Which three components are combined to form a bridge ID? - extended system ID - cost - IP address - bridge priority - MAC address - port ID

- extended system ID - bridge priority - MAC address

What defines a host route on a Cisco router? - The link-local address is added automatically to the routing table as an IPv6 host route. - An IPv4 static host route configuration uses a destination IP address of a specific device and a /32 subnet mask. - A host route is designated with a C in the routing table. - A static IPv6 host route must include the interface type and the interface number of the next hop router.

- An IPv4 static host route configuration uses a destination IP address of a specific device and a /32 subnet mask.

A small publishing company has a network design such that when a broadcast is sent on the LAN, 200 devices receive the transmitted broadcast. How can the network administrator reduce the number of devices that receive broadcast traffic? - Add more switches so that fewer devices are on a particular switch. - Replace the switches with switches that have more ports per switch. This will allow more devices on a particular switch. - Segment the LAN into smaller LANs and route between them. Replace at least half of the switches with hubs to reduce the size of the broadcast domain.

- Segment the LAN into smaller LANs and route between them.

What is an advantage of PVST+? - PVST+ optimizes performance on the network through auto selection of the root bridge. - PVST+ reduces bandwidth consumption compared to traditional implementations of STP that use CST. - PVST+ requires fewer CPU cycles for all the switches in the network. - PVST+ optimizes performance on the network through load sharing.

- PVST+ optimizes performance on the network through load sharing.

What are two characteristics of Cisco Express Forwarding (CEF)? (Choose two.) - When a packet arrives on a router interface, it is forwarded to the control plane where the CPU matches the destination address with a matching routing table entry. - This is the fastest forwarding mechanism on Cisco routers and multilayer switches. - With this switching method, flow information for a packet is stored in the fast-switching cache to forward future packets to the same destination without CPU intervention. - Packets are forwarded based on information in the FIB and an adjacency table. - When a packet arrives on a router interface, it is forwarded to the control plane where the CPU searches for a match in the fast-switching cache.

- This is the fastest forwarding mechanism on Cisco routers and multilayer switches. - Packets are forwarded based on information in the FIB and an adjacency table.

exam Flashcards by sim s

Which three components are combined to form a bridge ID?

extended system ID
cost
IP address
bridge priority
MAC address
port ID

extended system ID
bridge priority
MAC address

How well did you know this?

Not at all

Perfectly

While attending a conference, participants are using laptops for network connectivity. When a guest speaker attempts to connect to the network, the laptop fails to display any available wireless networks. The access point must be operating in which mode?

mixed
passive
active
open

active

How well did you know this?

Not at all

Perfectly

A PC has sent an RS message to an IPv6 router attached to the same network. Which two pieces of information will the router send to the client? (Choose two.)

prefix length
subnet mask in dotted decimal notation
domain name
administrative distance
prefix
DNS server IP address

prefix length
prefix

How well did you know this?

Not at all

Perfectly

Which mitigation technique would prevent rogue servers from providing false IPv6 configuration parameters to clients?

enabling DHCPv6 Guard
enabling RA Guard
implementing port security on edge ports
disabling CDP on edge ports

enabling DHCPv6 Guard

How well did you know this?

Not at all

Perfectly

A technician is configuring a wireless network for a small business using a SOHO wireless router. Which two authentication methods are used, if the router is configured with WPA2? (Choose two.)

personal
AES
TKIP
WEP
enterprise

personal
enterprise

How well did you know this?

Not at all

Perfectly

What else is required when configuring an IPv6 static route using a next-hop link-local address?

administrative distance
ip address of the neighbor router
network number and subnet mask on the interface of the neighbor router
interface number and type

interface number and type

How well did you know this?

Not at all

Perfectly

What defines a host route on a Cisco router?

The link-local address is added automatically to the routing table as an IPv6 host route.
An IPv4 static host route configuration uses a destination IP address of a specific device and a /32 subnet mask.
A host route is designated with a C in the routing table.
A static IPv6 host route must include the interface type and the interface number of the next hop router.

An IPv4 static host route configuration uses a destination IP address of a specific device and a /32 subnet mask.

How well did you know this?

Not at all

Perfectly

A small publishing company has a network design such that when a broadcast is sent on the LAN, 200 devices receive the transmitted broadcast. How can the network administrator reduce the number of devices that receive broadcast traffic?

Add more switches so that fewer devices are on a particular switch.
Replace the switches with switches that have more ports per switch. This will allow more devices on a particular switch.
Segment the LAN into smaller LANs and route between them.
Replace at least half of the switches with hubs to reduce the size of the broadcast domain.

Segment the LAN into smaller LANs and route between them.

How well did you know this?

Not at all

Perfectly

What action takes place when the source MAC address of a frame entering a switch is in the MAC address table?

