Switching, Routing, and Wireless Essentials ( Version 7.

00) – Switching
Concepts, VLANs, and Inter-VLAN Routing Exam
1. Which tasks can be accomplished by using the command history feature? (Choose two.)
 View a list of commands entered in a previous session.
 Recall up to 15 command lines by default.
 Set the command history buffer size.
 Recall previously entered commands.
 Save command lines in a log file for future reference.
2. What is the first action in the boot sequence when a switch is powered on?
 load the default Cisco IOS software
 load boot loader software
 low-level CPU initialization
 load a power-on self-test program
3. What must an administrator have in order to reset a lost password on a router?
 a TFTP server
 a crossover cable
 access to another router
 physical access to the router
4. When configuring a switch for SSH access, what other command that is associated with the login local
command is required to be entered on the switch?
 enable secret password
 password password
 username username secret secret
 login block-for seconds attempts number within*seconds*
5. Which command displays information about the auto-MDIX setting for a specific interface?
 show interfaces
 show controllers
 show processes
 show running-config
6. If one end of an Ethernet connection is configured for full duplex and the other end of the connection is
configured for half duplex, where would late collisions be observed?
 on both ends of the connection
 on the full-duplex end of the connection
 only on serial interfaces
 on the half-duplex end of the connection
7. Which command is used to set the BOOT environment variable that defines where to find the IOS image
file on a switch?
 config-register
 boot system
 boot loader
 confreg
8. What does a switch use to locate and load the IOS image?
 BOOT environment variable
 IOS image file
 POST
 startup-config
 NVRAM
9. Which protocol adds security to remote connections?
 FTP
 HTTP
 NetBEUI
 POP
 SSH
10. What is a characteristic of an IPv4 loopback interface on a Cisco IOS router?
 The no shutdown command is required to place this interface in an UP state.
 It is a logical interface internal to the router.
 Only one loopback interface can be enabled on a router.
 It is assigned to a physical port and can be connected to other devices.
11. What is the minimum Ethernet frame size that will not be discarded by the receiver as a runt frame?
 64 bytes
  512 bytes
 1024 bytes
 1500 bytes
12. After which step of the switch bootup sequence is the boot loader executed?
 after CPU initialization
 after IOS localization
 after flash file system initialization
 after POST execution
13. Which impact does adding a Layer 2 switch have on a network?
 an increase in the number of dropped frames
 an increase in the size of the broadcast domain
 an increase in the number of network collisions
 an increase in the size of the collision domain
14. Which characteristic describes cut-through switching?
 Error-free fragments are forwarded, so switching occurs with lower latency.
 Frames are forwarded without any error checking.
 Only outgoing frames are checked for errors.
 Buffering is used to support different Ethernet speeds.
15. What is the significant difference between a hub and a Layer 2 LAN switch?
 A hub extends a collision domain, and a switch divides collision domains.
 A hub divides collision domains, and a switch divides broadcast domains.
 Each port of a hub is a collision domain, and each port of a switch is a broadcast domain.
 A hub forwards frames, and a switch forwards only packets.
16. Which statement is correct about Ethernet switch frame forwarding decisions?
 Frame forwarding decisions are based on MAC address and port mappings in the CAM table.
 Cut-through frame forwarding ensures that invalid frames are always dropped.
 Only frames with a broadcast destination address are forwarded out all active switch ports.
 Unicast frames are always forwarded regardless of the destination MAC address.
17. How do switch buffers affect network performance?
 They provide error checking on the data received.
 They store frames received, thus preventing premature frame discarding when network congestion
occurs.
 They provide extra memory for a particular port if autonegotiation of speed or duplex fails.
 They hold data temporarily when a collision occurs until normal data transmission resumes.
18. Which switch characteristic helps keep traffic local and alleviates network congestion?
 high port density
 fast port speed
 large frame buffers
 fast internal switching
19. Which switch component reduces the amount of packet handling time inside the switch?
 ASIC
 dual processors
 large buffer size
 store-and-forward RAM
20. Refer to the exhibit. A switch receives a Layer 2 frame that contains a source MAC address of
000b.a023.c501 and a destination MAC address of 0050.0fae.75aa. Place the switch steps in the order they
occur. (Not all options are used.)

CCNA2 v7 SRWE – Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing Exam Answers
 CCNA 2 v7 Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 20

21. What information is added to the switch table from incoming frames?
 source MAC address and incoming port number
 destination MAC address and incoming port number
 source IP address and incoming port number
 destination IP address and incoming port number
22. Which switching method ensures that the incoming frame is error-free before forwarding?
 cut-through
 FCS
 fragment free
 store-and-forward
23. Refer to the exhibit. How many broadcast domains are displayed?

