the running configuration to NVRAM.
It activates a virtual or physical switch interface.
It updates the MAC address table for the associated port.
It saves the startup configuration to the running configuration.

279. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-if)# shutdown command?

It disables a virtual or physical switch interface.
It applies an IPv6 address to the virtual interface.
It applies an IPv4 address to the virtual interface.
It permits an IPv6 address to be configured on a switch physical interface.
It updates the MAC address table for the associated port.

280. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-if)# ipv6 address 2001:db8:a2b4:88::1/64 command?

It applies an IPv6 address to the virtual interface.
It activates a virtual or physical switch interface.
It applies an IPv4 address to the virtual interface.
It permits an IPv6 address to be configured on a switch physical interface.
It updates the MAC address table for the associated port.

281. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-if)# exit command?

It returns to global configuration mode.
It returns to privileged mode.
It configures the default gateway for the switch.
It enters user mode.
It saves the startup configuration to the running configuration.

282. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw> enable command?

It enters privileged mode.
It enters the global configuration mode.
It enters configuration mode for a switch virtual interface.
It updates the MAC address table for the associated port.
It permits an IPv6 address to be configured on a switch physical interface.

283. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-if)# duplex full command?

It allows data to flow in both directions at the same time on the interface.
It allows data to flow in only one direction at a time on the interface
It automatically adjusts the port to allow device connections to use either a straight-through or a crossover cable.
It configures the switch as the default gateway.
It encrypts user-mode passwords when users connect remotely.

284. What type of VLAN should not carry voice and network management traffic?

data VLAN
voice VLAN
management VLAN
security VLAN

285. What type of VLAN should not carry voice and network management traffic?

data VLAN
trunk VLAN
security VLAN
voice VLAN

286. What type of VLAN is designed to reserve bandwidth to ensure IP Phone quality?

voice VLAN
trunk VLAN
security VLAN
management VLAN

287. What type of VLAN is initially the management VLAN?

default VLAN
native VLAN
data VLAN
management VLAN

288. What type of VLAN is designed to have a delay of less than 150 ms across the network?

voice VLAN
desirable VLAN
trunk VLAN
security VLAN

289. What type of VLAN is used to separate the network into groups of users or devices?

data VLAN
management VLAN
voice VLAN
native VLAN

290. What type of VLAN is configured specifically for network traffic such as SSH, Telnet, HTTPS, HHTP, and SNMP?

management VLAN
security VLAN
trunk VLAN
voice VLAN

291. What type of VLAN is configured specifically for network traffic such as SSH, Telnet, HTTPS, HHTP, and SNMP?

management VLAN
voice VLAN
security VLAN
native VLAN

292. What type of VLAN supports untagged traffic?

native VLAN
voice VLAN
security VLAN
management VLAN

293. What type of VLAN supports untagged traffic?

native VLAN
desirable VLAN
trunk VLAN
security VLAN

294. Refer to the exhibit. A network administrator has configured R1 as shown. When the administrator checks the status of the serial interface, the interface is shown as being administratively down. What additional command must be entered on the serial interface of R1 to bring the interface up?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 70

IPv6 enable
clockrate 128000
end
no shutdown

295. Refer to the exhibit. The network administrator wants to configure Switch1 to allow SSH connections and prohibit Telnet connections. How should the network administrator change the displayed configuration to satisfy the requirement?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 71

Use SSH version 1.
Reconfigure the RSA key.
Configure SSH on a different line.
Modify the transport input command.

296. Which solution would help a college alleviate network congestion due to collisions?

a firewall that connects to two Internet providers
a high port density switch
a router with two Ethernet ports
a router with three Ethernet ports

297. Which two statements are correct with respect to SVI inter-VLAN routing? (Choose two.)

Switching packets is faster with SVI.
There is no need for a connection to a router.
Virtual interfaces support subinterfaces.
SVIs can be bundled into EtherChannels.
SVIs eliminate the need for a default gateway in the hosts.

298. Refer to the exhibit. A network administrator is configuring inter-VLAN routing on a network. For now, only one VLAN is being used, but more will be added soon. What is the missing parameter that is shown as the highlighted question mark in the graphic?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 74

It identifies the subinterface.
It identifies the VLAN number.
It identifies the native VLAN number.
It identifies the type of encapsulation that is used.
It identifies the number of hosts that are allowed on the interface.

299. Which type of VLAN is used to designate which traffic is untagged when crossing a trunk port?

data
default
native
management

300. A network administrator issues the show vlan brief command while troubleshooting a user support ticket. What output will be displayed?

the VLAN assignment and membership for device MAC addresses
the VLAN assignment and membership for all switch ports
the VLAN assignment and trunking encapsulation
the VLAN assignment and native VLAN

301. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Which message is displayed when 10.10.10.1 is entered into the PC1 Web Browser address bar?

