Test 1

Test 1
Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
Welcome to the exam CCNA 200-301 - Summary Test 1 - Network Basic + Switching + Routing Overview +
Security.
Click "Begin" to start your exam.
Attention: You should be make sure with your choose. You'll not be able to go back after the clicking "Next"
button.
Questions: 50
Time: 120 minutes
Version: 2019
Passing score: 500/1000
Viet Professional Co. Ltd. VnPro ®

-------------------------------------------------------------------------
149/1D Ung Van Khiem Street Ward 25 Binh Thanh District HCMC
Tel: (028) 35124257
Fax: (028) 5124314
Home Page : https://www.vnpro.vn
Support forum: http://www.vnpro.org
Facebook : https://facebook.com/VnPro
Network channel: http://www.dancisco.com
Good luck for your exam!
Sections
1. Network Basic
2. The TCP/IP and OSI Networking Models
3. IPv4 Addressing and Subneting
4. Physical Cable
5. Recovery Password and Upgrade IOS
6. Basic config Router
7. Telnet and CDP
8. Ethernet LAN Switchs
9. VLAN, Trunking, VTP
10. Troubleshooting Ethernet LANs
11. Spanning Tree Protocol
12. InterVlan Routing
13. ARP
14. DHCP
15. Routing Overview and Static Route
16. EtherChannel
17. HSRP
18. Port Security and SSH
19. Security
20. IP Routing Technologies
21. Route Summarization - VLSM
22. OSPF
23. Access Control Lists
24. Network Address Translation
25. WAN - VPN
26. IPv6
27. Wireless LAN
28. Automation
Exam A
QUESTION 1
Computer networks do which of the following?
A. Allow computer hosts to communicate data between each other

B. Provide a user interface to control computer hosts
C. Provide a user interface to control networking devices
D. Operate solar power stations
Correct Answer: A
Section: Network Basic
Explanation
Explanation/Reference:
QUESTION 2
Which character is incorrect about a network?
A. Cost
B. Speed
C. Topology
D. Security
E. Internet
Correct Answer: E
Section: Network Basic
Explanation
QUESTION 3
Select two answers TCP/IP layer 4 protocols?
A. Ethernet
B. TCP
C. IP
D. UDP
E. HTTP
Correct Answer: BD
Section: The TCP/IP and OSI Networking Models
Explanation
QUESTION 4
Select the best answer: The following terms is used specifically to identify the entity created when
encapsulating data inside Layer 2 headers?
A. Data
B. Packet to Frame
C. Segment
D. Frame
E. Packet
Correct Answer: D
Explanation
QUESTION 5
Select the best answer: Which layer defines the functions of logical network-wide addressing and routing in
OSI?
A. Physical
B. Data Link
C. Transport
D. Network
E. Session
Correct Answer: D
Explanation
QUESTION 6
Select the best answer: Which OSI layer defines the standards for connectors and cabling?
A. Cable
B. Physical
C. Internet
D. Data link
E. Link local
Correct Answer: B
Explanation
QUESTION 7
Select two answers: Which terms are not correct OSI layers?
A. Application
B. Data link
C. Transport
D. Presentation
E. Internet
F. Transmission
Correct Answer: EF
Explanation
QUESTION 8
The FCS on a frame detect that the frame is damaged. The frame is then drop. Which OSI layer did this?
A. Layer 4
B. Layer 3
C. Layer 2
D. Layer 2, 3
E. Layer 1, 2
Correct Answer: C
Explanation
QUESTION 9
Which services use TCP?
1. SMTP
2. SNMP
3. HTTP
4. TFTP
5. FTP
A. 1, 2 and 3
B. 1, 3 and 5
C. 2, 3 and 5
D. 2, 3 and 4
Correct Answer: B
Explanation
QUESTION 10
Which services use UDP?
1. SNMP
2. SMTP
3. FTP
4. TFTP
5. HTTPS
6. NTP
A. 1, 2 and 6
B. 1, 4 and 6
C. 3, 4 and 5
D. 2, 3 and 4
Correct Answer: B
Explanation
QUESTION 11
Select the best choice: Transmission data rate is decided by
A. Data link layer

B. Network layer
C. Application layer
D. Transport layer
E. Physical layer
Correct Answer: E
Explanation
QUESTION 12
Select the best choice: Which transmission media has the highest transmission speed in a network?
A. Coaxial cable
B. Optical fiber
C. Twisted pair cable
D. Electrical cable
Correct Answer: B
Explanation
QUESTION 13
Choose the correct answer about the CSMA/CD?
A. The algorithm never allows collisions to occur.

B. Collisions can happen, but the algorithm defines how the computers should notice a collision and how to
recover.
C. The algorithm works with only two devices on the same Ethernet.
D. None of the other answers is correct.
Correct Answer: B
Explanation
QUESTION 14
Select the best answer that is correct format of Ethernet addresses?
A. Each manufacturer puts a unique OUI code into the first 2 bytes of the address.
B. Each manufacturer puts a unique OUI code into the first 3 bytes of the address.
C. The part of the address that holds this manufacturer’s code has no specific name.
D. The part of the address that holds this manufacturer’s code is called the MAC.
Correct Answer: B
Explanation
QUESTION 15
Which of the following terms describe Ethernet addresses that can be used to send one frame that is
delivered to multiple devices on the LAN? (Choose two answers.)
A. Burned-in address
B. Unicast address
C. Broadcast address
D. Multicast address
Correct Answer: CD
Explanation
QUESTION 16
What layer of the OSI model coordinates with the Transport layer of the TCP/IP model?
A. Network
B. Transport
C. Session
D. Presentation
E. Application
Correct Answer: B
Explanation
QUESTION 17
With respect to the OSI model, which of the following are correct statements about PDUs?
A. A segment contains IP addresses.

B. A frame contains IP addresses.
C. A frame contains MAC addresses.
D. A packet contains MAC addresses.
Correct Answer: C
Explanation
QUESTION 18
In the accompanying graphic, what is the name for the section of the MAC address marked as unknown?
A. IOS
B. ISO
C. OUI
D. OSI
Correct Answer: C
Explanation
QUESTION 19
On which type of device could the situation shown in the diagram occur?
A. Hub
B. Switch
C. Router
D. Bridge
Correct Answer: A
Explanation
QUESTION 20
The following illustration shows a data structure header. What protocol is this header from?
A. IP
B. ICMP
C. TCP
D. UDP
E. ARP
F. RARP
Correct Answer: D
Explanation
QUESTION 21
Which of the following statements describe the network shown in the graphic? (Choose two.)
A. There are two broadcast domains in the network.
B. There are four broadcast domains in the network.
C. There are six broadcast domains in the network.
D. There are four collision domains in the network.
E. There are five collision domains in the network.
F. There are seven collision domains in the network.
Correct Answer: AF
Explanation
QUESTION 22
Which of the following objects is above the Network Layer? (chose three)
A. segments
B. IP Addresses
C. frames
D. packets
E. UDP
F. MAC Addresses
G. windowing
H. routing
Correct Answer: BDH

Explanation
QUESTION 23
Which of the following objects is above the Transport Layer? (chose three)
A. segments
B. IP Addresses
C. frames
D. packets
E. UDP
F. MAC Addresses
G. windowing
H. routing
Correct Answer: AEG

Explanation
QUESTION 24
If a router has 3 hosts connected in one port and two other hosts connected in another port, how may
broadcast domains are present on the router?
A. 2
B. 3
C. 4
D. 5
Correct Answer: A
Explanation
QUESTION 25
The process of a web server adding a TCP header to the contents of a web page, followed by adding an IP
header and then adding a data-link header and trailer, is an
example of what?
A. Data encapsulation
B. Same-layer interaction
C. OSI model
D. All of these answers are correct.
Correct Answer: A
Explanation
QUESTION 26
Which OSI encapsulation term can be used instead of the term frame?
A. Layer 1 PDU
B. Layer 2 PDU
C. Layer 3 PDU
D. Layer 5 PDU
E. Layer 7 PDU
Correct Answer: B
Explanation
QUESTION 27
A Class B network needs to be subnetted such that it supports 300 subnets and 60 hosts/subnet. Which of the
following answers list a workable combination for the number of network, subnet, and host bits? (Select two
answers.)
A. Network = 16, subnet = 9, host = 7

B. Network = 16, subnet = 8, host = 8
C. Network = 16, subnet = 7, host = 9
D. Network = 16, subnet = 10, host = 6
E. Network = 16, subnet = 11, host = 6
F. Network = 16, subnet = 11, host = 5
Correct Answer: AD
Section: IPv4 Addressing and Subneting
Explanation
QUESTION 28
Which of the following are private IP networks? (Select three answers.)
A. 172.30.0.0
B. 172.32.0.0
C. 192.168.255.0
D. 192.16.168.0
E. 11.0.0.0
F. 10.0.0.0
Correct Answer: ACF

Explanation
QUESTION 29
Which of the following are public IP networks? (Select four answers.)
A. 8.0.0.0
B. 172.15.0.0
C. 192.168.0.0
D. 192.16.0.0
E. 127.0.0.0
F. 172.32.0.0
G. 224.0.0.0
Correct Answer: ABDF

Explanation
QUESTION 30
Which of the following are not valid Class A network IDs? (Choose two answers.)
A. 126.0.0.0
B. 127.0.0.0
C. 128.0.0.0
D. 129.0.0.0
Correct Answer: CD
Explanation
QUESTION 31
Which of the following are not valid Class B network IDs?
A. 130.0.0.0
B. 191.255.0.0
C. 126.255.0.0
D. 150.255.0.0
E. 113.0.0.0
Correct Answer: CE
Explanation
QUESTION 32
Which of the following are true about IP address 172.30.15.55’s IP network? (Select three answers.)
A. The network ID is 172.30.0.0.

B. The default mask for the network is 255.255.0.0.
C. The default mask for the network is 255.252.0.0.
D. The number of host bits in the unsubnetted network is 16.
E. The network ID is 172.0.0.0.
F. The network ID is 172.16.0.0.
Correct Answer: ABD
Explanation
QUESTION 33
Which of the following are true about IP address 192.168.100.17’s IP network? (Select two answers.)
A. The network ID is 192.168.100.10.

B. The network is a Class C network.
C. The default mask for the network is 255.255.254.0.
D. The number of host bits in the unsubnetted network is 16.
E. The default prefix length is /24.
Correct Answer: BE
Explanation
QUESTION 34
Select three answers: Which of the following is a network broadcast address?
A. 10.255.255.255
B. 192.228.255.128
C. 224.1.1.255
D. 172.30.255.255
E. 255.255.255.255
F. 220.0.1.255
Correct Answer: ADF

Explanation
QUESTION 35
Which of the following is a Class A, B, or C network ID?
A. 11.1.0.127
B. 192.168.1.0
C. 113.0.0.0
D. 172.0.0.1
E. 172.16.0.0
F. 192.168.1.1
Correct Answer: BCE

Explanation
QUESTION 36
Which of the following answers lists the prefix format equivalent of 255.255.224.0?
A. /20
B. /19
C. /23
D. /24
E. /21
Correct Answer: B
Explanation
QUESTION 37
Which of the following answers lists the prefix format equivalent of 255.255.255.128?
A. /25
B. /26
C. /27
D. /28
E. /29
Correct Answer: A
Explanation
QUESTION 38
Which of the following answers lists the subnet mask equivalent of /23?
A. 255.255.255.192
B. 255.255.192.0
C. 255.255.255.240
D. 255.255.254.0
E. 255.255.255.0
Correct Answer: D
Explanation
QUESTION 39
Working at the help desk, you receive a call and learn a user’s PC IP address and mask (10.55.66.77, mask
255.255.255.0). When thinking about this using classful logic, you determine the number of network subnet
(S) bits, and number of network host (H) bits. Which of the following is true in this case?
A. S=12
B. S=16
C. H=8
D. S=8
E. H=24
Correct Answer: C
Explanation
QUESTION 40
Working at the help desk, you receive a call and learn a user’s PC IP address and mask (192.168.9.1/27).
When thinking about this using classful logic, you determine the number of network subnet (S) bits and
number of network host (H) bits. Which of the following is true in this case?
A. S=27
B. S=24
C. H=6
D. H=9
Correct Answer: A
Explanation
QUESTION 41
An engineer is thinking about the following IP address and mask using classless IP addressing logic:
172.16.0.0, 255.255.128.0. Which of the following statements are true when using classless addressing logic?
(Choose two.)
A. The network part’s size is 10 bits.