The switch forwards the frame out of the specified port.
The switch updates the refresh timer for the entry.
The switch replaces the old entry and uses the more current port.
The switch adds a MAC address table entry for the destination MAC address and the egress port.

The switch updates the refresh timer for the entry.

How well did you know this?

Not at all

Perfectly

What is the effect of entering the show ip dhcp snooping binding configuration command on a switch?

It switches a trunk port to access mode.
It checks the source L2 address in the Ethernet header against the sender L2 address in the ARP body.
It restricts the number of discovery messages, per second, to be received on the interface.
It displays the IP-to-MAC address associations for switch interfaces.

It displays the IP-to-MAC address associations for switch interfaces.

How well did you know this?

Not at all

Perfectly

What protocol or technology uses a standby router to assume packet-forwarding responsibility if the active router fails?

EtherChannel
DTP
HSRP
VTP

HSRP

How well did you know this?

Not at all

Perfectly

What is an advantage of PVST+?

PVST+ optimizes performance on the network through auto selection of the root bridge.
PVST+ reduces bandwidth consumption compared to traditional implementations of STP that use CST.
PVST+ requires fewer CPU cycles for all the switches in the network.
PVST+ optimizes performance on the network through load sharing.

PVST+ optimizes performance on the network through load sharing.

How well did you know this?

Not at all

Perfectly

Which Cisco solution helps prevent ARP spoofing and ARP poisoning attacks?

Dynamic ARP Inspection
IP Source Guard
DHCP Snooping
Port Security

Dynamic ARP Inspection

How well did you know this?

Not at all

Perfectly

Which term describes the role of a Cisco switch in the 802.1X port-based access control?

agent
supplicant
authenticator
authentication server

authenticator

How well did you know this?

Not at all

Perfectly

What are two characteristics of Cisco Express Forwarding (CEF)? (Choose two.)

When a packet arrives on a router interface, it is forwarded to the control plane where the CPU matches the destination address with a matching routing table entry.
This is the fastest forwarding mechanism on Cisco routers and multilayer switches.
With this switching method, flow information for a packet is stored in the fast-switching cache to forward future packets to the same destination without CPU intervention.
Packets are forwarded based on information in the FIB and an adjacency table.
When a packet arrives on a router interface, it is forwarded to the control plane where the CPU searches for a match in the fast-switching cache.

This is the fastest forwarding mechanism on Cisco routers and multilayer switches.
Packets are forwarded based on information in the FIB and an adjacency table.

How well did you know this?

Not at all

Perfectly

What address and prefix length is used when configuring an IPv6 default static route?

::/0
FF02::1/8
0.0.0.0/0
::1/128

::/0

How well did you know this?

Not at all

Perfectly

What protocol or technology is a Cisco proprietary protocol that is automatically enabled on 2960 switches?

DTP
STP
VTP
EtherChannel

How well did you know this?

Not at all

Perfectly

What is the effect of entering the ip arp inspection validate src-mac configuration command on a switch?

It checks the source L2 address in the Ethernet header against the sender L2 address in the ARP body.
It disables all trunk ports.
It displays the IP-to-MAC address associations for switch interfaces.
It enables portfast on a specific switch interface.

It checks the source L2 address in the Ethernet header against the sender L2 address in the ARP body.

How well did you know this?

Not at all

Perfectly

A network administrator is configuring a WLAN. Why would the administrator change the default DHCP IPv4 addresses on an AP?

to eliminate outsiders scanning for available SSIDs in the area
to reduce the risk of unauthorized APs being added to the network
to reduce outsiders intercepting data or accessing the wireless network by using a well-known address range
to reduce the risk of interference by external devices such as microwave ovens

to reduce outsiders intercepting data or accessing the wireless network by using a well-known address range

How well did you know this?

Not at all

Perfectly

What is the effect of entering the [ip dhcp snooping limit rate 6] configuration command on a switch?

It displays the IP-to-MAC address associations for switch interfaces.
It enables port security globally on the switch.
It restricts the number of discovery messages, per second, to be received on the interface.
It dynamically learns the L2 address and copies it to the running configuration.

It restricts the number of discovery messages, per second, to be received on the interface.

How well did you know this?

Not at all

Perfectly

What IPv6 prefix is designed for link-local communication?

2001::/3
ff00::/8
fc::/07
fe80::/10

fe80::/10

How well did you know this?

Not at all

Perfectly

Users on a LAN are unable to get to a company web server but are able to get elsewhere. What should be done or checked?

Ensure that the old default route has been removed from the company edge routers.
Verify that the static route to the server is present in the routing table.
Check the configuration on the floating static route and adjust the AD.
Create a floating static route to that network.

Verify that the static route to the server is present in the routing table.

How well did you know this?