Local Server
Test Server
File Server
Cisco Server

302. Match each DHCP message type with its description. (Not all options are used.)

CCNA 2 v7 Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing Exam Answers

Explanation:Place the options in the following order:

a client initiating a message to find a DHCP server – DHCPDISCOVER
a DHCP server responding to the initial request by a client – DHCPOFFER
the client accepting the IP address provided by the DHCP server – DHCPREQUEST
the DHCP server confirming that the lease has been accepted – DHCPACK

CCNA 2 v7 Final Exam Answers

1. Refer to the exhibit. What will router R1 do with a packet that has a destination IPv6 address of 2001:db8:cafe:5::1?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version 7.00-Final-Answers-1

forward the packet out GigabitEthernet0/0
drop the packet
forward the packet out GigabitEthernet0/1
forward the packet out Serial0/0/0

Explanation: The route ::/0 is the compressed form of the 0000:0000:0000:0000:0000:0000:0000:0000/0 default route. The default route is used if a more specific route is not found in the routing table.

2. Refer to the exhibit. Currently router R1 uses an EIGRP route learned from Branch2 to reach the 10.10.0.0/16 network. Which floating static route would create a backup route to the 10.10.0.0/16 network in the event that the link between R1 and Branch2 goes down?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-2

ip route 10.10.0.0 255.255.0.0 Serial 0/0/0 100
ip route 10.10.0.0 255.255.0.0 209.165.200.226 100
ip route 10.10.0.0 255.255.0.0 209.165.200.225 100
ip route 10.10.0.0 255.255.0.0 209.165.200.225 50

Explanation: A floating static route needs to have an administrative distance that is greater than the administrative distance of the active route in the routing table. Router R1 is using an EIGRP route which has an administrative distance of 90 to reach the 10.10.0.0/16 network. To be a backup route the floating static route must have an administrative distance greater than 90 and have a next hop address corresponding to the serial interface IP address of Branch1.

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-3

3. Refer to the exhibit. R1 was configured with the static route command ip route 209.165.200.224 255.255.255.224 S0/0/0 and consequently users on network 172.16.0.0/16 are unable to reach resources on the Internet. How should this static route be changed to allow user traffic from the LAN to reach the Internet?

Add an administrative distance of 254.
Change the destination network and mask to 0.0.0.0 0.0.0.0
Change the exit interface to S0/0/1.
Add the next-hop neighbor address of 209.165.200.226.

Explain: The static route on R1 has been incorrectly configured with the wrong destination network and mask. The correct destination network and mask is 0.0.0.0 0.0.0.0.

4. Which option shows a correctly configured IPv4 default static route?

ip route 0.0.0.0 255.255.255.0 S0/0/0
ip route 0.0.0.0 0.0.0.0 S0/0/0
ip route 0.0.0.0 255.255.255.255 S0/0/0
ip route 0.0.0.0 255.0.0.0 S0/0/0

Explanation: The static route ip route 0.0.0.0 0.0.0.0 S0/0/0 is considered a default static route and will match all destination networks.

5. Refer to the exhibit. Which static route command can be entered on R1 to forward traffic to the LAN connected to R2?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-5

ipv6 route 2001:db8:12:10::/64 S0/0/0
ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2
ipv6 route 2001:db8:12:10::/64 S0/0/0 fe80::2
ipv6 route 2001:db8:12:10::/64 S0/0/1 2001:db8:12:10::1

6. What is a method to launch a VLAN hopping attack?

introducing a rogue switch and enabling trunking
sending spoofed native VLAN information
sending spoofed IP addresses from the attacking host
flooding the switch with MAC addresses

7. A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation?

VLAN hopping
DHCP spoofing
MAC address table overflow
VLAN double-tagging

8. A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.)

assigning the ports to the native VLAN
modifying the default VLAN
creating SVI interfaces
adjusting the route metric
enabling IP routing
assigning ports to VLANs
installing a static route

9. Refer to the exhibit. A network administrator configured routers R1 and R2 as part of HSRP group 1. After the routers have been reloaded, a user on Host1 complained of lack of connectivity to the Internet The network administrator issued the show standby brief command on both routers to verify the HSRP operations. In addition, the administrator observed the ARP table on Host1. Which entry should be seen in the ARP table on Host1 in order to gain connectivity to the Internet?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-9

the virtual IP address and the virtual MAC address for the HSRP group 1
the virtual IP address of the HSRP group 1 and the MAC address of R1
the virtual IP address of the HSRP group 1 and the MAC address of R2

Explanation: Hosts will send an ARP request to the default gateway which is the virtual IP address. ARP replies from the HSRP routers contain the virtual MAC address. The host ARP tables will contain a mapping of the virtual IP to the virtual MAC.
– the IP address and the MAC address of R1

10. Match the forwarding characteristic to its type. (Not all options are used.)

11. Which statement is correct about how a Layer 2 switch determines how to forward frames?

Frame forwarding decisions are based on MAC address and port mappings in the CAM table.
Only frames with a broadcast destination address are forwarded out all active switch ports.
Cut-through frame forwarding ensures that invalid frames are always dropped.