B. The prefix length is 17 bits.
C. The prefix length is 16 bits.
D. The host part’s size is 15 bits.
E. The host part’s size is 16 bits.
F. The network part’s size is 24 bits.
Correct Answer: BD
Explanation
QUESTION 42
Which of the following is the resident subnet ID for IP address 10.11.12.13/16?
A. 10.0.0.0
B. 10.11.0.0
C. 10.11.12.0
D. 10.11.12.13
Correct Answer: B
Explanation
QUESTION 43
Which of the following answers lists the subnet mask equivalent of /20?
A. 255.240.0.0
B. 255.252.0.0
C. 255.255.0.0
D. 255.255.192.0
E. 255.255.240.0
Correct Answer: E
Explanation
QUESTION 44
Which of the following is the resident subnet for IP address 192.168.16.197/26?
A. 192.168.16.240
B. 192.168.16.128
C. 192.168.16.224
D. 192.168.16.192
Correct Answer: D
Explanation
QUESTION 45
Which of the following is the subnet broadcast address for the subnet in which IP address 172.31.77.201/25
resides?
A. 172.31.77.255
B. 172.31.255.127
C. 172.31.77.223
D. 172.31.77.191
Correct Answer: A
Explanation
QUESTION 46
You have been asked to come up with a subnet mask that will allow all two web servers to be on the same
network while providing the maximum number of subnets. Which network address and subnet mask meet this
requirement? (Choose two.)
A. 192.168.252.0 255.255.255.252
B. 192.168.252.8 255.255.255.248
C. 192.168.252.8 255.255.255.254
D. 192.168.252.16 255.255.255.240
E. 192.168.252.16 255.255.255.252
Correct Answer: AE
Explanation
QUESTION 47
Given an IP address 172.16.31.252 with a subnet mask of 255.255.240.0, what is the correct network
address?
A. 172.16.16.0
B. 172.16.32.0
C. 172.16.24.0
D. 172.16.31.0
Correct Answer: A
Explanation
QUESTION 48
Refer to the exhibit.
Which subnet mask will place all hosts on Network B in the same subnet with the least amount of wasted
addresses?
A. 255.255.255.0
B. 255.255.254.0
C. 255.255.252.0
D. 255.255.248.0
Correct Answer: C
Explanation
QUESTION 49
A new subnet with 120 hosts has been added to the network. Which subnet address should this network use to
provide enough usable addresses while wasting the fewest addresses?
A. 192.168.1.56/25
B. 192.168.1.64/25
C. 192.168.1.64/26
D. 192.168.1.56/26
Correct Answer: B
Explanation
QUESTION 50
Which network addresses should be used for Link A and Network A? (Choose two.)
A. Network A - 172.16.3.128/26
B. Network A - 172.16.3.128/25
C. Network A - 172.16.3.192/24
D. Network A - 172.16.3.192/25
E. Link A - 172.16.3.40/30
F. Link A - 172.16.3.0/30
Correct Answer: AF
Explanation
QUESTION 51
Which subnet mask would be appropriate for a network address range to be subnetted for up to four LANs,
with each LAN containing 5 to 32 hosts?
A. 0.0.0.240
B. 255.255.255.128
C. 255.255.255.240
D. 255.255.255.224
E. 255.255.255.192
Correct Answer: E
Explanation
QUESTION 52
Given an IP address 172.16.28.252 with a subnet mask of 255.255.248.0, what is the correct network
address?
A. 172.16.16.0
B. 172.16.32.0
C. 172.16.24.0
D. 172.16.28.0
Correct Answer: C
Explanation
QUESTION 53
Which valid IP is in the same network as 192.168.16.61/27? (Choose three answers).
A. 192.168.16.59
B. 192.168.16.63
C. 192.168.16.64
D. 192.168.16.30
E. 192.168.16.31
F. 192.168.16.33
Correct Answer: ABF

Explanation
QUESTION 54
What is the number of subnets which you can have for a mask of 255.255.255.252?
A. 8
B. 16
C. 32
D. 64
E. 4
F. 128
Correct Answer: D
Explanation
QUESTION 55
Which is the Class C private IP address range? (Choose the best answer).
A. 192.168.0.0/8
B. 192.168.0.0/12
C. 192.168.0.0/16
D. 192.168.1.0/24
E. 192.168.0.0/24
Correct Answer: C
Explanation
QUESTION 56
You have an interface on a router with the IP address of 192.168.192.10/29. Excluding the router interface,
how many hosts can have IP addresses on the LAN attached to the router interface?
A. 5
B. 6
C. 7
D. 62
Correct Answer: A
Explanation
QUESTION 57
In the network shown in the diagram. How many hosts can be add in to Network B?
A. 11
B. 12
C. 14
D. 16
Correct Answer: A
Explanation
QUESTION 58
Select and Place:
Correct Answer:
Section: Physical Cable
Explanation
QUESTION 59
In the diagram below, identify the cable types required for connections A and B.
A. A crossover, B crossover
B. A crossover, B straight through
C. A straight through, B straight through
D. A straight through, B crossover
Correct Answer: B
Explanation
QUESTION 60
What type of cable uses the pinout shown here?
A. Fiber optic
B. Crossover Gigabit Ethernet cable
C. Straight-through FastEthernet
D. Coaxial
Correct Answer: B
Explanation
QUESTION 61
Between which systems could you use a cable that uses the pinout pattern shown below?
A. With a connection from a switch to a bridge

B. With a connection from a router to a switch
C. With a connection from a host to a host
D. With a connection from a host to a router
Correct Answer: B
Explanation
QUESTION 62
Choose three pairs of devices use straight-through cable?
A. PC and router
B. Router and switch
C. Hub and switch
D. Router and hub
E. Wireless access point (Ethernet port) and switch
F. Switch and bridge
Correct Answer: BDE

Explanation
QUESTION 63
Choose three pairs of devices use crossover cable?
A. PC and router
B. PC and switch
C. Hub and switch
D. Router and switch
E. Wireless access point (Ethernet port) and switch
F. Router and Wireless access point (Ethernet port)
Correct Answer: ACF

Explanation
QUESTION 64
Choose the correct answer about Fast Ethernet crossover cables?
A. Pins 1 and 2 are reversed on the other end of the cable.

B. Pins 1 and 2 on one end of the cable connect to pins 3 and 6 on the other end of the cable.
C. Pins 1 and 2 on one end of the cable connect to pins 3 and 4 on the other end of the cable.
D. The cable can be up to 1000 meters long to cross over between buildings.
E. None of the other answers is correct.
Correct Answer: B
Explanation
QUESTION 65
Which of the following Ethernet standards defines Gigabit Ethernet over UTP cabling?
A. 10GBASE-T
B. 100BASE-T
C. 1000BASE-T
D. None of the other answers is correct.
Correct Answer: C
Explanation
QUESTION 66
Router VnPro is booting and has just completed the POST process. It is now ready to find and load an IOS
image. What function does the router perform next?
A. It checks the configuration register.

B. It attempts to boot from a TFTP server.
C. It loads the first image file in flash memory.
D. It inspects the configuration file in NVRAM for boot instructions.
Correct Answer: A
Section: Recovery Password and Upgrade IOS
Explanation
QUESTION 67
When does the power-on self test (POST) run?
A. Immediately after the Cisco IOS loads on a router

B. Immediately after the startup configuration loads on a router
C. Immediately after the startup configuration loads on a router
D. Immediately after a Cisco router is powered up
Correct Answer: D
Explanation
QUESTION 68
What does the flash memory on a Cisco router store?
A. The startup configuration of a Cisco router

B. The image file of the Cisco IOS operating system
C. The Cisco Device Manager software application
D. All answers are true
Correct Answer: D
Explanation
QUESTION 69
What command save configuration to NVRAM?
A. copy running-config tftp

B. copy tftp running-config
C. copy running-config startup-config
D. copy startup-config running-config
Correct Answer: C
Section: Basic config Router
Explanation
QUESTION 70
In which of the following modes in Cisco's IOS can you issue show commands?
A. Interface Configuration
B. Privileged
C. Line Configuration
D. Global Configuration
Correct Answer: B
Explanation
QUESTION 71
In which of the following modes in Cisco's IOS can you use to encryption all password?
A. service password-encryption
B. password-encryption enable
C. service password md7
D. service encryption-password
Correct Answer: A
Explanation
QUESTION 72
Which command will delete the contents of NVRAM on a Router?
A. Router(config)# NVRAM
B. Router# startup-config
C. Router# erase startup-config
D. Router(config)# erase startup-config
E. Router# reload
Correct Answer: C
Explanation
QUESTION 73
Which of the following installation steps are more likely required on a Cisco router,
but not typically required on a Cisco switch? (Choose two answers.)
A. Connect Ethernet cables

B. Connect serial cables
C. Connect to the console port
D. Connect the power cable
E. Turn the on/off switch to “on”
Correct Answer: BE
Explanation
QUESTION 74
Which of the following commands might you see associated with a router CLI, but not with a switch CLI?
A. The show mac address-table command

B. The show ip route command
C. The show running-config command
D. The show interfaces status command
Correct Answer: B
Explanation
QUESTION 75
Which answers list a task that could be helpful in making a router interface G0/0 ready
to route packets? (Choose two answers.)
A. Configuring the ip address address mask command in G0/0 configuration mode

B. Configuring the ip address address and ip mask mask commands in G0/0 configuration mode
C. Configuring the no shutdown command in G0/0 configuration mode
D. Setting the interface description in G0/0 configuration mode
Correct Answer: AC
Explanation
QUESTION 76
What's the default router operational mode for users connecting to a Cisco router via Telnet?
A. user exec
B. enable
C. global configuration
D. privileged
Correct Answer: A
Section: Telnet and CDP
Explanation
QUESTION 77
At which layer of the OSI model does Telnet run?
A. Applications
B. Session
C. Presentation
D. Network
Correct Answer: A
Explanation
QUESTION 78
Choice the correct command shows telnet/ssh connections to your router?
A. show cdp neigbors

B. show session
C. show users
D. show vty logins
Correct Answer: C
Explanation
QUESTION 79
Choice the correct command shows telnet/ssh connections from your router?
A. show cdp neigbors

B. show session
C. show users
D. show vty logins
Correct Answer: B
Explanation
QUESTION 80
The two exhibit devices are the only Cisco devices on the network. The serial network between the two
devices has a mask of 255.255.255.252. Given the output that is shown, what three statements are true of
these devices? (Choose three.)
A. The Manchester serial address is 10.1.1.1

B. The Manchester serial address is 10.1.1.2
C. The London router is a Cisco 2610
D. The Manchester router is a Cisco 2610
E. The CDP information was sent by port Serial0/1 of the Manchester router
F. The CDP information was sent by port Serial0/1 of the London router
Correct Answer: BDE