Not at all

Perfectly

A network administrator is configuring a WLAN. Why would the administrator apply WPA2 with AES to the WLAN?

to reduce the risk of unauthorized APs being added to the network
to centralize management of multiple WLANs
to provide prioritized service for time-sensitive applications
to provide privacy and integrity to wireless traffic by using encryption

to provide privacy and integrity to wireless traffic by using encryption

How well did you know this?

Not at all

Perfectly

What protocol or technology manages trunk negotiations between switches?

VTP
EtherChannel
DTP
STP

How well did you know this?

Not at all

Perfectly

What is the effect of entering the ip arp inspection vlan 10 configuration command on a switch? - It specifies the maximum number of L2 addresses allowed on a port. - It enables DAI on specific switch interfaces previously configured with DHCP snooping. - It enables DHCP snooping globally on a switch. - It globally enables BPDU guard on all PortFast-enabled ports.

- It enables DAI on specific switch interfaces previously configured with DHCP snooping.

A junior technician was adding a route to a LAN router. A traceroute to a device on the new network revealed a wrong path and unreachable status. What should be done or checked? - Create a floating static route to that network. - Check the configuration on the floating static route and adjust the AD. - Check the configuration of the exit interface on the new static route. - Verify that the static route to the server is present in the routing table.

- Check the configuration of the exit interface on the new static route.

What action takes place when a frame entering a switch has a unicast destination MAC address that is not in the MAC address table? - The switch updates the refresh timer for the entry. - The switch resets the refresh timer on all MAC address table entries. - The switch replaces the old entry and uses the more current port. - The switch will forward the frame out all ports except the incoming port.

- The switch will forward the frame out all ports except the incoming port.

A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID? - to eliminate outsiders scanning for available SSIDs in the area - to centralize management of multiple WLANs - to facilitate group configuration and management of multiple WLANs through a WLC - to provide prioritized service for time-sensitive applications

- to eliminate outsiders scanning for available SSIDs in the area

A network administrator has configured a router for stateless DHCPv6 operation. However, users report that workstations are not receiving DNS server information. Which two router configuration lines should be verified to ensure that stateless DHCPv6 service is properly configured? (Choose two.) - The domain-name line is included in the [ipv6 dhcp pool] section. - The dns-server line is included in the [ipv6 dhcp pool] section. - The [ipv6 nd other-config-flag] is entered for the interface that faces the LAN segment. - The address prefix line is included in the [ipv6 dhcp pool] section. - The [ipv6 nd managed-config-flag] is entered for the interface that faces the LAN segment.

- The dns-server line is included in the [ipv6 dhcp pool] section. - The [ipv6 nd other-config-flag] is entered for the interface that faces the LAN segment.

What is the effect of entering the switchport mode access configuration command on a switch? - It enables BPDU guard on a specific port. - It manually enables a trunk link. - It disables an unused port. - It disables DTP on a non-trunking interface.

- It disables DTP on a non-trunking interface.

A network administrator is configuring a WLAN. Why would the administrator use RADIUS servers on the network? - to centralize management of multiple WLANs - to restrict access to the WLAN by authorized, authenticated users only - to facilitate group configuration and management of multiple WLANs through a WLC - to monitor the operation of the wireless network

- to restrict access to the WLAN by authorized, authenticated users only

A network administrator is configuring a WLAN. Why would the administrator use multiple lightweight APs? - to centralize management of multiple WLANs - to monitor the operation of the wireless network - to provide prioritized service for time-sensitive applications - to facilitate group configuration and management of multiple WLANs through a WLC

- to facilitate group configuration and management of multiple WLANs through a WLC

What is the effect of entering the switchport port-security configuration command on a switch? - It dynamically learns the L2 address and copies it to the running configuration. - It enables port security on an interface. - It enables port security globally on the switch. - It restricts the number of discovery messages, per second, to be received on the interface.

- It enables port security on an interface.

Branch users were able to access a site in the morning but have had no connectivity with the site since lunch time. What should be done or checked? - Verify that the static route to the server is present in the routing table. - Use the “show ip interface brief” command to see if an interface is down. - Check the configuration on the floating static route and adjust the AD. - Create a floating static route to that network.

- Use the “show ip interface brief” command to see if an interface is down.

What is a result of connecting two or more switches together? - The number of broadcast domains is increased. - The size of the broadcast domain is increased. - The number of collision domains is reduced. - The size of the collision domain is increased.

- The size of the broadcast domain is increased.

What are two switch characteristics that could help alleviate network congestion? (Choose two.) - fast internal switching - large frame buffers - store-and-forward switching - low port density - frame check sequence (FCS) check

- fast internal switching - large frame buffers

An administrator notices that large numbers of packets are being dropped on one of the branch routers. What should be done or checked? - Create static routes to all internal networks and a default route to the internet. - Create extra static routes to the same location with an AD of 1. - Check the statistics on the default route for oversaturation. - Check the routing table for a missing static route.

- Check the routing table for a missing static route.