CCNA2 v7 SRWE – Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 23
  1
 4
 8
 16
 55
24. Under which two occasions should an administrator disable DTP while managing a local area network?
(Choose two.)
 when connecting a Cisco switch to a non-Cisco switch
 when a neighbor switch uses a DTP mode of dynamic auto
 when a neighbor switch uses a DTP mode of dynamic desirable
 on links that should not be trunking
 on links that should dynamically attempt trunking
25. Which two characteristics describe the native VLAN? (Choose two.)
 Designed to carry traffic that is generated by users, this type of VLAN is also known as the default
VLAN.
 The native VLAN traffic will be untagged across the trunk link.
 This VLAN is necessary for remote management of a switch.
 High priority traffic, such as voice traffic, uses the native VLAN.
 The native VLAN provides a common identifier to both ends of a trunk.
26. On a switch that is configured with multiple VLANs, which command will remove only VLAN 100 from
the switch?
 Switch# delete flash:vlan.dat
 Switch(config-if)# no switchport access vlan 100
 Switch(config-if)# no switchport trunk allowed vlan 100
 Switch(config)# no vlan 100

27. Refer to the exhibit. A network administrator is reviewing port and VLAN assignments on switch S2 and
notices that interfaces Gi0/1 and Gi0/2 are not included in the output. Why would the interfaces be missing
from the output?

CCNA 2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam 27

 There is a native VLAN mismatch between the switches.
 There is no media connected to the interfaces.
 They are administratively shut down.
 They are configured as trunk interfaces.
28. A network contains multiple VLANs spanning multiple switches. What happens when a device in VLAN
20 sends a broadcast Ethernet frame?
 All devices in all VLANs see the frame.
 Devices in VLAN 20 and the management VLAN see the frame.
 Only devices in VLAN 20 see the frame.
 Only devices that are connected to the local switch see the frame.
29. Refer to the exhibit. All workstations are configured correctly in VLAN 20. Workstations that are
connected to switch SW1 are not able to send traffic to workstations on SW2. What could be done to remedy
the problem?

CCNA2 v7 SRWE – Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 29
 Allow VLAN 20 on the trunk link.
 Enable DTP on both ends of the trunk.
 Configure all workstations on SW1 to be part of the default VLAN.
 Configure all workstations on SW2 to be part of the native VLAN.
30. What happens to switch ports after the VLAN to which they are assigned is deleted?
 The ports are disabled.
 The ports are placed in trunk mode.
 The ports are assigned to VLAN1, the default VLAN.
 The ports stop communicating with the attached devices.
31. Match the IEEE 802.1Q standard VLAN tag field with the description. (Not all options are used.)

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 31

32. Refer to the exhibit. In what switch mode should port G0/1 be assigned if Cisco best practices are being
used?
 CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 32
 access
 trunk
 native
 auto
33. Match the DTP mode with its function. (Not all options are used.)

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 33
34. Port Fa0/11 on a switch is assigned to VLAN 30. If the command no switchport access vlan 30 is entered
on the Fa0/11 interface, what will happen?
 Port Fa0/11 will be shutdown.
 An error message would be displayed.
 Port Fa0/11 will be returned to VLAN 1.
 VLAN 30 will be deleted.
35. Which command displays the encapsulation type, the voice VLAN ID, and the access mode VLAN for the
Fa0/1 interface?
 show vlan brief
 show interfaces Fa0/1 switchport
 show mac address-table interface Fa0/1
 show interfaces trunk

36. Refer to the exhibit. A technician is programming switch SW3 to manage voice and data traffic through
port Fa0/20. What, if anything, is wrong with the configuration?

 There is nothing wrong with the configuration.