Explanation
QUESTION 81
Which of the following commands will configure all the default VTY ports on a router?
A. Router#line vty 0 4
B. Router(config)#line vty 0 4
C. Router(config-if)#line console 0
D. Router(config-if)#line aux 0
Correct Answer: B
Explanation
QUESTION 82
Select the best answer: Which command would you configure globally on a Cisco router that would allow you
to view directly connected Cisco devices?
A. enable cdp
B. cdp enable
C. cdp run
D. run cdp
Correct Answer: C
Explanation
Explanation:
CDP is enabled on Cisco routers by default. If you prefer not to use the CDP capability, disable it with the no
cdp run command. In order to reenable CDP, use the cdp run command in global configuration mode. The
"cdp enable" command is an interface command, not global.
QUESTION 83
What type of switch memory is used to store the configuration used by the switch when it is up and working?
A. RAM
B. ROM
C. Flash
D. NVRAM
E. Bubble
Correct Answer: A
Section: Ethernet LAN Switchs
Explanation
QUESTION 84
In what two modes you use show mac address-table?
A. User mode
B. Privilege mode
C. Global configuration mode
D. Interface configuration mode
Correct Answer: AB
Explanation
QUESTION 85
AS1(config-line)#
Which of the following would place the user in privileged mode? (Choose two answers.)
A. AS1(config-line)#end
B. AS1(config-line)#exit
C. Pressing the Ctrl-Z key sequence once
D. AS1(config-line)#quit
Correct Answer: AC
Explanation
QUESTION 86
In what mode you use reload the switch?
A. User mode
B. Privilege mode
C. Global configuration mode
D. Interface configuration mode
Correct Answer: B
Explanation
QUESTION 87
Select two statements are true of the interfaces on Switch?
A. Multiple devices are connected directly to FastEthernet0/1.

B. A hub is connected directly to FastEthernet0/5.
C. FastEthernet0/1 is connected to a host with multiple network interface cards.
D. FastEthernet0/5 has statically assigned MAC addresses.
E. FastEthernet0/1 is configured as a trunk link.
F. Interface FastEthernet0/2 has been disabled.
Correct Answer: BE
Explanation
Explanation:
Carefully observe the information given after command show. Fa0/1 is connected to Switch2, seven MAC
addresses correspond to Fa0/1, and these MAC are in different VLAN. From this we know that Fa0/1 is the
trunk interface.
From the information given by show cdp neighbors we find that there is no Fa0/5 in CDP neighbor. However,
F0/5 corresponds to two MAC addresses in the same VLAN. Thus we know that Fa0/5 is connected to a Hub.
Based on the output shown, there are multiple MAC addresses from different VLANs attached to the
FastEthernet 0/1 interface. Only trunks are able to pass information from devices in multiple VLANs.
QUESTION 88
Refer to Exhibit:
How many collision domains are shown in the graphic assuming only the default VLAN is configured on the
switches?
A. one
B. two
C. six
D. seven
E. twelve
Correct Answer: D
Explanation
QUESTION 89
What does a Layer 2 switch use to decide where to forward a received frame?
A. source MAC address

B. source IP address
C. source switch port
D. destination IP address
E. destination port address
F. destination MAC address
Correct Answer: F
Explanation
QUESTION 90
Switch receives a frame with destination MAC aabb.cc80.0200. What will Switch do with this data?
A. Switch will drop the data because it does not have an entry for that MAC address.
B. Switch will forward the data out all of its ports except for the incoming interface.
C. Switch will send an ARP request out all its ports except the port from which the data originated.
D. Switch will forward the data to its default gateway.
Correct Answer: B
Explanation
QUESTION 91
Sw(config)#enable password cisco
Sw(config)#enable secret vnpro
Which command defines the password that you had to enter to access privileged mode?
A. enable secret
B. enable password
C. Neither
D. The password command, if it’s configured
E. Both
Correct Answer: A
Explanation
QUESTION 92
When switch receives a frame has destination broadcast MAC address?
A. It compares the unicast destination address to the bridging, or MAC address, table.
B. It floods the frame out all interfaces in all VLAN except the port from which the data originated.
C. It floods the frame out all interfaces in the same VLAN except the port from which the data originated.
D. It compares the destination IP address to the destination MAC address.
E. It compares the frame’s incoming interface to the source MAC entry in the MAC address table.
Correct Answer: C
Explanation
QUESTION 93
When switch receives a frame has destination unknown unicast address?
A. It forwards out all interfaces in the same VLAN except for the incoming interface.
B. It forwards the frame out the one interface identified by the matching entry in the MAC address table.
C. It compares the destination IP address to the destination MAC address.
D. It compares the frame’s incoming interface to the source MAC entry in the MAC address table.
Correct Answer: A
Explanation
QUESTION 94
Which of the following prompts indicates that the switch is currently in privileged mode?
A. Switch(config)#
B. Switch>
C. Switch#
D. Switch(config-if)#
Correct Answer: C
Explanation
QUESTION 95
What will the switch do if a frame with a destination MAC address of 000a.f467.63b1 is received on Fa0/4?
(Choose all that apply.)
A. Drop the frame.
B. Send the frame out of Fa0/3.
C. Send the frame out of Fa0/4.
D. Send the frame out of Fa0/5.
E. Send the frame out of Fa0/6.
Correct Answer: BDE

Explanation
QUESTION 96
On which interface have you configured an IP address for a switch?
A. int fa0/0
B. int vty 0 15
C. int vlan 1
D. int s/0/0
Correct Answer: C
Explanation
QUESTION 97
In the LAN for a small office, some user devices connect to the LAN using a cable, while others connect using
wireless technology (and no cable).
Which of the following is true regarding the use of Ethernet in this LAN?
A. Only the devices that use cables are using Ethernet.

B. Only the devices that use wireless are using Ethernet.
C. Both the devices using cables and those using wireless are using Ethernet.
D. None of the devices are using Ethernet.
Correct Answer: A
Explanation
QUESTION 98
A Cisco Catalyst switch has 24 10/100 ports, numbered 0/1 through 0/24. 10 PCs connect to the 10 lowest
numbered ports, with those PCs working and sending data
over the network. The other ports are not connected to any device.
Which of the following answers lists facts displayed by the show interfaces status command?
A. Port Ethernet 0/1 is in a connected state.

B. Port Fast Ethernet 0/11 is in a connected state.
C. Port Fast Ethernet 0/5 is in a connected state.
D. Port Ethernet 0/15 is in a notconnected state.
Correct Answer: C
Explanation
QUESTION 99
Consider the following output from a Cisco Catalyst switch:
SW1# show mac address-table dynamic
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 02AA.AAAA.AAAA DYNAMIC Gi0/1
1 02BB.BBBB.BBBB DYNAMIC Gi0/2
1 02CC.CCCC.CCCC DYNAMIC Gi0/3
Total Mac Addresses for this criterion: 3
Which of the following answers is true about this switch?
A. The output proves that port Gi0/2 connects directly to a device that uses address 02BB.BBBB.BBBB.
B. The switch has learned three MAC addresses since the switch powered on.
C. The three listed MAC addresses were learned based on the destination MAC address of frames forwarded
by the switch.
D. 02CC.CCCC.CCCC was learned from the source MAC address of a frame that entered port Gi0/3.
Correct Answer: D
Explanation
QUESTION 100
What aren't three benefits of VLANs?
A. They increase the size of collision domains.

B. They allow logical grouping of users by function.
C. They can enhance network security.
D. They increase the size of broadcast domains while decreasing the number of collision domains.
E. They increase the number of broadcast domains while decreasing the size of the broadcast domains.
F. They simplify switch administration.
Correct Answer: ADF

Section: VLAN, Trunking, VTP
Explanation
QUESTION 101
Which IEEE standard protocol is initiated as a result of successful Dynamic Trunking Protocol completion in a
switch over Fast Ethernet?
A. 802.3ad
B. 802.1w
C. 802.1D
D. 802.1q
Correct Answer: D
Explanation
QUESTION 102
Which answer about VLAN operation switches is true?
A. When a packet is received from an 802.1Q trunk, the VLAN ID can be determined from the source MAC
address and the MAC address table.
B. Unknown unicast frames are retransmitted only to the ports that belong to the same VLAN.
C. Broadcast and multicast frames are retransmitted to ports that are configured on different VLAN.
D. Ports between switches should be configured in access mode so that VLANs can span across the ports.
Correct Answer: B
Explanation
QUESTION 103
Switch SW1 use DTP mode auto parameter for trunking on its Fa0/5 interface, which is connected to switch
SW2. You have to configure switch SW2. Which of the following settings for trunking could allow trunking to
work?
A. access
B. dynamic auto
C. dynamic desirable
D. None of the other answers are correct.
Correct Answer: C
Explanation
QUESTION 104
For an 802.1Q trunk between two Ethernet switches, which answer most accurately defines which frames do
not include an 802.1Q header?
A. Frames in the native VLAN (only one)

B. Frames in extended VLANs
C. Frames in VLAN 1 (not configurable)
D. Frames in all native VLANs (multiple allowed)
Correct Answer: A
Explanation
QUESTION 105
F0/20 switch SW1 connected F0/22 switch SW2 used 802.1q trunk. On switch SW1, VLAN 100 is chosen as
native, but on switch SW2 the native VLAN is not specified. What will happen in this scenario?
A. 802.1Q giants frames could saturate the link.

B. VLAN 100 on switch SW1 and VLAN 1 on switch SW2 will send untagged frames.
C. A native VLAN mismatch error message will not appear.
D. VLAN 100 on switch SW1 and VLAN 1 on switch SW2 will send tagged frames.
Correct Answer: B
Explanation
QUESTION 106
Which commands about port trunk in the interface FastEthernet0/1?
A. The ports only need to be connected by a straight-over cable.

B. SwitchX(config)# interface fastethernet 0/1
SwitchX(config-if)# switchport mode trunk
C. SwitchX(config)# interface fastethernet 0/1
SwitchX(config-if)# switchport mode access
SwitchX(config-if)# switchport access vlan 1
D. SwitchX(config)# interface fastethernet 0/1
SwitchX(config-if)# switchport mode trunk
SwitchX(config-if)# switchport trunk vlan 1
Correct Answer: B
Explanation
IN order for multiple VLANs to cross switches, the connection between the switches must be a trunk. The
"switchport mode trunk" command is all that is needed, the individual VLANs should not be listed over that
trunk interface.
QUESTION 107
Which two different encapsulation types for trunks? (Choose two.)
A. VTP
B. 802.1q
C. IGP
D. ISL
E. 802.3u
F. 802.3p
Correct Answer: BD
Explanation
Cisco switches can use two different encapsulation types for trunks, the industry standard 802.1q or the Cisco
proprietary ISL. Generally, most network engineers prefer to use 802.1q since it is standards based and will
interoperate with other vendors.
QUESTION 108
Switch SW1 sends a frame to switch SW2 using 802.1Q trunking. Which of the answers describes how SW1
changes or adds to the Ethernet frame before forwarding the frame to SW2?
A. Inserts a 4-byte header and does change the MAC addresses

B. Inserts a 4-byte header and does not change the MAC addresses
C. Encapsulates the original frame behind an entirely-new Ethernet header
D. None of the other answers are correct
Correct Answer: B
Explanation
QUESTION 109
A frame on VLAN 1 on switch S1 is sent to switch S2 where the frame is received on VLAN 2.
What causes this behavior?
A. trunk mode mismatches

B. allowing only VLAN 2 on the destination
C. native VLAN mismatches
D. VLANs that do not correspond to a unique IP subnet
Correct Answer: C
Explanation
QUESTION 110
Hosts connected to switch AS1 can't communicate with hosts in the same VLAN connected to switch AS2.
What is the most likely problem?
A. The access link needs to be configured in multiple VLANs.