Explanation: Cut-through frame forwarding reads up to only the first 22 bytes of a frame, which excludes the frame check sequence and thus invalid frames may be forwarded. In addition to broadcast frames, frames with a destination MAC address that is not in the CAM are also flooded out all active ports. Unicast frames are not always forwarded. Received frames with a destination MAC address that is associated with the switch port on which it is received are not forwarded because the destination exists on the network segment connected to that port.

12. Which statement describes a result after multiple Cisco LAN switches are interconnected?

The broadcast domain expands to all switches.
One collision domain exists per switch.
There is one broadcast domain and one collision domain per switch.
Frame collisions increase on the segments connecting the switches.
Unicast frames are always forwarded regardless of the destination MAC address.

Explanation: In Cisco LAN switches, the microsegmentation makes it possible for each port to represent a separate segment and thus each switch port represents a separate collision domain. This fact will not change when multiple switches are interconnected. However, LAN switches do not filter broadcast frames. A broadcast frame is flooded to all ports. Interconnected switches form one big broadcast domain.

13. Match the link state to the interface and protocol status. (Not all options are used.)

14.Refer to the exhibit. How is a frame sent from PCA forwarded to PCC if the MAC address table on switch SW1 is empty?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-14

SW1 forwards the frame directly to SW2. SW2 floods the frame to all ports connected to SW2, excluding the port through which the frame entered the switch.
SW1 floods the frame on all ports on the switch, excluding the interconnected port to switch SW2 and the port through which the frame entered the switch.
SW1 floods the frame on all ports on SW1, excluding the port through which the frame entered the switch.
SW1 drops the frame because it does not know the destination MAC address.

Explanation: When a switch powers on, the MAC address table is empty. The switch builds the MAC address table by examining the source MAC address of incoming frames. The switch forwards based on the destination MAC address found in the frame header. If a switch has no entries in the MAC address table or if the destination MAC address is not in the switch table, the switch will forward the frame out all ports except the port that brought the frame into the switch.

15. An administrator is trying to remove configurations from a switch. After using the command erase startup-config and reloading the switch, the administrator finds that VLANs 10 and 100 still exist on the switch. Why were these VLANs not removed?

Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted.
These VLANs cannot be deleted unless the switch is in VTP client mode.
These VLANs are default VLANs that cannot be removed.
These VLANs can only be removed from the switch by using the no vlan 10 and no vlan 100 commands.

Explanation: Standard range VLANs (1-1005) are stored in a file that is called vlan.dat that is located in flash memory. Erasing the startup configuration and reloading a switch does not automatically remove these VLANs. The vlan.dat file must be manually deleted from flash memory and then the switch must be reloaded.

16. Match the description to the correct VLAN type. (Not all options are used.)

CCNA-2-v7-final-exam-answers-16

Explanation: A data VLAN is configured to carry user-generated traffic. A default VLAN is the VLAN where all switch ports belong after the initial boot up of a switch loading the default configuration. A native VLAN is assigned to an 802.1Q trunk port, and untagged traffic is placed on it. A management VLAN is any VLAN that is configured to access the management capabilities of a switch. An IP address and subnet mask are assigned to it, allowing the switch to be managed via HTTP, Telnet, SSH, or SNMP.

17. Refer to the exhibit. A network administrator has connected two switches together using EtherChannel technology. If STP is running, what will be the end result?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-17

STP will block one of the redundant links.
The switches will load balance and utilize both EtherChannels to forward packets.
The resulting loop will create a broadcast storm.
Both port channels will shutdown.

Explanation: Cisco switches support two protocols for negotiating a channel between two switches: LACP and PAgP. PAgP is Cisco-proprietary. In the topology shown, the switches are connected to each other using redundant links. By default, STP is enabled on switch devices. STP will block redundant links to prevent loops.

18. What is a secure configuration option for remote access to a network device?

Configure an ACL and apply it to the VTY lines.
Configure 802.1x.
Configure SSH.
Configure Telnet.

19. Which wireless encryption method is the most secure?

WPA2 with AES
WPA2 with TKIP
WEP
WPA

20. After attaching four PCs to the switch ports, configuring the SSID and setting authentication properties for a small office network, a technician successfully tests the connectivity of all PCs that are connected to the switch and WLAN. A firewall is then configured on the device prior to connecting it to the Internet. What type of network device includes all of the described features?

firewall appliance
wireless router
switch
standalone wireless access point

21. Refer to the exhibit. Host A has sent a packet to host B. What will be the source MAC and IP addresses on the packet when it arrives at host B?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-21

Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.10
Source MAC: 00E0.FE10.17A3
Source IP: 10.1.1.10
Source MAC: 00E0.FE10.17A3
Source IP: 192.168.1.1
Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.1
Source MAC: 00E0.FE91.7799
Source IP: 192.168.1.1

Explanation: As a packet traverses the network, the Layer 2 addresses will change at every hop as the packet is de-encapsulated and re-encapsulated, but the Layer 3 addresses will remain the same.