What is the effect of entering the ip dhcp snooping configuration command on a switch? - It enables DHCP snooping globally on a switch. - It enables PortFast globally on a switch. - It disables DTP negotiations on trunking ports. - It manually enables a trunk link.

- It enables DHCP snooping globally on a switch.

Employees are unable to connect to servers on one of the internal networks. What should be done or checked? - Use the “show ip interface brief” command to see if an interface is down. - Verify that there is not a default route in any of the edge router routing tables. - Create static routes to all internal networks and a default route to the internet. - Check the statistics on the default route for oversaturation.

- Use the “show ip interface brief” command to see if an interface is down.

What action takes place when the source MAC address of a frame entering a switch is not in the MAC address table? - The switch forwards the frame out of the specified port. - The switch will forward the frame out all ports except the incoming port. - The switch adds the MAC address and incoming port number to the table. - The switch adds a MAC address table entry mapping for the destination MAC address and the ingress port.

- The switch adds the MAC address and incoming port number to the table.

A new switch is to be added to an existing network in a remote office. The network administrator does not want the technicians in the remote office to be able to add new VLANs to the switch, but the switch should receive VLAN updates from the VTP domain. Which two steps must be performed to configure VTP on the new switch to meet these conditions? (Choose two.) - Configure the new switch as a VTP client. - Configure the existing VTP domain name on the new switch. - Configure an IP address on the new switch. - Configure all ports of both switches to access mode. - Enable VTP pruning.

- Configure the new switch as a VTP client. - Configure the existing VTP domain name on the new switch.

A WLAN engineer deploys a WLC and five wireless APs using the CAPWAP protocol with the DTLS feature to secure the control plane of the network devices. While testing the wireless network, the WLAN engineer notices that data traffic is being exchanged between the WLC and the APs in plain-text and is not being encrypted. What is the most likely reason for this? - DTLS only provides data security through authentication and does not provide encryption for data moving between a wireless LAN controller (WLC) and an access point (AP). - Although DTLS is enabled by default to secure the CAPWAP control channel, it is disabled by default for the data channel. - DTLS is a protocol that only provides security between the access point (AP) and the wireless client. - Data encryption requires a DTLS license to be installed on each access point (AP) prior to being enabled on the wireless LAN controller (WLC).

- Although DTLS is enabled by default to secure the CAPWAP control channel, it is disabled by default for the data channel.

Which two types of spanning tree protocols can cause suboptimal traffic flows because they assume only one spanning-tree instance for the entire bridged network? (Choose two.) - MSTP - RSTP - Rapid PVST+ - PVST+ - STP

- RSTP - STP

A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on a switch. However, BPDU guard is not activated on all access ports. What is the cause of the issue? - BPDU guard needs to be activated in the interface configuration command mode. - Access ports configured with root guard cannot be configured with BPDU guard. - Access ports belong to different VLANs. - PortFast is not configured on all access ports.

- PortFast is not configured on all access ports.

Which three statements accurately describe duplex and speed settings on Cisco 2960 switches? (Choose three.) - An autonegotiation failure can result in connectivity issues. - When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode. - The duplex and speed settings of each switch port can be manually configured. - Enabling autonegotiation on a hub will prevent mismatched port speeds when connecting the hub to the switch. - By default, the speed is set to 100 Mb/s and the duplex mode is set to autonegotiation. - By default, the autonegotiation feature is disabled.

- An autonegotiation failure can result in connectivity issues. - When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode. - The duplex and speed settings of each switch port can be manually configured.

A network administrator is configuring a WLAN. Why would the administrator use a WLAN controller? - to centralize management of multiple WLANs - to provide privacy and integrity to wireless traffic by using encryption - to facilitate group configuration and management of multiple WLANs through a WLC - to provide prioritized service for time-sensitive applications

- to facilitate group configuration and management of multiple WLANs through a WLC

What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port? - The switch purges the entire MAC address table. - The switch replaces the old entry and uses the more current port. - The switch updates the refresh timer for the entry. - The switch forwards the frame out of the specified port.

- The switch replaces the old entry and uses the more current port.

Users are complaining of sporadic access to the internet every afternoon. What should be done or checked? - Create static routes to all internal networks and a default route to the internet. - Verify that there is not a default route in any of the edge router routing tables. - Create a floating static route to that network. - Check the statistics on the default route for oversaturation.

- Check the statistics on the default route for oversaturation.

On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to configure a particular WLAN with a WPA2 policy? - WLANs - SECURITY - WIRELESS - MANAGEMENT

- WLANs

A network administrator has found a user sending a double-tagged 802.1Q frame to a switch. What is the best solution to prevent this type of attack? - The native VLAN number used on any trunk should be one of the active data VLANs. - The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports. - Trunk ports should be configured with port security. - Trunk ports should use the default VLAN as the native VLAN number.