 Interface Fa0/20 can only have one VLAN assigned.
 The mls qos trust cos command should reference VLAN 35.
 The command used to assign the voice VLAN to the switch port is incorrect.
37. Which four steps are needed to configure a voice VLAN on a switch port? (Choose four).
 Configure the interface as an IEEE 802.1Q trunk.
 Assign the voice VLAN to the switch port.
 Activate spanning-tree PortFast on the interface.
 Ensure that voice traffic is trusted and tagged with a CoS priority value.
 Add a voice VLAN.
 Configure the switch port interface with subinterfaces.
 Assign a data VLAN to the switch port.
 Configure the switch port in access mode.
38. Refer to the exhibit. PC1 is unable to communicate with server 1. The network administrator issues the
show interfaces trunk command to begin troubleshooting. What conclusion can be made based on the output
of this command?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 38
 Interface G0/2 is not configured as a trunk.
 VLAN 20 has not been created.
 The encapsulation on interface G0/1 is incorrect.
 The DTP mode is incorrectly set to dynamic auto on interface G0/1.
39. Refer to the exhibit. What is the cause of the error that is displayed in the configuration of inter-VLAN
routing on router CiscoVille?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 39
 The gig0/0 interface does not support inter-VLAN routing.
  The no shutdown command has not been configured.
 The IP address on CiscoVille is incorrect.
 The encapsulation dot1Q 20 command has not been configured.
40. Refer to the exhibit. A network administrator has configured router CiscoVille with the above commands
to provide inter-VLAN routing. What command will be required on a switch that is connected to the Gi0/0
interface on router CiscoVille to allow inter-VLAN routing?

 switchport mode access

 no switchport
 switchport mode trunk
 switchport mode dynamic desirable
41. A high school uses VLAN15 for the laboratory network and VLAN30 for the faculty network. What is
required to enable communication between these two VLANs while using the router-on-a-stick approach?
 A multilayer switch is needed.
 A router with at least two LAN interfaces is needed.
 Two groups of switches are needed, each with ports that are configured for one VLAN.
 A switch with a port that is configured as a trunk is needed when connecting to the router.
42. When routing a large number of VLANs, what are two disadvantages of using the router-on-a-stick inter-
VLAN routing method rather than the multilayer switch inter-VLAN routing method? (Choose two.)
 Multiple SVIs are needed.
 A dedicated router is required.
 Router-on-a-stick requires subinterfaces to be configured on the same subnets.
 Router-on-a-stick requires multiple physical interfaces on a router.
 Multiple subinterfaces may impact the traffic flow speed.
43. Refer to the exhibit. A network administrator is verifying the configuration of inter-VLAN routing. Users
complain that PCs on different VLANs cannot communicate. Based on the output, what are two configuration
errors on switch interface Gi1/1? (Choose two.)

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 43
 Gi1/1 is in the default VLAN.
 Voice VLAN is not assigned to Gi1/1.
 Gi1/1 is configured as trunk mode.
  Negotiation of trunking is turned on on Gi1/1.
 The trunking encapsulation protocol is configured wrong.
44. Refer to the exhibit. A network administrator is verifying the configuration of inter-VLAN routing. Users
complain that PC2 cannot communicate with PC1. Based on the output, what is the possible cause of the
problem?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 44
 Gi0/0 is not configured as a trunk port.
 The command interface GigabitEthernet0/0.5 was entered incorrectly.
 There is no IP address configured on the interface Gi0/0.
 The no shutdown command is not entered on subinterfaces.
 The encapsulation dot1Q 5 command contains the wrong VLAN.
45. Refer to the exhibit. A network administrator has configured router CiscoVille with the above commands
to provide inter-VLAN routing. What type of port will be required on a switch that is connected to Gi0/0 on
router CiscoVille to allow inter-VLAN routing?