B. The link between the switches is configured in the wrong VLAN.
C. The link between the switches needs to be configured as a trunk.
D. Switch IP addresses must be configured in order for traffic to be forwarded between the switches.
E. VTP is not configured to carry VLAN information between the switches.
Correct Answer: C
Explanation
In order to pass traffic from VLANs on different switches, the connections between the switches must be
configured as trunk ports.
QUESTION 111
Which command used to verify a trunk link on switch interface?
A. show interface trunk

B. show interface interface
C. show ip interface brief
D. show interface vlan
E. show interface trunk brief
Correct Answer: A
Explanation
Example output from these two commands:
SW3#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/19 auto n-802.1q trunking 1
Port Vlans allowed on trunk
Fa0/19 1-4094
Fa0/20 1-4094
Fa0/21 1-4094
Fa0/22 1-4094
SW1#show interface fast 0/2 switchport

Name: Fa0/2
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of TrunkinG. On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
QUESTION 112
Imagine a switch with three configured VLANs. How many IP subnets are required, assuming that all hosts in
all VLANs want to use TCP/IP?
A. 4
B. 1
C. 2
D. 3
E. You can’t tell from the information provided.
Correct Answer: D
Explanation
QUESTION 113
In a LAN, which of the following terms best equates to the term VLAN?
A. Collision domain
B. Broadcast domain
C. Subnet
D. Single switch
E. Trunk
Correct Answer: B
Explanation
QUESTION 114
Select three benefits of VLANs?
A. A higher level of network security can be reached by separating sensitive data traffic from other network
traffic.
B. A more efficient use of bandwidth can be achieved allowing many physical groups to use the same
network infrastructure.
C. A more efficient use of bandwidth can be achieved allowing many logical networks to use the same
network infrastructure.
D. Broadcast storms can be mitigated by increasing the number of broadcast domains, thus reducing their
size.
E. Broadcast storms can be mitigated by decreasing the number of broadcast domains, thus increasing their
size.
F. VLANs make it easier for IT staff to configure new logical groups, because the VLANs all belong to the
same broadcast domain.
G. Port-based VLANs increase switch-port use efficiency, thanks to 802.1Q trunks.
Correct Answer: ACD

Explanation
Benefits of VLANs
VLAN is a network structure which allows users to communicate while in different locations by sharing one
multicast domain and a single broadcast. They provide numerous networking benefits and have become
popular in the market. For instance, it helps reduce administrative costs when users are geographically
dispersed.
1. Inexpensive
The popularity of VLANs is due to the fact that changes, adds, and moves can be attained simply by making
necessary configurations on the VLAN port. Time-consuming, re-addressing, and host reconfigurations is now
a thing of the past, because network configuration can be made at ease when need arises.
2. Better management
A VLAN typically solve the scalability issues that exist in a large network by breaking the main domain into
several VLAN groups or smaller broadcast configurations, thereby encourage better control of multicast traffic
as well as broadcast domains.
3. Improves network security
High-security can be positioned in different VLAN groups to ensure that non-members cannot receive their
broadcasts. On the other hand, a router is added and workgroups relocated into centralized locations.
4. Enhances performance
A more efficient use of bandwidth can be achieved allowing many logical networks to use the same network
infrastructure.
5. Segment multiple networks
VLANs are typically used to achieve multiple purposes. They are popularly used to reduce broadcast traffic.
Each VLAN creates a separate, smaller broadcast domain.
6. Better administration
VLANs facilitate grouping of multiple geographical stations. When VLAN users move to another physical
location, the network does not have to be configured.
QUESTION 115
What happen if we set switchport trunk native vlan 2 on a switch?
A. It creates a VLAN 2 interface.

B. It designates VLAN 2 for untagged frames.
C. It blocks VLAN 2 traffic from passing on the trunk.
D. It designates VLAN 2 as the default for all unknown tagged traffic.
E. It designates VLAN 2 for tagged traffic.
Correct Answer: B
Explanation
Configuring the Native VLAN for Untagged Traffic
A trunk port configured with 802.1Q tagging can receive both tagged and untagged traffic. By default, the
switch forwards untagged traffic in the native VLAN configured for the port. The native VLAN is VLAN 1 by
default.
QUESTION 116
In a switched environment, what does the ISL standard describe?
A. the operation of VTP

B. a method of VLAN trunking
C. an approach to wireless LAN communication
D. the process for root bridge selection
E. VLAN pruning
Correct Answer: B
Explanation
A broadcast domain must sometimes exist on more than one switch in the network. To accomplish this, one
switch must send frames to another switch and indicate which VLAN a particular frame belongs to. On Cisco
switches, a trunk link is created to accomplish this VLAN identification. ISL and IEEE 802.1Q are different
methods of putting a VLAN identifier in a Layer 2 frame.
The IEEE 802.1Q protocol interconnects VLANs between multiple switches, routers, and servers. With
802.1Q, a network administrator can define a VLAN topology to span multiple physical devices.
Cisco switches support IEEE 802.1Q for FastEthernet and Gigabit Ethernet interfaces. An 802.1Q trunk link
provides VLAN identification by adding a 4-byte tag to an Ethernet Frame as it leaves a trunk port.
QUESTION 117
Which of the following commands identify switch interfaces as being trunking interfaces: interfaces that
currently operate as VLAN trunks? (Choose two answers.)
A. show interfaces
B. show interfaces switchport
C. show interfaces trunk
D. show trunks
Correct Answer: BC
Explanation
QUESTION 118
VLAN 20 is not created and what happens if you set the switchport access vlan 20?
A. The command is rejected.

B. The port turns amber.
C. The command is accepted and the respective VLAN is added to vlan.dat.
D. The command is accepted and you must configure the VLAN manually.
Correct Answer: C
Explanation
The "switchport access vlan 20" will put that interface as belonging to VLAN 20 while also updated the VLAN
database automatically to include VLAN 20.
QUESTION 119
Based on the output shown, why switch port does not trunk to another switch?
A. VLANs have not been created yet.

B. An IP address must be configured for the port.
C. The port is currently configured for access mode.
D. The correct encapsulation type has not been configured.
E. The "no shutdown" command has not been entered for the port.
Correct Answer: C
Explanation
According to the output shown the switchport (layer 2 Switching) is enabled and the port is in access mode. To
make a trunk link the port should configured as a trunk port, not an access port, by using the following
command: (Config-if)#switchport mode trunk
QUESTION 120
Which statement is true regarding 802.1q frame tagging?
A. 802.1q adds a 26-byte trailer and 4-byte header.

B. The native VLAN frames are untagged.
C. The original Ethernet frame is not modified.
D. 802.1q only works with Cisco switches.
Correct Answer: B
Explanation
QUESTION 121
What is the purpose of frame tagging in virtual LAN (VLAN) configurations?
A. Inter-VLAN routing
B. Encryption of network packets
C. Frame identification over trunk links
D. Frame identification over access links
Correct Answer: C
Explanation
QUESTION 122
In the diagram, how must the port on each end of the line be configured to carry traffic between the two hosts
in the Sales VLAN?
A. Access port
B. 10 GB
C. Trunk
D. Spanning
Correct Answer: C
Explanation
QUESTION 123
What is true of the output shown below?
A. Interface F0/16 can be a trunk port.
B. Interface F0/17 is an access port.
C. Interface F0/21 is a trunk port.
D. VLAN 1 was populated manually.
Correct Answer: A
Explanation
QUESTION 124
A switch is configured with all ports assigned to vlan 2 with full duplex FastEthernet to segment existing
departmental traffic. What is the effect of adding switch ports to a new VLAN on the switch?
A. More collision domains will be created.

B. IP address utilization will be more efficient.
C. More bandwidth will be required than was needed previously.
D. An additional broadcast domain will be created.
Correct Answer: D
Explanation
QUESTION 125
Which mode is compatible with Trunk, Access, and Desirable ports? (Choose two)
A. Trunk Ports
B. Access Ports
C. Dynamic Auto
D. Dynamic Desirable
Correct Answer: CD
Explanation
QUESTION 126
Which of the following statements is true with regard to ISL and 802.1q?
A. 802.1q encapsulates the frame with control information; ISL inserts an ISL field along with tag control
information.
B. 802.1q is Cisco proprietary.
C. ISL encapsulates the frame with control information; 802.1q inserts an 802.1q field along with tag control
information.
D. ISL is a standard.
Correct Answer: C
Explanation
QUESTION 127
Which vlan range can be added modified and removed on a Cisco switch by default?
A. 2 through 1001
B. 1 through 1001
C. 1 through 1002
D. 2 through 1005
Correct Answer: A
Explanation
QUESTION 128
Layer 2 switches SW1 and SW2 connect through a link, with port G0/1 on SW1 and port G0/2 on SW2. The
network engineer wants to use 802.1Q trunking on this link. The show interfaces g0/1 switchport command on
SW1 shows the output listed here:
SW1# show interfaces g0/1 switchport

Name: Gi0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Which of the following must be true on switch SW2’s G0/2 port?
A. The operational state per the show interfaces switchport command must be “trunk.”
B. The administrative state per the show interfaces switchport command must be “trunk.”
C. SW2 must use the switchport mode trunk configuration command on G0/2, or the link will not use trunking.
D. SW2 can use the switchport mode dynamic auto configuration command as one option to make the link
use trunking.
Correct Answer: D
Section: Troubleshooting Ethernet LANs
Explanation
QUESTION 129
On a Cisco Catalyst switch, you issue a show mac address-table command. Which of the following answers
list information you would likely see in most lines of output? (Choose three answers.)
A. A MAC address
B. An IP address
C. A VLAN ID
D. Type (broadcast, multicast, or unicast)
E. Ports
F. Operational Mode
Correct Answer: ACE

Explanation
QUESTION 130
Switch SW1 uses its Gigabit 0/1 interface to connect to switch SW2’s Gigabit 0/2 interface. SW2’s Gi0/2
interface is configured with the speed 100 and duplex full commands. SW1 uses all defaults for interface
configuration commands on its Gi0/1 interface. Which of the following are true about the link after it comes
up? (Choose two answers.)
A. The link works at 100 Mbps.

B. SW1 attempts to run at 10 Mbps because SW2 has effectively disabled IEEE standard autonegotiation.
C. The link runs at 1 Gbps, but SW1 uses half-duplex and SW2 uses full-duplex.
D. Both switches use full-duplex.
E. Both switches use half-duplex.
Correct Answer: AD
Explanation
QUESTION 131
Interface Fa0/22 in a “disabled” state on Switch. Which of the following is false about interface Fa0/22?
(Choose two answers.)
A. The interface is configured with the shutdown command.

B. The show interfaces fa0/22 command will list the interface with two status codes of administratively down
and line protocol down.
C. The show interfaces fa0/22 command will list the interface with two status codes of up and up.
D. The interface cannot currently be used to forward frames.
E. The interface can currently be used to forward frames.
Correct Answer: CE
Explanation
QUESTION 132
Switch SW1 connects through an Ethernet cable to a router VnPro. Which commands could tell you
information about the IOS version on VnPro without Telnet, SSH?
A. show neighbors VnPro

B. show cdp
C. show cdp neighbors
D. show cdp neighbors VnPro
E. show cdp neighbors detail
Correct Answer: E
Explanation
QUESTION 133
A VLAN was created on another non-Cisco switch. You look at the current VLAN database, but the VLAN is
not in the VLAN database. What must be done to correct the issue?
A. Set the correct trunking protocol between the switches.