- The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.

What method of wireless authentication is dependent on a RADIUS authentication server? - WEP - WPA Personal - WPA2 Personal - WPA2 Enterprise

- WPA2 Enterprise

What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers? - It sends a DHCPREQUEST that identifies which lease offer the client is accepting. - It sends a DHCPNAK and begins the DHCP process over again. - It discards both offers and sends a new DHCPDISCOVER. - It accepts both DHCPOFFER messages and sends a DHCPACK.

- It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers? - There is no ability to provide accountability. - User accounts must be configured locally on each device, which is an unscalable authentication solution. - It is very susceptible to brute-force attacks because there is no username. - The passwords can only be stored in plain text in the running configuration.

- User accounts must be configured locally on each device, which is an unscalable authentication solution.

In which situation would a technician use the show interfaces switch command? - to determine if remote access is enabled - when packets are being dropped from a particular directly attached host - when an end device can reach local devices, but not remote devices - to determine the MAC address of a directly attached network device on a particular interface

- when packets are being dropped from a particular directly attached host

What are three techniques for mitigating VLAN attacks? (Choose three.) - Use private VLANs. - Enable BPDU guard. - Enable trunking manually - Enable Source Guard. - Disable DTP. - Set the native VLAN to an unused VLAN.

- Enable trunking manually - Disable DTP. - Set the native VLAN to an unused VLAN.

A network administrator is using the router-on-a-stick model to configure a switch and a router for inter-VLAN routing. What configuration should be made on the switch port that connects to the router? - Configure it as a trunk port and allow only untagged traffic. - Configure the port as an access port and a member of VLAN1. - Configure the port as an 802.1q trunk port. - Configure the port as a trunk port and assign it to VLAN1.

Configure the port as an 802.1q trunk port.

What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server? - a static route - the ipv6 route ::/0 command - the ipv6 unicast-routing command - the ip routing command

- the ipv6 unicast-routing command

What are two reasons a network administrator would segment a network with a Layer 2 switch? (Choose two.) - to create fewer collision domains - to enhance user bandwidth - to create more broadcast domains - to eliminate virtual circuits - to isolate traffic between segments - to isolate ARP request messages from the rest of the network

- to enhance user bandwidth - to isolate traffic between segments

What protocol or technology requires switches to be in server mode or client mode? - EtherChannel - STP - VTP - DTP

- VTP

What protocol should be disabled to help mitigate VLAN attacks? - CDP - ARP - STP - DTP

- DTP

What protocol or technology uses source IP to destination IP as a load-balancing mechanism? - VTP - EtherChannel - DTP - STP

- EtherChannel

What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease? - IP address spoofing - DHCP starvation - CAM table attack - DHCP spoofing

DHCP starvation

Which protocol adds security to remote connections? - FTP - HTTP - NetBEUI - POP - SSH

- SSH

After a host has generated an IPv6 address by using the DHCPv6 or SLAAC process, how does the host verify that the address is unique and therefore usable? - The host sends an ICMPv6 echo request message to the DHCPv6 or SLAAC-learned address and if no reply is returned, the address is considered unique. - The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address and if no neighbor advertisement is returned, the address is considered unique. - The host checks the local neighbor cache for the learned address and if the address is not cached, it it considered unique. - The host sends an ARP broadcast to the local link and if no hosts send a reply, the address is considered unique.

- The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address and if no neighbor advertisement is returned, the address is considered unique.

Which DHCPv4 message will a client send to accept an IPv4 address that is offered by a DHCP server? - broadcast DHCPACK - broadcast DHCPREQUEST - unicast DHCPACK - unicast DHCPREQUEST

- broadcast DHCPREQUEST

A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service? - Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will result in fewer users accessing these services. - The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia. - The 5 GHz band has a greater range and is therefore likely to be interference-free. - The only users that can switch to the 5 GHz band will be those with the latest wireless NICs, which will reduce usage.

- The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.

What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow? - Disable DTP. - Disable STP. - Enable port security. - Place unused ports in an unused VLAN.

- Enable port security.

A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN? - the company username and password through Active Directory service - a key that matches the key on the AP - a user passphrase - a username and password configured on the AP

- a key that matches the key on the AP

A company is deploying a wireless network in the distribution facility in a Boston suburb. The warehouse is quite large and it requires multiple access points to be used. Because some of the company devices still operate at 2.4GHz, the network administrator decides to deploy the 802.11g standard. Which channel assignments on the multiple access points will make sure that the wireless channels are not overlapping? - channels 1, 5, and 9 - channels 1, 6, and 11 - channels 1, 7, and 13 - channels 2, 6, and 10

- channels 1, 6, and 11

A technician is configuring a router for a small company with multiple WLANs and doesn’t need the complexity of a dynamic routing protocol. What should be done or checked? - Verify that there is not a default route in any of the edge router routing tables. - Create static routes to all internal networks and a default route to the internet. - Create extra static routes to the same location with an AD of 1. - Check the statistics on the default route for oversaturation.