22. Refer to the exhibit. Which static route would an IT technician enter to create a backup route to the 172.16.1.0 network that is only used if the primary RIP learned route fails?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-22

ip route 172.16.1.0 255.255.255.0 s0/0/0
ip route 172.16.1.0 255.255.255.0 s0/0/0 91
ip route 172.16.1.0 255.255.255.0 s0/0/0 121
ip route 172.16.1.0 255.255.255.0 s0/0/0 111

23. Refer to the exhibit. In addition to static routes directing traffic to networks 10.10.0.0/16 and 10.20.0.0/16, Router HQ is also configured with the following command:

ip route 0.0.0.0 0.0.0.0 serial 0/1/1

What is the purpose of this command?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-23

Packets that are received from the Internet will be forwarded to one of the LANs connected to R1 or R2.
Packets with a destination network that is not 10.10.0.0/16 or is not 10.20.0.0/16 or is not a directly connected network will be forwarded to the Internet.
Packets from the 10.10.0.0/16 network will be forwarded to network 10.20.0.0/16, and packets from the 10.20.0.0/16 network will be forwarded to network 10.10.0.0/16.
Packets that are destined for networks that are not in the routing table of HQ will be dropped.

24. What protocol or technology disables redundant paths to eliminate Layer 2 loops?

VTP
STP
EtherChannel
DTP

25. Refer to the exhibit. Based on the exhibited configuration and output, why is VLAN 99 missing?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-25

because VLAN 99 is not a valid management VLAN
because there is a cabling problem on VLAN 99
because VLAN 1 is up and there can only be one management VLAN on the switch
because VLAN 99 has not yet been created

26. Which two VTP modes allow for the creation, modification, and deletion of VLANs on the local switch? (Choose two.)

client
master
distribution
slave
server
transparent

27. Which three steps should be taken before moving a Cisco switch to a new VTP management domain? (Choose three.)

Configure the switch with the name of the new management domain.
Reset the VTP counters to allow the switch to synchronize with the other switches in the domain.
Configure the VTP server in the domain to recognize the BID of the new switch.
Download the VTP database from the VTP server in the new domain.
Select the correct VTP mode and version.
Reboot the switch.

Explanation: When adding a new switch to a VTP domain, it is critical to configure the switch with a new domain name, the correct VTP mode, VTP version number, and password. A switch with a higher revision number can propagate invalid VLANs and erase valid VLANs thus preventing connectivity for multiple devices on the valid VLANs.

28. A network administrator is preparing the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces?

Link types can only be configured on access ports configured with a single VLAN.
Link types can only be determined if PortFast has been configured.
Link types are determined automatically.
Link types must be configured with specific port configuration commands.

Explanation: When Rapid PVST+ is being implemented, link types are automatically determined but can be specified manually. Link types can be either point-to-point, shared, or edge.

29. Refer to the exhibit. All the displayed switches are Cisco 2960 switches with the same default priority and operating at the same bandwidth. Which three ports will be STP designated ports? (Choose three.)

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-29

fa0/9
fa0/13
fa0/10
fa0/20
fa0/21
fa0/11

30. How will a router handle static routing differently if Cisco Express Forwarding is disabled?

It will not perform recursive lookups.
Ethernet multiaccess interfaces will require fully specified static routes to avoid routing inconsistencies.
Static routes that use an exit interface will be unnecessary.
Serial point-to-point interfaces will require fully specified static routes to avoid routing inconsistencies.

31. Compared with dynamic routes, what are two advantages of using static routes on a router? (Choose two.)

They improve network security.
They take less time to converge when the network topology changes.
They improve the efficiency of discovering neighboring networks.
They use fewer router resources.

Explanation: Static routes are manually configured on a router. Static routes are not automatically updated and must be manually reconfigured if the network topology changes. Thus static routing improves network security because it does not make route updates among neighboring routers. Static routes also improve resource efficiency by using less bandwidth, and no CPU cycles are used to calculate and communicate routes.