B. Create the VLAN manually.
C. Configure VTP on both switches.
D. Assign the VLAN to an interface on the other switch.
Correct Answer: B
Explanation
You must manually configure the VLAN on the Cisco switch(s). VTP is a protocol that allows for VLAN
autoconfiguration in the VLAN database. However, only Cisco switches support it.
QUESTION 134
You have configured the network in the following exhibit. Switch A is performing routing functionality via an
SVI. You can ping between Computer A and Computer C but cannot ping Computer F. However, Computer F
can ping Computers D and E. What is wrong?
A. The VLANs require VTP to be configured.
B. The interfaces are administratively shut down by default and need to be enabled via a no shutdown.
C. Switch B needs to provide routing as well via the SVI.
D. The link between Switch A and Switch B needs to be a trunk.
E. The VLANs must be enabled via the command no shutdown.
Correct Answer: D
Explanation
Only one switch in the network needs to provide routing functionality. Since Computers A and C can ping each
other, the SVI is configured properly for routing. The most probable cause is that a trunk does not exist
between the switches.
QUESTION 135
You attempt to configure a VLAN on a switch of VLAN 2017. When you finish configuring the VLAN and exit
the VLAN database, you receive the error “% Failed to create VLANS 2017.” What is wrong?
A. The VLAN database is too large and out of space.

B. The VLAN database cannot be configured for VLAN 2017.
C. The VTP mode must be transparent to configure VLAN 2017.
D. The VLAN must be configured on an interface first.
E. The VLAN is used on interfaces already.
Correct Answer: C
Explanation
One of the prerequisites for configuring extended VLANs is that the VTP mode must be transparent.
QUESTION 136
You are trying to configure a trunk port on an interface for 802.1Q encapsulation. However, after entering the
proper command, you receive the error "% Invalid input detected at '^' marker". What is wrong?
A. 802.1Q is not supported on the switch you are configuring this on.
B. The interface will not allow configuration of 802.1Q.
C. The switch only supports the ISL trunking protocol.
D. The switch only supports the 802.1Q trunking protocol.
Correct Answer: D
Explanation
This error is very common when configuring Cisco switches, since many switches only support 802.1Q and
configuration is not necessary. The ISL trunking protocol is not supported on certain platforms, such as the
2900 series switches.
QUESTION 137
You have connected a Dell switch to the Cisco switch you are configuring and you cannot get a trunk between
the two. What must be changed?
A. The Dell switch must be configured to use ISL.

B. The Cisco switch must be configured to use 802.1Q.
C. Both switches need to have duplicated VLAN configurations.
D. VTP needs to be configured on each of the switches.
Correct Answer: B
Explanation
Since the Dell switch cannot support the proprietary protocol of ISL, both switches need to be set up to use
802.1Q.
QUESTION 138
Refer to the topology shown in the exhibit.
Which ports will be STP alternate ports if all the links are operating at the same bandwidth?
A. Switch A - Fa0/0
B. Switch A - Fa0/1
C. Switch B - Fa0/0
D. Switch B - Fa0/1
E. Switch C - Fa0/0
F. Switch C - Fa0/1
Correct Answer: C
Section: Spanning Tree Protocol
Explanation
This question is to check the spanning tree election problem.
1. First, select the root bridge, which can be accomplished by comparing the bridge ID, the smallest will be
selected. Bridge-id= bridge priority + MAC address. The three switches in the figure all have the default
priority, so we should compare the MAC address, it is easy to find that SwitchB is the root bridge.
2. Select the root port on the non-root bridge, which can be completed through comparing root path cost. The
smallest will be selected as the root port.
3. Next, select the Designated Port. First, compare the path cost, if the costs happen to be the same, then
compare the BID, still the smallest will be selected. Each link has a DP. Based on the exhibit above, we can
find DP on each link. The DP on the link between SwitchA and SwitchC is SwitchA'Fa0/1, because it has the
smallest MAC address.
QUESTION 139
Each of these four switches has been configured with a hostname, as well as being configured to run STP. No
other configuration changes have been made. Which three of these show the correct STP port roles for the
indicated switches and interfaces? (Choose three)
A. SwitchA, Fa0/2, root

B. SwitchA, Fa0/1, designated
C. SwitchB, Gi0/2, root
D. SwitchB, Gi0/1, designated
E. SwitchC, Fa0/2, root
F. SwitchD, Gi0/2, designated
Correct Answer: AEF

Explanation
The question says "no other configuration changes have been made" so we can understand these switches
have the same bridge priority. Switch C has lowest MAC address so it will become root bridge and 2 of its
ports (Fa0/1 & Fa0/2) will be designated ports. Because SwitchC is the root bridge so the 2 ports nearest
SwitchC on SwitchA (Fa0/1) and SwitchD (Gi0/2) will be root ports..
Now we come to the most difficult part of this question: SwitchB must have a root port so which port will it
choose? To answer this question we need to know about STP cost and port cost. In general, "cost" is
calculated based on bandwidth of the link. The higher the bandwidth on a link, the lower the value of its cost.
Below are the cost values you should memorize:
SwitchB will choose the interface with lower cost to the root bridge as the root port so we must calculate the
cost on interface Gi0/1 & Gi0/2 of SwitchB to the root bridge. This can be calculated from the "cost to the root
bridge" of each switch because a switch always advertises its cost to the root bridge in its BPDU. The
receiving switch will add its local port cost value to the cost in the BPDU.
One more thing to notice is that a root bridge always advertises the cost to the root bridge (itself) with an initial
value of 0.
Now let's have a look at the topology again
SwitchC advertises its cost to the root bridge with a value of 0. Switch D adds 4 (the cost value of 1Gbps link)
and advertises this value (4) to SwitchB. SwitchB adds another 4 and learns that it can reach SwitchC via
Gi0/1 port with a total cost of 8. The same process happens for SwitchA and SwitchB learns that it can reach
SwitchC via Gi0/2 with a total cost of 23 -> Switch B chooses Gi0/1 as its root port ->
Now our last task is to identify the port roles of the ports between SwitchA & SwitchB. It is rather easy as the
MAC address of SwitchA is lower than that of SwitchB so Fa0/2 of SwitchA will be designated port while Gi0/2
of SwitchB will be alternative port.
Below summaries all the port roles of these switches:
+ DP: Designated Port (forwarding state)

+ RP: Root Port (forwarding state)
+ AP: Alternative Port (blocking state)
QUESTION 140
Which protocols are used by switches to prevent loops in a data link layer? (Choose two answers)
A. 802.1D
B. VTP
C. 802.1Q
D. STP
E. SAP
Correct Answer: AD
Explanation
This question is to examine the STP protocol.
STP (802.1d) is used to prevent Layer 2 loops.
802.1q is a Frame Relay protocol which belongs to VLAN.
SAP is a concept of the OSI model.
QUESTION 141
Which statement is false?
A. The Fa0/11 role confirms that SwitchA is not the root bridge for VLAN 20.
B. Priority of Swich A is 28692 for VLAN 20.
C. The MAC address of the root bridge is 0017.596d.1580.
D. SwitchA is not the root bridge, because not all of the interface roles are designated.
Correct Answer: C
Explanation
Only non-root bridge can have root port. Fa0/11 is the root port so we can confirm this switch is not the root
bridge ->
From the output we learn this switch is running Rapid STP, not PVST -> 0017.596d.1580 is the MAC address
of this switch, not of the root bridge. The MAC address of the root bridge is 0017.596d.2a00 ->
All of the interface roles of the root bridge are designated. SwitchA has one Root port and 1 Alternative port so
it is not the root bridge.
QUESTION 142
What isn't two values use to select root port in STP?
A. path cost
B. lowest Sender Brigde ID
C. VTP revision number
D. highest sender port priority number
E. lowest sender port priority number
Correct Answer: CD
Explanation
The path cost to the root bridge is the most important value to determine which port will become the root port
on each non-root switch. In particular, the port with lowest cost to the root bridge will become root port (on
non-root switch).
QUESTION 143
Why has this switch not been selected the root bridge for VLAN1?
A. It has more than one interface that is connected to the root network segment.
B. It is running RSTP while the elected root bridge is running 802.1d spanning tree.
C. It has a higher MAC address than the elected root bridge.
D. It has a higher bridge ID than the elected root bridge.
Correct Answer: D
Explanation
The root bridge is determined by the lowest bridge ID, and this switch has a bridge ID priority of 32768, which
is higher than the roots priority of 20481.
QUESTION 144
Which switch would STP choose to become the root bridge in the selection process?
A. 32768: 11-22-33-44-55-66
B. 32768: 22-33-44-55-66-77
C. 32768: 10-22-33-44-55-65
D. 32768: 10-11-44-55-66-78
Correct Answer: D
Explanation
The root bridge of the spanning tree is the bridge with the smallest (lowest) bridge ID. Each bridge has a
configurable priority number and a MAC Address; the bridge ID contains both numbers combined together -
Bridge priority + MAC (32768.0200.0000.1111). The Bridge priority default is 32768 and can only be
configured in multiples of 4096(Spanning tree uses the 12 bits extended system ID). To compare two bridge
IDs, the priority is compared first, as if looking at a real number anything less than 32768...will become the
target of being the root. If two bridges have equal priority then the MAC addresses are compared; for
example, if switches A (MAC=0200.0000.1111) and B (MAC=0200.0000.2222) both have a priority of 32768
then switch A will be selected as the root bridge.
In this case, 32768: 11-22-33-44-55-66 would be the bridge because it has a lower priority and MAC address.
QUESTION 145
Which access layer switch port is Blocking state by STP? (Choose two)
A. Switch3, port fa0/1

B. Switch3, port fa0/12
C. Switch4, port fa0/11
D. Switch4, port fa0/2
E. Switch3, port Gi0/1
F. Switch3, port Gi0/2
Correct Answer: CF
Explanation
In this question, we only care about the Access Layer switches (Switch3 & 4). Switch 3 has a lower bridge ID
than Switch 4 (because the MAC of Switch3 is smaller than that of Switch4) so both ports of Switch3 will be in
forwarding state. The alternative port will surely belong to Switch4.
Switch4 will need to block one of its ports to avoid a bridging loop between the two switches. But how does
Switch4 select its blocked port? Well, the answer is based on the BPDUs it receives from Switch3. A BPDU is
superior to another if it has:
1. A lower Root Bridge ID

2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
These four parameters are examined in order. In this specific case, all the BPDUs sent by Switch3 have the
same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only parameter
left to select the best one is the Sending Port ID (Port ID = port priority + port index). In this case the port
priorities are equal because they use the default value, so Switch4 will compare port index values, which are
unique to each port on the switch, and because Fa0/12 is inferior to Fa0/1, Switch4 will select the port
connected with Fa0/1 (of Switch3) as its root port and block the other port -> Port fa0/11 of Switch4 will be
blocked (discarding role).
QUESTION 146
Which switch is elected as the root bridge for the STP?
A. the switch with the highest MAC address

B. the switch with the lowest MAC address
C. the switch with the highest IP address
D. the switch with the lowest IP address
Correct Answer: B
Explanation
Each switch in your network will have a Bridge ID Priority value, more commonly referred to as a BID. This
BID is a combination of a default priority value and the switch's MAC address, with the priority value listed
first. The lowest BID will win the election process.
For example, if a Cisco switch has the default priority value of 32,768 and a MAC address of 11- 22-33-44-55-
66, the BID would be 32768:11-22-33-44-55-66. Therefore, if the switch priority is left at the default, the MAC
address is the deciding factor in the root bridge election.
QUESTION 147
How does STP assign port types?
A. According to port MAC address, bridge ID, and port-id
B. According to port bootup order, port MAC address, and bridge ID
C. According to STP path cost, bridge ID, and port-id
D. According to STP path cost, port number, and MAC address
Correct Answer: C
Explanation
QUESTION 148
Which if the following is not an issue addressed by STP?
A. Broadcast storms
B. Gateway redundancy
C. A device receiving multiple copies of the same frame
D. Constant updating of the MAC filter table
Correct Answer: B
Explanation
QUESTION 149
What issue that arises when redundancy exists between switches?
A. Broadcast storm
B. Routing loop
C. Port violation
D. Loss of gateway
Correct Answer: A
Explanation
QUESTION 150
In the following exhibit, which switch interfaces will become root ports?
A. Switch B Fa0/2 and Switch B Fa0/3