- Create static routes to all internal networks and a default route to the internet.

Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.) - dynamic auto - dynamic auto - access - trunk - dynamic desirable - trunk - access - dynamic auto - dynamic desirable - dynamic desirable - dynamic desirable - dynamic auto

- dynamic desirable - trunk - dynamic desirable - dynamic desirable - dynamic desirable - dynamic auto

What protocol or technology defines a group of routers, one of them defined as active and another one as standby? - EtherChannel - VTP - HSRP - DTP

- HSRP

A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port? - shutdown - restrict - warning - protect

- restrict

Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients? - implementing port security - turning on DHCP snooping - disabling CDP on edge ports - implementing port-security on edge ports

- turning on DHCP snooping5

A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID? - to eliminate outsiders scanning for available SSIDs in the area - to reduce the risk of interference by external devices such as microwave ovens - to reduce the risk of unauthorized APs being added to the network - to provide privacy and integrity to wireless traffic by using encryption

- to eliminate outsiders scanning for available SSIDs in the area

Which two protocols are used to provide server-based AAA authentication? (Choose two.) - 802.1x - SSH - SNMP - TACACS+ - RADIUS

- TACACS+ - RADIUS

Which method of IPv6 prefix assignment relies on the prefix contained in RA messages? - EUI-64 - SLAAC - static - stateful DHCPv6

- SLAAC

To obtain an overview of the spanning tree status of a switched network, a network engineer issues the show spanning-tree command on a switch. Which two items of information will this command display? (Choose two.) - The root bridge BID. - The role of the ports in all VLANs. - The status of native VLAN ports. - The number of broadcasts received on each root port. - The IP address of the management VLAN interface.

- The root bridge BID. - The role of the ports in all VLANs.

Which three Wi-Fi standards operate in the 2.4GHz range of frequencies? (Choose three.) - 802.11a - 802.11b - 802.11g - 802.11n - 802.11ac

- 802.11b - 802.11g - 802.11n

A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this? - auto secure MAC addresses - dynamic secure MAC addresses - static secure MAC addresses - sticky secure MAC addresses

- sticky secure MAC addresses

During the AAA process, when will authorization be implemented? - Immediately after successful authentication against an AAA data source - Immediately after AAA accounting and auditing receives detailed reports - Immediately after an AAA client sends authentication information to a centralized server - Immediately after the determination of which resources a user can access

- Immediately after successful authentication against an AAA data source

What would be the primary reason an attacker would launch a MAC address overflow attack? - so that the switch stops forwarding traffic - so that legitimate hosts cannot obtain a MAC address - so that the attacker can see frames that are destined for other hosts - so that the attacker can execute arbitrary code on the switch

- so that the attacker can see frames that are destined for other hosts

What is the effect of entering the shutdown configuration command on a switch? - It enables BPDU guard on a specific port. - It disables an unused port. - It enables portfast on a specific switch interface. - It disables DTP on a non-trunking interface.

- It disables an unused port.

What protocol or technology allows data to transmit over redundant switch links? - EtherChannel - DTP - STP - VTP

- EtherChannel

Which type of static route is configured with a greater administrative distance to provide a backup route to a route learned from a dynamic routing protocol? - floating static route - default static route - summary static route - standard static route

- floating static route

Which information does a switch use to populate the MAC address table? - the destination MAC address and the incoming port - the destination MAC address and the outgoing port - the source and destination MAC addresses and the incoming port - the source and destination MAC addresses and the outgoing port - the source MAC address and the incoming port - the source MAC address and the outgoing port

- the source MAC address and the incoming port

A company has just switched to a new ISP. The ISP has completed and checked the connection from its site to the company. However, employees at the company are not able to access the internet. What should be done or checked? - Verify that the static route to the server is present in the routing table. - Check the configuration on the floating static route and adjust the AD. - Ensure that the old default route has been removed from the company edge routers. - Create a floating static route to that network.

- Ensure that the old default route has been removed from the company edge routers.

A technician is troubleshooting a slow WLAN and decides to use the split-the-traffic approach. Which two parameters would have to be configured to do this? (Choose two.) - Configure the 5 GHz band for streaming multimedia and time sensitive traffic. - Configure the security mode to WPA Personal TKIP/AES for one network and WPA2 Personal AES for the other network - Configure the 2.4 GHz band for basic internet traffic that is not time sensitive. - Configure the security mode to WPA Personal TKIP/AES for both networks. - Configure a common SSID for both split networks.

- Configure the 5 GHz band for streaming multimedia and time sensitive traffic. - Configure the 2.4 GHz band for basic internet traffic that is not time sensitive.