32. Refer to the exhibit. Which route was configured as a static route to a specific network using the next-hop address?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-32

S 10.17.2.0/24 [1/0] via 10.16.2.2
S 0.0.0.0/0 [1/0] via 10.16.2.2
S 10.17.2.0/24 is directly connected, Serial 0/0/0
C 10.16.2.0/24 is directly connected, Serial0/0/0

Explanation: The C in a routing table indicates an interface that is up and has an IP address assigned. The S in a routing table signifies that a route was installed using the ip route command. Two of the routing table entries shown are static routes to a specific destination (the 192.168.2.0 network). The entry that has the S denoting a static route and [1/0] was configured using the next-hop address. The other entry (S 192.168.2.0/24 is directly connected, Serial 0/0/0) is a static route configured using the exit interface. The entry with the 0.0.0.0 route is a default static route which is used to send packets to any destination network that is not specifically listed in the routing table.

33. What is the effect of entering the spanning-tree portfast configuration command on a switch?

It disables an unused port.
It disables all trunk ports.
It enables portfast on a specific switch interface.
It checks the source L2 address in the Ethernet header against the sender L2 address in the ARP body.

34. What is the IPv6 prefix that is used for link-local addresses?

FF01::/8
2001::/3
FC00::/7
FE80::/10

35. Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.)

In a switched network, they are mostly configured between switches at the core and distribution layers.
The interface vlan command has to be entered to create a VLAN on routed ports.
They support subinterfaces, like interfaces on the Cisco IOS routers.
They are used for point-to-multipoint links.
They are not associated with a particular VLAN.

36. Successful inter-VLAN routing has been operating on a network with multiple VLANs across multiple switches for some time. When an inter-switch trunk link fails and Spanning Tree Protocol brings up a backup trunk link, it is reported that hosts on two VLANs can access some, but not all the network resources that could be accessed previously. Hosts on all other VLANS do not have this problem. What is the most likely cause of this problem?

The protected edge port function on the backup trunk interfaces has been disabled.
The allowed VLANs on the backup link were not configured correctly.
Dynamic Trunking Protocol on the link has failed.
Inter-VLAN routing also failed when the trunk link failed.

37. Which command will start the process to bundle two physical interfaces to create an EtherChannel group via LACP?

interface port-channel 2
channel-group 1 mode desirable
interface range GigabitEthernet 0/4 – 5
channel-group 2 mode auto

38. What action takes place when a frame entering a switch has a multicast destination MAC address?

The switch will forward the frame out all ports except the incoming port.
The switch forwards the frame out of the specified port.
The switch adds a MAC address table entry mapping for the destination MAC address and the ingress port.
The switch replaces the old entry and uses the more current port.

39. A junior technician was adding a route to a LAN router. A traceroute to a device on the new network revealed a wrong path and unreachable status. What should be done or checked?

Verify that there is not a default route in any of the edge router routing tables.
Check the configuration on the floating static route and adjust the AD.
Create a floating static route to that network.
Check the configuration of the exit interface on the new static route.

40. Select the three PAgP channel establishment modes. (Choose three.)

auto
default
passive
desirable
extended
on

41. A static route has been configured on a router. However, the destination network no longer exists. What should an administrator do to remove the static route from the routing table?

Remove the route using the no ip route command.
Change the administrative distance for that route.
Change the routing metric for that route.
Nothing. The static route will go away on its own.

42. Refer to the exhibit. What can be concluded about the configuration shown on R1?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-42

R1 is configured as a DHCPv4 relay agent.
R1 is operating as a DHCPv4 server.
R1 will broadcast DHCPv4 requests on behalf of local DHCPv4 clients.
R1 will send a message to a local DHCPv4 client to contact a DHCPv4 server at 10.10.10.8.

43.Refer to the exhibit. A network administrator has added a new subnet to the network and needs hosts on that subnet to receive IPv4 addresses from the DHCPv4 server.

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-43

What two commands will allow hosts on the new subnet to receive addresses from the DHCP4 server? (Choose two.)

R1(config-if)# ip helper-address 10.1.0.254
R1(config)# interface G0/0
R1(config-if)# ip helper-address 10.2.0.250
R1(config)# interface G0/1
R2(config-if)# ip helper-address 10.2.0.250
R2(config)# interface G0/0

44. Refer to the exhibit. R1 has been configured as shown. However, PC1 is not able to receive an IPv4 address. What is the problem?

CCNA 2 v7 Switching Routing and Wireless Essentials-Version-Final-Answers-43

The ip helper-address command was applied on the wrong interface.
R1 is not configured as a DHCPv4 server.
A DHCP server must be installed on the same LAN as the host that is receiving the IP address.
The ip address dhcp command was not issued on the interface Gi0/1.

Explanation: The ip helper-address command has to be applied on interface Gi0/0. This command must be present on the interface of the LAN that contains the DHCPv4 client PC1 and must be directed to the correct DHCPv4 server.

45. What two default wireless router settings can affect network security? (Choose two.)

The SSID is broadcast.
MAC address filtering is enabled.
WEP encryption is enabled.
The wireless channel is automatically selected.
A well-known administrator password is set.