B. Switch A Fa0/0 and Switch C Fa0/4
C. Switch A Fa0/0 and Switch B Fa0/3
D. Switch C Fa0/4 and Switch C Fa0/5
E. Switch A Fa0/1 and Switch B Fa0/3
Correct Answer: B
Explanation
QUESTION 151
In the following exhibit, which switch interface will become a alternate port?
A. Switch A Fa0/0
B. Switch A Fa0/1
C. Switch C Fa0/4
D. Switch C Fa0/5
E. Switch B Fa0/3
F. Switch B Fa0/2
Correct Answer: D
Explanation
QUESTION 152
In the following exhibit, you are running STP. Which switch interfaces will become root ports?
A. Switch A Gi0/0, Switch A Gi0/3
B. Switch B Gi0/4, Switch C Gi0/6
C. Switch B Gi0/4, Switch A Gi0/0, Switch D Gi0/8
D. Switch B Gi0/4, Switch C Gi0/6, Switch D Gi0/10
E. Switch B Gi0/4, Switch C Gi0/6, Switch D Gi0/8
Correct Answer: C
Explanation
QUESTION 153
Which two states are the port states when RSTP has converged?(choose two)
A. blocking
B. learning
C. discarding
D. forwarding
E. listening
Correct Answer: CD
Explanation
QUESTION 154
Refer to the exhibit, how much is the cost from Switch C to root Switch after STP has converged??
A. 8
B. 19
C. 23
D. 38
Correct Answer: C
Explanation
QUESTION 155
The RND company needs to connect to five VLANs but have only one Router with two interfaces. Using the
fewest physical interfaces and without decreasing network performance?
A. Use a hub to connect the four VLANS with a Fast Ethernet interface on the router.
B. Add a second router to handle the VLAN traffic.
C. Add two more Fast Ethernet interfaces.
D. Implement a router-on-a-stick configuration.
Correct Answer: D
Section: InterVlan Routing
Explanation
A router on a stick allows you to use sub-interfaces to create multiple logical networks on a single physical
interface.
QUESTION 156
What conclusions can be made about this design?
A. This design will function as intended.

B. Spanning-tree will need to be used.
C. The router will not accept the addressing scheme.
D. The connection between switches should be a trunk.
E. The router interfaces must be encapsulated with the 802.1Q protocol.
Correct Answer: C
Explanation
QUESTION 157
Select two answers: Which statements are true about interVLAN routing in the topology that is shown in the
exhibit?
A. Host E and host F use the same IP gateway address.

B. Router1 and Switch2 should be connected via a crossover cable.
C. Router1 will not play a role in communications between host A and host D.
D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.
E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.
F. The FastEthernet 0/0 interface on Router1 and the FastEthernet 0/1 interface on Switch2 trunk ports must
be configured using the same encapsulation type.
Correct Answer: DF
Explanation
In order for multiple VLANs to connect to a single physical interface on a Cisco router, subinterfaces must be
used, one for each VLAN. This is known as the router on a stick configuration. Also, for any trunk to be
formed, both ends of the trunk must agree on the encapsulation type, so each one must be configured for
802.1q or ISL.
QUESTION 158
The network shown in the diagram is experiencing connectivity problems. Which of the following will correct
the problems? (Choose two.)
A. Configure the gateway on Host A as 10.1.10.254.

B. Configure the gateway on Host B as 10.1.20.254.
C. Configure the IP address of Host A as 10.1.10.126.
D. Configure the IP address of Host B as 10.1.20.2.
E. Configure the masks on both hosts to be 255.255.255.224.
F. Configure the masks on both hosts to be 255.255.255.240.
Correct Answer: AC
Explanation
The switch 1 is configured with two VLANs: VLAN1 and VLAN2.
The IP information of member Host A in VLAN1 is as follows:
Address : 10.1.1.126
Mask : 255.255.255.0
Gateway : 10.1.1.254
The IP information of member Host B in VLAN2 is as follows:
Address : 10.1.1.12
Mask : 255.255.255.0
Gateway : 10.1.1.254
The configuration of sub-interface on router 2 is as follows:
Fa0/0.1 -- 10.1.1.254/24 VLAN1
Fa0/0.2 -- 10.1.2.254/24 VLAN2
It is obvious that the configurations of the gateways of members in VLAN2 and the associated network
segments are wrong. The layer3 addressing information of Host B should be modified as follows:
Address : 10.1.2.X
Mask : 255.255.255.0
QUESTION 159
Select three elements must be used when you configure a router interface for VLAN trunking?
A. one physical interface for each subinterface

B. one IP network or subnetwork for each subinterface
C. a management domain for each subinterface
D. subinterface encapsulation identifiers that match VLAN tags
E. one subinterface per VLAN
F. subinterface numbering that matches VLAN tags
Correct Answer: BDE

Explanation
QUESTION 160
What concept is depicted in the diagram?
A. Multiprotocol routing
B. Passive interface
C. Gateway redundancy
D. Router on a stick
Correct Answer: D
Explanation
QUESTION 161
In the configuration and diagram shown, what command is missing to enable interVLAN routing between
VLAN 2 and VLAN 3?
A. encapsulation dot1q 3 under int f0/0.2

B. encapsulation dot1q 2 under int f0/0.2
C. no shutdown under int f0/0.2
D. no shutdown under int f0/0.3
Correct Answer: B
Explanation
QUESTION 162
What statement is true?
Sw1(config)#ip routing
Sw1(config)#int vlan 10
Sw1(config-if)#ip address 192.168.10.1 255.255.255.0
Sw1(config)#int vlan 20
Sw1(config-if)#ip address 192.168.20.1 255.255.255.0
A. Configuring Inter-VLAN Routing Through an SVI.

B. The two VLANs are in the same subnet.
C. Encapsulation must be configured.
D. VLAN 10 is the management VLAN.
Correct Answer: A
Explanation
QUESTION 163
What should be the default gateway address of Host C?
A. 192.168.10.1
B. 192.168.1.65
C. 192.168.1.129
D. 192.168.1.2
Correct Answer: C
Explanation
QUESTION 164
Which two steps must you perform to enbale router-on-stick on a switch? (choose two)
A. connect the router to a trunk port

B. config the sub interface number exactly the same as the matching VLAN
C. config full duplex
D. cofigure an ip route to the vlan destination network
E. assign the access port to the vlan
Correct Answer: AE
Explanation
QUESTION 165
Based on the configuration shown below, what statement is true?
2960(config)#ip routing
2960(config)#int vlan 10
2960(config-if)#ip address 192.168.10.1 255.255.255.0
2960(config-if)#int vlan 20
2960(config-if)#ip address 192.168.20.1 255.255.255.0
A. This is a multilayer switch.

B. There are only two VLANs.
C. Encapsulation must be configured.
D. VLAN 10 is the management VLAN.
Correct Answer: A
Explanation
QUESTION 166
Switch Virtual Interface provide which function?
A. OSI Layer 2 connectivity to switches

B. remote switch administration
C. traffic routing for VLANs
D. OSI Layer 3 connectivity to switches
Correct Answer: C
Explanation
QUESTION 167
Which case the Network administrator must enable Router on a Stick?
A. When a router have multiple subnets on a single physical link.
B. When a router have single subnet on multiple physical links.
C. When a router have multiple interface on single physical links.
D. When a router have single interface on multiple physical links.
Correct Answer: A
Explanation
QUESTION 168
Select and Place:
Correct Answer:
Section: ARP
Explanation
QUESTION 169
Select and Place:

Correct Answer:
Section: ARP
Explanation
QUESTION 170
Refer to the graphic.
Select the best answer: PC2 ping to PC3 successful, using layer 2 switch. What is the source MAC address of
the frames received by PC3?
A. the MAC address of router interface F0/0

B. the MAC address of switch interface F0/5
C. the MAC address of switch interface F0/7
D. the MAC address of PC2
E. the MAC address of PC3
Correct Answer: D
Section: ARP
Explanation
QUESTION 171
Select the best answer: PC1 ping to PC3 successful, using layer 2 switch. What is the destination MAC
address of the frames received by PC3?
A. the MAC address of router interface F0/0

B. the MAC address of switch interface F0/3
C. the MAC address of switch interface F0/7
D. the MAC address of PC2
E. the MAC address of PC3
Correct Answer: E
Section: ARP
Explanation
QUESTION 172
When a packet is routed across a network, the _______ in the packet changes at every hop while the ______
does not.
A. MAC address, IP address

B. IP address, MAC address
C. Port number, IP address
D. IP address, port number
Correct Answer: A
Section: ARP
Explanation
QUESTION 173
How does a DHCP server dynamically assign IP addresses to hosts?
A. Addresses are permanently assigned so that the host uses the same address at all times.
B. Addresses are assigned for a fixed period of time. At the end of the period, a new request for an address
must be made to renew the lease.
C. Addresses are leased to hosts. A host will usually periodically contacts the DHCP server to get another
address after the address it using expire.
D. Addresses are allocated after a negotiation between the server and the host to determine the length of the
agreement.
Correct Answer: B
Section: DHCP
Explanation
DHCP works in a client/server mode and operates like any other client/server relationship. When a PC
connects to a DHCP server, the server assigns or leases an IP address to that PC. The PC connects to the
network with that leased IP address until the lease expires. The host must contact the DHCP server
periodically to extend the lease. This lease mechanism ensures that hosts that move or power off do not hold
onto addresses that they do not need. The DHCP server returns these addresses to the address pool and
reallocates them as necessary.
QUESTION 174
Which three tasks does the Dynamic Host Configuration Protocol perform?
A. Provide the default gateway to be used by the hosts on the network.