A network administrator is configuring a new Cisco switch for remote management access. Which three items must be configured on the switch for the task? (Choose three.) - IP address - VTP domain - vty lines - default VLAN - default gateway - loopback address

- IP address - vty lines - default gateway

Why is DHCP snooping required when using the Dynamic ARP Inspection feature? - It relies on the settings of trusted and untrusted ports set by DHCP snooping. - It uses the MAC address table to verify the default gateway IP address. - It redirects ARP requests to the DHCP server for verification. - It uses the MAC-address-to-IP-address binding database to validate an ARP packet.

- It uses the MAC-address-to-IP-address binding database to validate an ARP packet.

Which network attack is mitigated by enabling BPDU guard? - rogue switches on a network - CAM table overflow attacks - MAC address spoofing - rogue DHCP servers on a network

- rogue switches on a network

On what switch ports should BPDU guard be enabled to enhance STP stability? - all PortFast-enabled ports - only ports that are elected as designated ports - only ports that attach to a neighboring switch - all trunk ports that are not root ports

- all PortFast-enabled ports

Which two functions are performed by a WLC when using split media access control (MAC)? (Choose two.) - Packet acknowledgments and retransmissions - frame queuing and packet prioritization - beacons and probe responses - frame translation to other protocols - association and re-association of roaming clients

- frame translation to other protocols - association and re-association of roaming clients

A network administrator is configuring a WLAN. Why would the administrator change the default DHCP IPv4 addresses on an AP? - to restrict access to the WLAN by authorized, authenticated users only - to monitor the operation of the wireless network - to reduce outsiders intercepting data or accessing the wireless network by using a well-known address range - to reduce the risk of interference by external devices such as microwave ovens

- to reduce outsiders intercepting data or accessing the wireless network by using a well-known address range

A network administrator is adding a new WLAN on a Cisco 3500 series WLC. Which tab should the administrator use to create a new VLAN interface to be used for the new WLAN? - WIRELESS - MANAGEMENT - CONTROLLER - WLANs

- CONTROLLER

What is the common term given to SNMP log messages that are generated by network devices and sent to the SNMP server? - traps - acknowledgments - auditing - warnings

- traps

What two default wireless router settings can affect network security? (Choose two.) - The SSID is broadcast. - MAC address filtering is enabled. - WEP encryption is enabled. - The wireless channel is automatically selected. - A well-known administrator password is set.

- The SSID is broadcast. - A well-known administrator password is set.

A static route has been configured on a router. However, the destination network no longer exists. What should an administrator do to remove the static route from the routing table? - Remove the route using the no ip route command. - Change the administrative distance for that route. - Change the routing metric for that route. - Nothing. The static route will go away on its own.

- Remove the route using the no ip route command.

Select the three PAgP channel establishment modes. (Choose three.) - auto - default - passive - desirable - extended - on

- auto - desirable - on

A junior technician was adding a route to a LAN router. A traceroute to a device on the new network revealed a wrong path and unreachable status. What should be done or checked? - Verify that there is not a default route in any of the edge router routing tables. - Check the configuration on the floating static route and adjust the AD. - Create a floating static route to that network. - Check the configuration of the exit interface on the new static route.

- Check the configuration of the exit interface on the new static route.

What action takes place when a frame entering a switch has a multicast destination MAC address? - The switch will forward the frame out all ports except the incoming port. - The switch forwards the frame out of the specified port. - The switch adds a MAC address table entry mapping for the destination MAC address and the ingress port. - The switch replaces the old entry and uses the more current port.

- The switch will forward the frame out all ports except the incoming port.

Which command will start the process to bundle two physical interfaces to create an EtherChannel group via LACP? - interface port-channel 2 - channel-group 1 mode desirable - interface range GigabitEthernet 0/4 – 5 - channel-group 2 mode auto

- interface range GigabitEthernet 0/4 – 5

Successful inter-VLAN routing has been operating on a network with multiple VLANs across multiple switches for some time. When an inter-switch trunk link fails and Spanning Tree Protocol brings up a backup trunk link, it is reported that hosts on two VLANs can access some, but not all the network resources that could be accessed previously. Hosts on all other VLANS do not have this problem. What is the most likely cause of this problem? - The protected edge port function on the backup trunk interfaces has been disabled. - The allowed VLANs on the backup link were not configured correctly. - Dynamic Trunking Protocol on the link has failed. - Inter-VLAN routing also failed when the trunk link failed.

- The protected edge port function on the backup trunk interfaces has been disabled.

Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.) - In a switched network, they are mostly configured between switches at the core and distribution layers. - The interface vlan command has to be entered to create a VLAN on routed ports. - They support subinterfaces, like interfaces on the Cisco IOS routers. - They are used for point-to-multipoint links.

- In a switched network, they are mostly configured between switches at the core and distribution layers. - They are used for point-to-multipoint links.