Explanation: Default settings on wireless routers often include broadcasting the SSID and using a well-known administrative password. Both of these pose a security risk to wireless networks. WEP encryption and MAC address filtering are not set by default. The automatic selection of the wireless channel poses no security risks.

46. What is the common term given to SNMP log messages that are generated by network devices and sent to the SNMP server?

traps
acknowledgments
auditing
warnings

47. A network administrator is adding a new WLAN on a Cisco 3500 series WLC. Which tab should the administrator use to create a new VLAN interface to be used for the new WLAN?

WIRELESS
MANAGEMENT
CONTROLLER
WLANs

48. A network administrator is configuring a WLAN. Why would the administrator change the default DHCP IPv4 addresses on an AP?

to restrict access to the WLAN by authorized, authenticated users only
to monitor the operation of the wireless network
to reduce outsiders intercepting data or accessing the wireless network by using a well-known address range
to reduce the risk of interference by external devices such as microwave ovens

49. Which two functions are performed by a WLC when using split media access control (MAC)? (Choose two.)

packet acknowledgments and retransmissions
frame queuing and packet prioritization
beacons and probe responses
frame translation to other protocols
association and re-association of roaming clients

50. On what switch ports should BPDU guard be enabled to enhance STP stability?

all PortFast-enabled ports
only ports that are elected as designated ports
only ports that attach to a neighboring switch
all trunk ports that are not root ports

51. Which network attack is mitigated by enabling BPDU guard?

rogue switches on a network
CAM table overflow attacks
MAC address spoofing
rogue DHCP servers on a network

Explanation: There are several recommended STP stability mechanisms to help mitigate STP manipulation attacks:
PortFast – used to immediately bring an interface configured as an access or trunk port to the forwarding state from a blocking state. Applied to all end-user ports.
BPDU guard – immediately error-disables a port that receives a BPDU. Applied to all end-user ports.The receipt of BPDUs may be part of an unauthorized attempt to add a switch to the network.
Root guard – prevents a switch from becoming the root switch. Applied to all ports where the root switch should not be located.
Loop guard – detects unidirectional links to prevent alternate or root ports from becoming designated ports. Applied to all ports that are or can become nondesignated.

52. Why is DHCP snooping required when using the Dynamic ARP Inspection feature?

It relies on the settings of trusted and untrusted ports set by DHCP snooping.
It uses the MAC address table to verify the default gateway IP address.
It redirects ARP requests to the DHCP server for verification.
It uses the MAC-address-to-IP-address binding database to validate an ARP packet.

Explain: DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a bindings database of valid tuples (MAC address, IP address, VLAN interface).
When DAI is enabled, the switch drops ARP packet if the sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. However, it can be overcome through static mappings. Static mappings are useful when hosts configure static IP addresses, DHCP snooping cannot be run, or other switches in the network do not run dynamic ARP inspection. A static mapping associates an IP address to a MAC address on a VLAN.

53. Refer to the exhibit. Router R1 has an OSPF neighbor relationship with the ISP router over the 192.168.0.32 network. The 192.168.0.36 network link should serve as a backup when the OSPF link goes down. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/0/1 100 was issued on R1 and now traffic is using the backup link even when the OSPF link is up and functioning. Which change should be made to the static route command so that traffic will only use the OSPF link when it is up?
CCNA3 Pretest Exam 002

Change the administrative distance to 120.
Add the next hop neighbor address of 192.168.0.36.
Change the destination network to 192.168.0.34.
Change the administrative distance to 1.

Explain: The problem with the current floating static route is that the administrative distance is set too low. The administrative distance will need to be higher than that of OSPF, which is 110, so that the router will only use the OSPF link when it is up.

54. Refer to the exhibit. What is the metric to forward a data packet with the IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2?

90
128
2170112
2681856
2682112
3193856

Explain: The IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2 belongs to the network of 2001:DB8:ACAD:E::/64. In the routing table, the route to forward the packet has Serial 0/0/1 as an exit interface and 2682112 as the cost.

55. A network administrator is configuring a new Cisco switch for remote management access. Which three items must be configured on the switch for the task? (Choose three.)

IP address
VTP domain
vty lines
default VLAN
default gateway
loopback address

Explain: To enable the remote management access, the Cisco switch must be configured with an IP address and a default gateway. In addition, vty lines must configured to enable either Telnet or SSH connections. A loopback address, default VLAN, and VTP domain configurations are not necessary for the purpose of remote switch management.

56. Refer to the exhibit. Which statement shown in the output allows router R1 to respond to stateless DHCPv6 requests?

ipv6 nd other-config-flag
prefix-delegation 2001:DB8:8::/48 00030001000E84244E70
ipv6 dhcp server LAN1
ipv6 unicast-routing
dns-server 2001:DB8:8::8

Explain: The interface command ipv6 nd other-config-flag allows RA messages to be sent on this interface, indicating that additional information is available from a stateless DHCPv6 server.