B. Perform host discovery used DHCPDISCOVER message.
C. Provide IP addresses and subnet mask to be used by the hosts on the network.
D. Provide an easy management of layer 3 devices.
E. Monitor IP performance using the DHCP server.
F. Assign and renew IP address from the pool.
Correct Answer: ACF

Section: DHCP
Explanation
The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to configure devices that are
connected to a network (known as hosts) so they can communicate on that network using the Internet Protocol
(IP). It involves clients and a server operating in a client- server model. DHCP servers assigns IP addresses
from a pool of addresses and also assigns other parameters such as DNS and default gateways to hosts.
QUESTION 175
What command configures a Cisco device as a DHCP client?
A. ip address auto
B. ip address dhcp
C. ip address learn
D. ip address dynamic
Correct Answer: B
Section: DHCP
Explanation
ip address dhcp, used in interface configuration mode, sets the Cisco device as a DHCP client
QUESTION 176
What is the third step of the four steps of the DHCP process?
A. Acknowledgement
B. Request
C. Offer
D. Discover
Correct Answer: B
Section: DHCP
Explanation
QUESTION 177
What is the purpose of the DHCP server?
A. to provide storage for email

B. to translate URLs to IP addresses
C. to translate IPv4 addresses to MAC addresses
D. to provide an IP configuration information to hosts
Correct Answer: D
Section: DHCP
Explanation
QUESTION 178
When a DHCP server is configured, which two IP addresses should never be assignable to hosts? (Choose
two answers.)
A. network or subnetwork IP address

B. broadcast address on the network
C. IP address leased to the LAN
D. IP address used by the interfaces
E. manually assigned address to the clients
F. designated IP address to the DHCP server
Correct Answer: AB
Section: DHCP
Explanation
QUESTION 179
Refer to the exhibit. The DHCP configuration that is shown is configured on a Cisco router. Which statement
is true?
ip dhcp pool net1
network 10.1.1.0 255.255.255.0
default-router 10.1.1.100
dns-server 10.1.1.254
!
ip dhcp pool net2
network 10.1.2.0 255.255.255.0
dns-server 10.1.2.254
default-router 10.1.2.200
A. The router will distribute IP addresses from pool net1 until its addresses are exhausted. Then the router
will begin distributing addresses from pool net2.
B. The router will choose which pool to use based upon the interface the DHCP request was received on.
C. The configuration is invalid because the DHCP options are global configuration commands.
D. The configuration is incomplete until the DHCP pools are bound to the appropriate interface or interfaces.
Correct Answer: B
Section: DHCP
Explanation
QUESTION 180
Layer 2 switch (SW2) connects a Layer 2 switch (SW1), SW1 connect to a router (R1), R1 is a DHCP server,
and three PCs (PC1, PC2, and PC3) connects to SW1 and SW2. All PCs are DHCP clients.
Which of the following are the most likely DHCP Snooping trust state configurations on SW2 for the ports
connected to the listed devices? (Choose two answers.)
A. The port connected to the router is untrusted.

B. The port connected to switch SW1 is trusted.
C. The port connected to PC1 is untrusted.
D. The port connected to PC3 is trusted.
Correct Answer: BC
Section: DHCP
Explanation
QUESTION 181
Router VnPro use dynamic routing protocol, which parameter would you tune to affect the selection of a static
route as a backup?
A. hop count
B. administrative distance
C. link bandwidth
D. link delay
E. link cost
Correct Answer: B
Section: Routing Overview and Static Route
Explanation
By default the administrative distance of a static route is 1, meaning it will be preferred over all dynamic
routing protocols. If you want to have the dynamic routing protocol used and have the static route be used
only as a backup, you need to increase the AD of the static route so that it is higher than the dynamic routing
protocol.
QUESTION 182
A static route to the 10.5.5.0/24 network is to be configured on the ILM router. Which commands will
accomplish this? (Choose two.)
A. ILM(config)# ip route 10.5.5.0 0.0.0.255 fa0/0

B. ILM(config)# ip route 10.5.5.0 0.0.0.255 10.5.4.6
C. ILM(config)# ip route 10.5.5.0 255.255.255.0 fa0/0
D. ILM(config)# ip route 10.5.5.0 255.255.255.0 10.5.4.5
E. ILM(config)# ip route 10.5.5.0 255.255.255.0 fa0/1
F. ILM(config)# ip route 10.5.4.6 255.255.255.0 10.5.6.0
Correct Answer: DE
Explanation
The simple syntax of static route:
ip route destination-network-address subnet-mask {next-hop-IP-address | exit-interface} + destination-network-
address: destination network address of the remote network + subnet mask: subnet mask of the destination
network
+ next-hop-IP-address: the IP address of the receiving interface on the next-hop router + exit-interface: the
local interface of this router where the packets will go out In the statement "ip route 10.5.6.0 255.255.255.0
fa0/0:
+ 10.5.6.0 255.255.255.0: the destination network
+fa0/0: the exit-interface
QUESTION 183
Which criteria are routing decisions based upon?
A. Source IP address
B. Destination IP address
C. TTL
D. Destination MAC address
E. Source MAC address
Correct Answer: B
Explanation
All routing decisions are based upon destination IP address. The router examines the IP address and routes
the packet to the next closest hop for the network it belongs to.
QUESTION 184
In the following exhibit, which route statement needs to be configured on RouterB to allow routing to Network
A?
A. RouterB(config)# ip route 192.168.1.0 255.255.255.0 serial0/0

B. RouterB(config)# ip route 192.168.1.0 255.255.255.0 192.168.2.1
C. RouterB(config)# ip route 192.168.1.0 255.255.255.0 192.168.2.2
D. RouterB(config)# ip route 192.168.1.0 255.255.255.0 192.168.3.1
E. RouterB(config)# ip route 192.168.1.0 255.255.255.0 192.168.1.1
Correct Answer: B
Explanation
QUESTION 185
In the following exhibit, which interface or IP address will a packet be routed to for a destination address of
192.168.4.56?
Router#show ip route
[output cut]
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.0.0/16 is directly connected, Serial0/2/0
L 10.10.1.1/32 is directly connected, Serial0/2/0
S 10.20.0.0/16 [1/0] via 192.168.4.2
S 192.168.4.0/24 is directly connected, Serial0/0/1
S 192.168.5.0/24 [1/0] via 192.168.4.2
S* 0.0.0.0/0 is directly connected, Serial 0/2/0
A. Interface Serial 0/0/1

B. Interface Serial 0/0/0
C. IP gateway of 192.168.4.1
D. Interface Serial 0/2/0
E. Interface Serial 0/1/1
Correct Answer: A
Explanation
In the routing table there is a static route for 192.168.4.0/24 via Serial 0/0/1
QUESTION 186
Which of the following are true about a LAN-connected TCP/IP host and its IP routing (forwarding) choices?
A. The host always sends packets to its default gateway.

B. The host never sends packets to its default gateway.
C. The host sends packets to its default gateway if the destination IP address is in a different subnet than the
host.
D. The host sends packets to its default gateway if the destination IP address is in the same subnet as the
host.
Correct Answer: C
Explanation
QUESTION 187
Which of the following are functions of a routing protocol? (Choose two answers.)
A. Advertising known routes to neighboring routers

B. Learning routes for subnets directly connected to the router
C. Learning routes and putting those routes into the routing table for routes advertised to the router by its
neighboring routers
D. Forwarding IP packets based on a packet’s destination IP address
Correct Answer: AC
Explanation
QUESTION 188
An engineer configures a static IPv4 route on Router R1. Which of the following pieces of information should
not be listed as a parameter in the configuration
command that creates this static IPv4 route?
A. The destination subnet’s subnet ID

B. The next-hop router’s IP address
C. The next-hop router’s neighboring interface
D. The subnet mask
Correct Answer: C
Explanation
QUESTION 189
A network engineer configures the ip route 10.1.1.0 255.255.255.0 s0/0/0 command on a router and then
issues a show ip route command from enable mode.
No routes for subnet 10.1.1.0/24 appear in the output. Which of the following could be true?
A. The ip route command has incorrect syntax and was rejected in config mode.
B. Interface s0/0/0 is down.
C. The router has no up/up interfaces in Class A network 10.0.0.0.
D. The ip route command is missing a next-hop router IP address.
Correct Answer: B
Explanation
QUESTION 190
A router lists the following partial output from the show ip route command.
Out which interface will the router route packets destined to IP address 10.1.15.122?

O 10.1.15.100/32 [110/50] via 172.16.25.2, 00:00:04, GigabitEthernet0/0/0
O 10.1.15.96/27 [110/65 ] via 172.16.24.129, 00:00:09, GigabitEthernet0/3/0
A. G0/0/0
B. G0/1/0
C. G0/2/0
D. G0/3/0
Correct Answer: D
Explanation
QUESTION 191
A network administrator is configuring an EtherChannel between SW1 and SW2. The SW1 configuration is
shown. What is the correct configuration for SW2?
A. interface FastEthernet 0/1

channel-group 1 mode active
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet 0/2
channel-group 1 mode active
B. interface FastEthernet 0/1
channel-group 2 mode auto
interface FastEthernet 0/2
channel-group 2 mode auto
C. interface range FastEthernet 0/1 - 2
channel-group 3 mode desirable
D. interface FastEthernet 0/1
switchport mode dynamic desirable
interface Ethernet 0/2
switchport mode dynamic desirable
Correct Answer: C
Section: EtherChannel
Explanation
QUESTION 192
What is the default EtherChannel mode on a Cisco switch?
A. PAgP
B. LACP
C. Static
D. Null
Correct Answer: A
Explanation
QUESTION 193
Which command creates a LACP EtherChannel with a local ID of 5?
A. channel-group 5 mode active

B. channel-group 5 mode desirable
C. channel-group 5 mode lacp
D. channel-group 5 mode on
E. channel-group 5 mode enable
Correct Answer: A
Explanation
The LACP options are Active and Passive.
QUESTION 194
What is the maximum number of interfaces that can be aggregated with EtherChannel and PAgP?
A. 2
B. 4
C. 10
D. 8
E. 16
Correct Answer: D
Explanation
QUESTION 195
After an EtherChannel is configured between two Cisco switches, interface port-channel 12 is in the down/
down state. Switch 1 is configured with channel-group 1 mode desirable, while Switch 2 is configured with
channel-group 1 mode passive. Why is the EtherChannel bundle not working?
A. Mismatched EtherChannel configuration between two switches.

B. The switch ports are not configured in access mode.
C. LACP priority must be configured on both switches.
D. The channel group identifier must be different for Switch 1 and Switch 2.
E. Use the no shutdown command to enable interface port channel.
Correct Answer: A
Explanation
QUESTION 196
Which three statements about HSRP operation are true? (Choose three.)
A. The HSRP virtual IP address must be the different from one of the router's interface addresses on the
LAN.
B. The HSRP default timers are a 3 second hello interval and a 10 second dead interval.
C. The HSRP virtual IP address must be the same as one of the router's interface addresses on the LAN.
D. The HSRP virtual IP address must be on a different subnet than the routers' interfaces on the same LAN.
E. The HSRP virtual IP address must be the same subnet but must be different with the routers' interface
addresses on LAN
Correct Answer: ABE

Section: HSRP
Explanation
QUESTION 197
hostname R1
interface f0/0
ip address 172.16.10.32 255.255.255.0
standby 1 ip 172.16.10.110
standby 1 preempt
hostname R2
interface f0/1
ip address 172.16.10.33 255.255.255.0
standby 1 ip 172.16.10.110
standby 1 priority 110
standby 1 preempt
hostname R3
interface f0/0
ip address 172.16.10.34 255.255.255.0
standby 1 ip 172.16.10.110
standby 1 priority 150
standby 1 preempt
Three router are configured for HSRP. Which router will be elected as active router?
A. R1
B. R2
C. R3
D. Any router
Correct Answer: C
Section: HSRP
Explanation
QUESTION 198
Which value is used to determine the active router in an HSRP default configuration?
A. Router loopback address

B. Router IP address
C. Router priority
D. Router tracking number
Correct Answer: B
Section: HSRP
Explanation
QUESTION 199
What is a valid HSRP virtual MAC address?
A. 0000.5E00.01A3
B. 0007.B400.AE01
C. 0000.0C07.AC15
D. 0007.5E00.B301
Correct Answer: C
Section: HSRP
Explanation
QUESTION 200
A network administrator needs to configure port security on a switch. Which two statements are false?
A. The network administrator can apply port security to static access ports.
B. The network administrator can apply port security to EtherChannels.
C. When dynamic MAC address learning is enabled on an interface, the switch can not learn new addresses.
D. The sticky learning feature allows the addition of dynamically learned addresses to the running
configuration.
E. When static MAC address learning is enabled on an interface, only the static MACs configured previously
are allowed to access the port.
Correct Answer: BC
Section: Port Security and SSH
Explanation
Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN). + A secure port cannot
belong to a Fast EtherChannel or Gigabit EtherChannel port group. + You cannot configure static secure or
sticky secure MAC addresses on a voice VLAN. + When you enable port security on an interface that is also
configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least
two. + If any type of port security is enabled on the access VLAN, dynamic port security is automatically
enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all
addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the
access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses. + The protect and restrict
options cannot be simultaneously enabled on an interface.
(Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_19_ea1/confi guration/
guide/swtrafc.html)
QUESTION 201
A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A
to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames
from this device. The administrator configured the interface and tested it with successful pings from PC_A to
RouterA, and then observes the output from these two show commands.
Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)
A. Port security needs to be enabled on the interface F0/1.