What is the IPv6 prefix that is used for link-local addresses? - FF01::/8 - 2001::/3 - FC00::/7 - FE80::/10

- FE80::/10

What is the effect of entering the spanning-tree portfast configuration command on a switch? - It disables an unused port. - It disables all trunk ports. - It enables portfast on a specific switch interface. - It checks the source L2 address in the Ethernet header against the sender L2 address in the ARP body.

- It enables portfast on a specific switch interface.

Compared with dynamic routes, what are two advantages of using static routes on a router? (Choose two.) - They improve network security. - They take less time to converge when the network topology changes. - They improve the efficiency of discovering neighboring networks. - They use fewer router resources.

- They improve network security. - They use fewer router resources.

How will a router handle static routing differently if Cisco Express Forwarding is disabled? - It will not perform recursive lookups. - Ethernet multiaccess interfaces will require fully specified static routes to avoid routing inconsistencies. - Static routes that use an exit interface will be unnecessary. - Serial point-to-point interfaces will require fully specified static routes to avoid routing inconsistencies.

- Ethernet multiaccess interfaces will require fully specified static routes to avoid routing inconsistencies.

A network administrator is preparing the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces? - Link types can only be configured on access ports configured with a single VLAN. - Link types can only be determined if PortFast has been configured. - Link types are determined automatically. - Link types must be configured with specific port configuration commands.

- Link types are determined automatically.

Which three steps should be taken before moving a Cisco switch to a new VTP management domain? (Choose three.) - Configure the switch with the name of the new management domain. - Reset the VTP counters to allow the switch to synchronize with the other switches in the domain. - Configure the VTP server in the domain to recognize the BID of the new switch. - Download the VTP database from the VTP server in the new domain. - Select the correct VTP mode and version. - Reboot the switch.

- Configure the switch with the name of the new management domain. - Select the correct VTP mode and version. - Reboot the switch.

What protocol or technology disables redundant paths to eliminate Layer 2 loops? - VTP - STP - EtherChannel - DTP

- STP

Which two VTP modes allow for the creation, modification, and deletion of VLANs on the local switch? (Choose two.) - client - master - distribution - slave - server - transparent

- server - transparent

After attaching four PCs to the switch ports, configuring the SSID and setting authentication properties for a small office network, a technician successfully tests the connectivity of all PCs that are connected to the switch and WLAN. A firewall is then configured on the device prior to connecting it to the Internet. What type of network device includes all of the described features? - firewall appliance - wireless router - switch - standalone wireless access point

- wireless router

Which wireless encryption method is the most secure? - WPA2 with AES - WPA2 with TKIP - WEP - WPA

- WPA2 with AES

What is a secure configuration option for remote access to a network device? - Configure an ACL and apply it to the VTY lines. - Configure 802.1x. - Configure SSH. - Configure Telnet.

- Configure SSH.

An administrator is trying to remove configurations from a switch. After using the command erase startup-config and reloading the switch, the administrator finds that VLANs 10 and 100 still exist on the switch. Why were these VLANs not removed? - Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted. - These VLANs cannot be deleted unless the switch is in VTP client mode. - These VLANs are default VLANs that cannot be removed. - These VLANs can only be removed from the switch by using the no vlan 10 and no vlan 100 commands.

- Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted.

Which statement describes a result after multiple Cisco LAN switches are interconnected? - The broadcast domain expands to all switches. - One collision domain exists per switch. - There is one broadcast domain and one collision domain per switch. - Frame collisions increase on the segments connecting the switches. - Unicast frames are always forwarded regardless of the destination MAC address.

- The broadcast domain expands to all switches.

Which statement is correct about how a Layer 2 switch determines how to forward frames? - Frame forwarding decisions are based on MAC address and port mappings in the CAM table. - Only frames with a broadcast destination address are forwarded out all active switch ports. - Unicast frames are always forwarded regardless of the destination MAC address. - Cut-through frame forwarding ensures that invalid frames are always dropped.

- Frame forwarding decisions are based on MAC address and port mappings in the CAM table.

A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation? - VLAN hopping - DHCP spoofing - MAC address table overflow - VLAN double-tagging

- MAC address table overflow

What is a method to launch a VLAN hopping attack? - introducing a rogue switch and enabling trunking - sending spoofed native VLAN information - sending spoofed IP addresses from the attacking host - flooding the switch with MAC addresses

- introducing a rogue switch and enabling trunking

Which option shows a correctly configured IPv4 default static route? - ip route 0.0.0.0 255.255.255.0 S0/0/0 - ip route 0.0.0.0 0.0.0.0 S0/0/0 - ip route 0.0.0.0 255.255.255.255 S0/0/0 - ip route 0.0.0.0 255.0.0.0 S0/0/0

- ip route 0.0.0.0 0.0.0.0 S0/0/0