57. Refer to the exhibit. A Layer 3 switch routes for three VLANs and connects to a router for Internet connectivity. Which two configurations would be applied to the switch? (Choose two.)

(config)# interface gigabitethernet1/1
(config-if)# switchport mode trunk
(config)# interface gigabitethernet 1/1
(config-if)# no switchport
(config-if)# ip address 192.168.1.2 255.255.255.252
(config)# interface vlan 1
(config-if)# ip address 192.168.1.2 255.255.255.0
(config-if)# no shutdown
(config)# interface fastethernet0/4
(config-if)# switchport mode trunk
(config)# ip routing
58. A technician is troubleshooting a slow WLAN and decides to use the split-the-traffic approach. Which two parameters would have to be configured to do this? (Choose two.)

Configure the 5 GHz band for streaming multimedia and time sensitive traffic.
Configure the security mode to WPA Personal TKIP/AES for one network and WPA2 Personal AES for the other network
Configure the 2.4 GHz band for basic internet traffic that is not time sensitive.
Configure the security mode to WPA Personal TKIP/AES for both networks.
Configure a common SSID for both split networks.

59. A company has just switched to a new ISP. The ISP has completed and checked the connection from its site to the company. However, employees at the company are not able to access the internet. What should be done or checked?

Verify that the static route to the server is present in the routing table.
Check the configuration on the floating static route and adjust the AD.
Ensure that the old default route has been removed from the company edge routers.
Create a floating static route to that network.

60. Which information does a switch use to populate the MAC address table?

the destination MAC address and the incoming port
the destination MAC address and the outgoing port
the source and destination MAC addresses and the incoming port
the source and destination MAC addresses and the outgoing port
the source MAC address and the incoming port
the source MAC address and the outgoing port

Explain: To maintain the MAC address table, the switch uses the source MAC address of the incoming packets and the port that the packets enter. The destination address is used to select the outgoing port.

61. Refer to the exhibit. A network administrator is reviewing the configuration of switch S1. Which protocol has been implemented to group multiple physical ports into one logical link?

PAgP
DTP
LACP
STP

62. Which type of static route is configured with a greater administrative distance to provide a backup route to a route learned from a dynamic routing protocol?

floating static route
default static route
summary static route
standard static route

Explain: There are four basic types of static routes. Floating static routes are backup routes that are placed into the routing table if a primary route is lost. A summary static route aggregates several routes into one, reducing the of the routing table. Standard static routes are manually entered routes into the routing table. Default static routes create a gateway of last resort.

63. What action takes place when a frame entering a switch has a unicast destination MAC address appearing in the MAC address table?

The switch updates the refresh timer for the entry.
The switch forwards the frame out of the specified port.
The switch purges the entire MAC address table.
The switch replaces the old entry and uses the more current port.

64. The exhibit shows two PCs called PC A and PC B, two routes called R1 and R2, and two switches. PC A has the address 172.16.1.1/24 and is connected to a switch and into an interface on R1 that has the IP address 172.16.1.254. PC B has the address 172.16.2.1/24 and is connected to a switch that is connected to another interface on R1 with the IP address 172.16.2.254. The serial interface on R1 has the address 172.16.3.1 and is connected to the serial interface on R2 that has the address 172.16.3.2/24. R2 is connected to the internet cloud. Which command will create a static route on R2 in order to reach PC B?

R2(config)# ip route 172.16.2.1 255.255.255.0 172.16.3.1
R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.2.254
R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.3.1
R2(config)# ip route 172.16.3.0 255.255.255.0 172.16.2.254

Explain: The correct syntax is:
router(config)# ip route destination-network destination-mask {next-hop-ip-address | exit-interface}
If the local exit interface instead of the next-hop IP address is used then the route will be displayed as a directly connected route instead of a static route in the routing table. Because the network to be reached is 172.16.2.0 and the next-hop IP address is 172.16.3.1, the command is R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.3.1

65. What protocol or technology allows data to transmit over redundant switch links?

EtherChannel
DTP
STP
VTP

66. Refer to the exhibit. Which three hosts will receive ARP requests from host A, assuming that port Fa0/4 on both switches is configured to carry traffic for multiple VLANs? (Choose three.)

host B
host C
host D
host E
host F
host G

Explain: ARP requests are sent out as broadcasts. That means the ARP request is sent only throughout a specific VLAN. VLAN 1 hosts will only hear ARP requests from hosts on VLAN 1. VLAN 2 hosts will only hear ARP requests from hosts on VLAN 2.

67. Refer to the exhibit. The network administrator configures both switches as displayed. However, host C is unable to ping host D and host E is unable to ping host F. What action should the administrator take to enable this communication?