 routed port
 access port
 trunk port
 SVI
46. Refer to the exhibit. A network administrator is configuring RT1 for inter-VLAN routing. The switch is
configured correctly and is functional. Host1, Host2, and Host3 cannot communicate with each other. Based
on the router configuration, what is causing the problem?
 CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 46
 Interface Fa0/0 is missing IP address configuration information.
 IP addresses on the subinterfaces are incorrectly matched to the VLANs.
 Each subinterface of Fa0/0 needs separate no shutdown commands.
 Routers do not support 802.1Q encapsulation on subinterfaces.
47. Refer to the exhibit. A router-on-a-stick configuration was implemented for VLANs 15, 30, and 45,
according to the show running-config command output. PCs on VLAN 45 that are using the 172.16.45.0 /24
network are having trouble connecting to PCs on VLAN 30 in the 172.16.30.0 /24 network. Which error is
most likely causing this problem?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 47
 The wrong VLAN has been configured on GigabitEthernet 0/0.45.
 The command no shutdown is missing on GigabitEthernet 0/0.30.
 The GigabitEthernet 0/0 interface is missing an IP address.
 There is an incorrect IP address configured on GigabitEthernet 0/0.30.
48. What is a characteristic of a routed port on a Layer 3 switch?
 It supports trunking.
 It is not assigned to a VLAN.
 It is commonly used as a WAN link.
 It cannot have an IP address assigned to it.
49. Refer to the exhibit. A network administrator needs to configure router-on-a-stick for the networks that are
shown. How many subinterfaces will have to be created on the router if each VLAN that is shown is to be
routed and each VLAN has its own subinterface?
 CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 49
 1
 2
 3
 4
 5
50. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-
if)# mdix auto command?
 It automatically adjusts the port to allow device connections to use either a straight-through or a
crossover cable.
 It applies an IPv4 address to the virtual interface.
 It applies an IPv6 address to the virtual interface.
 It permits an IPv6 address to be configured on a switch physical interface.
 It updates the MAC address table for the associated port.
51. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-
if)# ip address 172.18.33.88 255.255.255.0 command?
 It applies an IPv4 address to the virtual interface.
 It applies an IPv6 address to the virtual interface.
 It activates a virtual or physical switch interface.
 It permits an IPv6 address to be configured on a switch physical interface.
 It updates the MAC address table for the associated port.
52. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw#
configure terminal command?
 It enters the global configuration mode.
 It enters configuration mode for a switch virtual interface.
 It applies an IPv4 address to the virtual interface.
 It updates the MAC address table for the associated port.
 It permits an IPv6 address to be configured on a switch physical interface.
53. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw#
configure terminal command?
 It enters the global configuration mode.
 It saves the running configuration to NVRAM.
 It disables a virtual or physical switch interface.
 It updates the MAC address table for the associated port.
 It saves the startup configuration to the running configuration.
54. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-
if)# shutdown command?
 It disables a virtual or physical switch interface.
 It saves the running configuration to NVRAM.
 It activates a virtual or physical switch interface.
 It updates the MAC address table for the associated port.
 It saves the startup configuration to the running configuration.
55. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-
if)# shutdown command?
 It disables a virtual or physical switch interface.
  It applies an IPv6 address to the virtual interface.
 It applies an IPv4 address to the virtual interface.
 It permits an IPv6 address to be configured on a switch physical interface.
 It updates the MAC address table for the associated port.
56. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-
if)# ipv6 address 2001:db8:a2b4:88::1/64 command?
 It applies an IPv6 address to the virtual interface.
 It activates a virtual or physical switch interface.
 It applies an IPv4 address to the virtual interface.
 It permits an IPv6 address to be configured on a switch physical interface.
 It updates the MAC address table for the associated port.
57. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-
if)# exit command?
 It returns to global configuration mode.
 It returns to privileged mode.
 It configures the default gateway for the switch.
 It enters user mode.
 It saves the startup configuration to the running configuration.
58. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw> enable
command?
 It enters privileged mode.
 It enters the global configuration mode.
 It enters configuration mode for a switch virtual interface.
 It updates the MAC address table for the associated port.
 It permits an IPv6 address to be configured on a switch physical interface.
58. A technician is configuring a new Cisco 2960 switch. What is the effect of issuing the BranchSw(config-
if)# duplex full command?
 It allows data to flow in both directions at the same time on the interface.
 It allows data to flow in only one direction at a time on the interface
 It automatically adjusts the port to allow device connections to use either a straight-through or a
crossover cable.
 It configures the switch as the default gateway.
 It encrypts user-mode passwords when users connect remotely.
60. What type of VLAN should not carry voice and network management traffic?
 data VLAN
 voice VLAN
 management VLAN
 security VLAN
62. What type of VLAN is designed to reserve bandwidth to ensure IP Phone quality?
 voice VLAN
 trunk VLAN
 security VLAN
 management VLAN
63. What type of VLAN is initially the management VLAN?
 default VLAN
 native VLAN
 data VLAN
 management VLAN
64. What type of VLAN is designed to have a delay of less than 150 ms across the network?
 voice VLAN
 desirable VLAN
 trunk VLAN
 security VLAN
65. What type of VLAN is used to separate the network into groups of users or devices?
 data VLAN
 management VLAN
 voice VLAN
 native VLAN
66. What type of VLAN is configured specifically for network traffic such as SSH, Telnet, HTTPS, HTTP,
and SNMP?
 management VLAN
 security VLAN
  trunk VLAN
 voice VLAN
68. What type of VLAN supports untagged traffic?
 native VLAN
 voice VLAN
 security VLAN
 management VLAN
69. What type of VLAN supports untagged traffic?
 native VLAN
 desirable VLAN
 trunk VLAN
 security VLAN
70. Refer to the exhibit. A network administrator has configured R1 as shown. When the administrator checks
the status of the serial interface, the interface is shown as being administratively down. What additional
command must be entered on the serial interface of R1 to bring the interface up?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 70
 IPv6 enable
 clockrate 128000
 end
 no shutdown
71. Refer to the exhibit. The network administrator wants to configure Switch1 to allow SSH connections and
prohibit Telnet connections. How should the network administrator change the displayed configuration to
satisfy the requirement?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 71
 Use SSH version 1.
 Reconfigure the RSA key.
 Configure SSH on a different line.
 Modify the transport input command.
72. Which solution would help a college alleviate network congestion due to collisions?
 a firewall that connects to two Internet providers
 a high port density switch
 a router with two Ethernet ports
 a router with three Ethernet ports
73. Which two statements are correct with respect to SVI inter-VLAN routing? (Choose two.)
 Switching packets is faster with SVI.
 There is no need for a connection to a router.
 Virtual interfaces support subinterfaces.
 SVIs can be bundled into EtherChannels.
 SVIs eliminate the need for a default gateway in the hosts.
74. Refer to the exhibit. A network administrator is configuring inter-VLAN routing on a network. For now,
only one VLAN is being used, but more will be added soon. What is the missing parameter that is shown as
the highlighted question mark in the graphic?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam Answers 74
 It identifies the subinterface.
 It identifies the VLAN number.
 It identifies the native VLAN number.
 It identifies the type of encapsulation that is used.
 It identifies the number of hosts that are allowed on the interface.
75. Which type of VLAN is used to designate which traffic is untagged when crossing a trunk port?
 data
 default
 native
 management
76. A network administrator issues the show vlan brief command while troubleshooting a user support ticket.
What output will be displayed?
 the VLAN assignment and membership for device MAC addresses
 the VLAN assignment and membership for all switch ports
 the VLAN assignment and trunking encapsulation
 the VLAN assignment and native VLAN
77. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Which message is displayed when 10.10.10.1 is entered into the PC1 Web Browser address bar?
 Local Server
 Test Server
 File Server
 Cisco Server
78. Match each DHCP message type with its description. (Not all options are used.)