B. Port security needs to be enabled on the interface F0/24.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command.
F. The port security configuration needs to be saved to NVRAM before it can become active.
Correct Answer: AD
Explanation
From the output we can see that port security is disabled so this needs to be enabled. Also, the maximum
number of devices is set to 2 so this needs to be just one if we want the single host to have access and
nothing else.
QUESTION 202
Which set of commands is recommended to prevent the use of a hub in the access layer?
A. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1
B. switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security
D. switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1
Correct Answer: C
Explanation
This question is to examine the layer 2 security configuration. In order to satisfy the requirements of this
question, you should perform the following configurations in the interface mode:
First, configure the interface mode as the access mode
Second, enable the port security and set the maximum number of connections to 1.
QUESTION 203
How does using the service password-encryption command on a router provide additional security?
A. by encrypting just only enable password in the plain text configuration file.
B. by encrypting just console and telnet passwords in the plain text configuration file.
C. by requiring entry of encrypted passwords for access to the device.
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges.
E. by automatically suggesting encrypted passwords for use in configuring the router.
F. by encrypting all passwords in the plain text configuration file.
Correct Answer: F
Explanation
By using this command, all the (current and future) passwords are encrypted. This command is primarily
useful for keeping unauthorized individuals from viewing your password in your configuration file.
QUESTION 204
Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on
a switch? (Choose two.)
A. SW1#show port-secure interface FastEthernet 0/12

B. SW1#show switchport port-secure interface FastEthernet 0/12
C. SW1#show running-config port-security
D. SW1#show port-security interface FastEthernet 0/12
E. SW1#show switchport port-security interface FastEthernet 0/12
F. SW1#show running-config interface f0/12
Correct Answer: DF
Explanation
We can verify whether port security has been configured by using the "show running-config" or "show port-
security interface " for more detail. An example of the output of "show port-security interface " command is
shown below:
QUESTION 205
What will be the result if the following configuration commands are implemented on a Cisco switch?
Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security mac-address sticky
A. A dynamically learned MAC address is saved in the startup-configuration file.

B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address
are received.
E. Statically configured MAC addresses are saved in the running-configuration file if frames from that
address are received.
Correct Answer: B
Explanation
In the interface configuration mode, the command switchport port-security mac-address sticky enables sticky
learning. When entering this command, the interface converts all the dynamic secure MAC addresses to
sticky secure MAC addresses.
QUESTION 206
line vty 0 4
password 7 030752180500
login
What is the effect of the configuration that is shown?
A. It configures SSH globally for all logins.

B. It tells the router or switch to try to establish an SSh connection first and if that fails to use Telnet.
C. It configures the Telnet Server on router or switch.
D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual
terminal ports.
E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.
Correct Answer: C
Explanation
Secure Shell (SSH) is a protocol which provides a secure remote access connection to network devices.
Communication between the client and server is encrypted in both SSH version 1 and SSH version 2. If you
want to prevent non-SSH connections, add the "transport input ssh" command under the lines to limit the
router to SSH connections only. Straight (non-SSH) Telnets are refused.
Reference: www.cisco.com/warp/public/707/ssh.shtml
QUESTION 207
Which of the following commands in the configuration, is a prerequisite for the other commands to function?
Sw3#config t
Sw3(config)#int fa0/3
Sw3(config-if#switchport port-security
Sw3(config-if#switchport port-security maximum 3
Sw3(config-if#switchport port-security violation restrict
Sw3(config-if#Switchport mode-security aging time 10
A. switchport mode-security aging time 10

B. switchport port-security
C. switchport port-security maximum 3
D. switchport port-security violation restrict
Correct Answer: B
Explanation
QUESTION 208
What will be the effect of executing the following command on port F0/1?
switch(config-if)# switchport port-security mac-address 00C0.35F0.9096
A. The command configures an inbound access control list on port F0/1, limiting traffic to the IP address of
the host.
B. The command expressly prohibits the MAC address of 00c0.35f0.9096 as an allowed host on the switch
port.
C. The command encrypts all traffic on the port from the MAC address of 00c0.35f0.9096.
D. The command statically defines the MAC address of 00c0.35f0.9096 as an allowed host on the switch port.
Correct Answer: D
Explanation
QUESTION 209
line vty 0 4
password 7 030752180500
login
transport input ssh
Refer to the exhibit. What is the effect of the configuration that is shown?
A. It tells the router or switch to try establish an SSH connection first and if that fail to use telnet.
B. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual
terminal ports.
C. It allows seven failed login attempts before the VTY lines are temporarily shutdown.
D. It configures the virtual terminal lines with the password 030752180500.
E. It configures SSH globally for all logins.
Correct Answer: B
Explanation
QUESTION 210
Which port security mode can assist with troubleshooting by keeping count of violations?
A. access
B. protect
C. restrict
D. shutdown
Correct Answer: C
Explanation
QUESTION 211
which violation mode block traffic from invalid mac address but allows traffic from valid mac address to pass
in port security?
A. protect
B. shutdown
C. shutdown vlan
D. restrict
Correct Answer: A
Explanation
QUESTION 212
A switch’s port Gi0/1 has been correctly enabled with port security. The configuration sets the violation mode
to restrict. A frame that violates the port security policy enters the interface, followed by a frame that does not.
Which of the following answers correctly describe what happens in this scenario? (Choose two answers.)
A. The switch puts the interface into an err-disabled state when the first frame arrives.
B. The switch generates syslog messages about the violating traffic for the first frame.
C. The switch increments the violation counter for Gi0/1 by 1.
D. The switch discards both the first and second frame.
Correct Answer: BC
Explanation
QUESTION 213
Which one of the following terms means anything that can be considered to be a weakness that can
compromise security?
A. Exploit
B. Vulnerability
C. Attack
D. Threat
Correct Answer: B
Section: Security
Explanation
QUESTION 214
An actual potential to exploit a vulnerability is known as which one of the following terms?
A. Vulnerability
B. Attack
C. Exploit
D. Threat
Correct Answer: D
Section: Security
Explanation
QUESTION 215
In a spoofing attack, which of the following parameters are commonly spoofed? (Choose two answers.)
A. MAC address
B. Source IP address
C. Destination IP address
D. ARP address
Correct Answer: AB
Section: Security
Explanation
QUESTION 216
Suppose an attacker sends a series of packets toward a destination IP address with the TCP SYN flag set but
sends no other packet types. Which of the following attacks is likely taking place?
A. Spoofing attack
B. Reflection attack
C. Reconnaissance attack
D. Denial-of-service attack
E. None of the choices are correct.
Correct Answer: D
Section: Security
Explanation
QUESTION 217
Which one of the following is the goal of a bruteforce attack?
A. Try every possible TCP port until a service answers

B. Try every possible combination of keyboard characters to guess a user’s password
C. Initiate a denial-of-service operation on every possible host in a subnet
D. Spoof every possible IP address in an organization
Correct Answer: B
Section: Security
Explanation
QUESTION 218
Which one of the following is an example of a AAA server?
A. DHCP
B. DNS
C. SNMP
D. ISE
Correct Answer: D
Section: Security
Explanation
QUESTION 219
An engineer hears about DHCP Snooping and decides to implement it. Which of the following are the devices
on which DHCP Snooping could be implemented? (Choose two answers.)
A. Layer 2 switches
B. Routers
C. Multilayer switches
D. End-user hosts
Correct Answer: AC
Section: Security
Explanation
QUESTION 220
Switch SW1 needs to be configured to use DHCP Snooping in VLAN 5 and only VLAN 5. Which commands
must be included, assuming at least one switch port in VLAN 5 must be an untrusted port? (Choose two
answers.)
A. no ip dhcp snooping trust

B. ip dhcp snooping untrust
C. ip dhcp snooping
D. ip dhcp snooping vlan 5
Correct Answer: CD
Section: Security
Explanation
QUESTION 221
On a multilayer switch, a switch needs to be configured to perform DHCP Snooping on some Layer 2 ports in
VLAN 3. Which command may or may not be needed depending on whether the switch also acts as a DHCP
relay agent?
A. no ip dhcp snooping information option

B. ip dhcp snooping limit rate 5
C. errdisable recovery cause dhcp-rate-limit
D. ip dhcp snooping vlan 3
Correct Answer: A
Section: Security
Explanation
QUESTION 222
Switch SW1 needs to be configured to use Dynamic ARP Inspection along with DHCP Snooping in VLAN 6
and only VLAN 6. Which commands must be included, assuming at least one switch port in VLAN 6 must be a
trusted port? (Choose two answers.)
A. no ip arp inspection untrust

B. ip arp inspection trust
C. ip arp inspection
D. ip arp inspection vlan 6
Correct Answer: BC
Section: Security
Explanation
Exam B

Test 1

Uploaded by

Copyright:

Available Formats

Test 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Test 1

Uploaded by

Copyright:

Available Formats

Test 1

Viet Professional Co. Ltd. VnPro ®

Good luck for your exam!

A. Allow computer hosts to communicate data between each other

A. Data link layer

A. The algorithm never allows collisions to occur.

A. A segment contains IP addresses.

Correct Answer: BDH

Correct Answer: AEG

A. Network = 16, subnet = 9, host = 7

Correct Answer: ACF

Correct Answer: ABDF

A. The network ID is 172.30.0.0.

A. The network ID is 192.168.100.10.

Correct Answer: ADF

Correct Answer: BCE

A. The network part’s size is 10 bits.

Correct Answer: ABF

Select and Place:

A. With a connection from a switch to a bridge

Correct Answer: BDE

Correct Answer: ACF

A. Pins 1 and 2 are reversed on the other end of the cable.

A. It checks the configuration register.

A. Immediately after the Cisco IOS loads on a router

A. The startup configuration of a Cisco router

A. copy running-config tftp

A. Connect Ethernet cables

A. The show mac address-table command

A. Configuring the ip address address mask command in G0/0 configuration mode

A. show cdp neigbors

A. show cdp neigbors

A. The Manchester serial address is 10.1.1.1

Correct Answer: BDE

A. Multiple devices are connected directly to FastEthernet0/1.

A. source MAC address

Correct Answer: BDE

A. Only the devices that use cables are using Ethernet.

A. Port Ethernet 0/1 is in a connected state.

Which of the following answers is true about this switch?

A. They increase the size of collision domains.

Correct Answer: ADF

A. Frames in the native VLAN (only one)

A. 802.1Q giants frames could saturate the link.

Which commands about port trunk in the interface FastEthernet0/1?

A. The ports only need to be connected by a straight-over cable.

A. Inserts a 4-byte header and does change the MAC addresses

A. trunk mode mismatches

A. The access link needs to be configured in multiple VLANs.

A. show interface trunk

SW1#show interface fast 0/2 switchport

Correct Answer: ACD

A. It creates a VLAN 2 interface.

A. the operation of VTP

A. The command is rejected.

A. VLANs have not been created yet.

A. 802.1q adds a 26-byte trailer and 4-byte header.

A. More collision domains will be created.

SW1# show interfaces g0/1 switchport

Which of the following must be true on switch SW2’s G0/2 port?