Associate hosts A and B with VLAN 10 instead of VLAN 1.
Configure either trunk port in the dynamic desirable mode.
Include a router in the topology.
Remove the native VLAN from the trunk.
Add the switchport nonegotiate command to the configuration of SW2.

68. What is the effect of entering the shutdown configuration command on a switch?

It enables BPDU guard on a specific port.
It disables an unused port.
It enables portfast on a specific switch interface.
It disables DTP on a non-trunking interface.

69. What would be the primary reason an attacker would launch a MAC address overflow attack?

so that the switch stops forwarding traffic
so that legitimate hosts cannot obtain a MAC address
so that the attacker can see frames that are destined for other hosts
so that the attacker can execute arbitrary code on the switch

70. During the AAA process, when will authorization be implemented?

Immediately after successful authentication against an AAA data source
Immediately after AAA accounting and auditing receives detailed reports
Immediately after an AAA client sends authentication information to a centralized server
Immediately after the determination of which resources a user can access

Explain: A. AAA authorization is implemented immediately after the user is authenticated against a specific AAA data source.

71. A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this?

auto secure MAC addresses
dynamic secure MAC addresses
static secure MAC addresses
sticky secure MAC addresses

Explain: With sticky secure MAC addressing, the MAC addresses can be either dynamically learned or manually configured and then stored in the address table and added to the running configuration file. In contrast, dynamic secure MAC addressing provides for dynamically learned MAC addressing that is stored only in the address table.

72. Which three Wi-Fi standards operate in the 2.4GHz range of frequencies? (Choose three.)

802.11a
802.11b
802.11g
802.11n
802.11ac

73. To obtain an overview of the spanning tree status of a switched network, a network engineer issues the show spanning-tree command on a switch. Which two items of information will this command display? (Choose two.)

The root bridge BID.
The role of the ports in all VLANs.
The status of native VLAN ports.
The number of broadcasts received on each root port.
The IP address of the management VLAN interface.

74. Refer to the exhibit. Which trunk link will not forward any traffic after the root bridge election process is complete?

Trunk1
Trunk2
Trunk3
Trunk4

75. Which method of IPv6 prefix assignment relies on the prefix contained in RA messages?

EUI-64
SLAAC
static
stateful DHCPv6

76. Which two protocols are used to provide server-based AAA authentication? (Choose two.)

802.1x
SSH
SNMP
TACACS+
RADIUS

77. A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID?

to eliminate outsiders scanning for available SSIDs in the area
to reduce the risk of interference by external devices such as microwave ovens
to reduce the risk of unauthorized APs being added to the network
to provide privacy and integrity to wireless traffic by using encryption

78. Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients?

implementing port security
turning on DHCP snooping
disabling CDP on edge ports
implementing port-security on edge ports

Explanation: Like Dynamic ARP Inspection (DAI), IP Source Guard (IPSG) needs to determine the validity of MAC-address-to-IP-address bindings. To do this IPSG uses the bindings database built by DHCP snooping.

79. A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

shutdown
restrict
warning
protect

80. What protocol or technology defines a group of routers, one of them defined as active and another one as standby?

EtherChannel
VTP
HSRP
DTP

81. Refer to the exhibit. After attempting to enter the configuration that is shown in router RTA, an administrator receives an error and users on VLAN 20 report that they are unable to reach users on VLAN 30. What is causing the problem?

There is no address on Fa0/0 to use as a default gateway.
RTA is using the same subnet for VLAN 20 and VLAN 30.
Dot1q does not support subinterfaces.
The no shutdown command should have been issued on Fa0/0.20 and Fa0/0.30.

82. Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.)

dynamic desirable – dynamic desirable
dynamic desirable – trunk
dynamic auto – dynamic auto
access – dynamic auto
dynamic desirable – dynamic auto
access – trunk

83. A technician is configuring a router for a small company with multiple WLANs and doesn’t need the complexity of a dynamic routing protocol. What should be done or checked?

Verify that there is not a default route in any of the edge router routing tables.
Create static routes to all internal networks and a default route to the internet.
Create extra static routes to the same location with an AD of 1.
Check the statistics on the default route for oversaturation.

84. A company is deploying a wireless network in the distribution facility in a Boston suburb. The warehouse is quite large and it requires multiple access points to be used. Because some of the company devices still operate at 2.4GHz, the network administrator decides to deploy the 802.11g standard. Which channel assignments on the multiple access points will make sure that the wireless channels are not overlapping?

channels 1, 5, and 9
channels 1, 6, and 11
channels 1, 7, and 13
channels 2, 6, and 10

85. A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?

the company username and password through Active Directory service
a key that matches the key on the AP
a user passphrase
a username and password configured on the AP

CCNA 2 version 7 Final Exam Answers Full – Switching, Routing and Wireless Essentials 2020

CCNA 2 v7 Final Exam Answers

0 commentaires:

Enregistrer un commentaire

Libellés

Archives du blog