CCNA 2 v7 Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing Exam Answers
79. What type of VLAN is configured specifically for network traffic such as SSH, Telnet, HTTPS, HHTP,
and SNMP?
 voice VLAN
 management VLAN
 native VLAN
 security VLAN

Switching, Routing, and Wireless Essentials ( Version 7.00) – Redundant

Networks Exam
1. What additional information is contained in the 12-bit extended system ID of a BPDU?
 MAC address
 VLAN ID
 IP address
 port ID
2. During the implementation of Spanning Tree Protocol, all switches are rebooted by the network
administrator. What is the first step of the spanning-tree election process?
 Each switch with a lower root ID than its neighbor will not send BPDUs.
 All the switches send out BPDUs advertising themselves as the root bridge.
 Each switch determines the best path to forward traffic.
 Each switch determines what port to block to prevent a loop from occurring.
3. Which STP port role is adopted by a switch port if there is no other port with a lower cost to the root
bridge?
 designated port
 root port
 alternate
 disabled port
Explanation: The root port is the port with the lowest cost to reach the root bridge.
4. Which two concepts relate to a switch port that is intended to have only end devices attached and intended
never to be used to connect to another switch? (Choose two.)
 bridge ID
 edge port
 extended system ID
 PortFast
 PVST+
5. Which three components are combined to form a bridge ID?
 extended system ID
 cost
 IP address
 bridge priority
 MAC address
 port ID
Explanation: The three components that are combined to form a bridge ID are bridge priority, extended
system ID, and MAC address.
6. Match the STP protocol with the correct description. (Not all options are used.)

7. In which two port states does a switch learn MAC addresses and process BPDUs in a PVST network?
(Choose two.)
 disabled
 forwarding
 listening
 blocking
 learning
Explanation: Switches learn MAC addresses at the learning and forwarding port states. They receive and
process BPDUs at the blocking, listening, learning, and forwarding port states.
8. If no bridge priority is configured in PVST, which criteria is considered when electing the root bridge?
 lowest MAC address
 lowest IP address
 highest IP address
 highest MAC address
Explanation: Only one switch can be the root bridge for a VLAN. The root bridge is the switch with the
lowest BID. The BID is determined by priority and the MAC address. If no priority is configured then all
switches use the default priority and the election of the root bridge will be based on the lowest MAC address.
9. Match the spanning-tree feature with the protocol type. (Not all options are used.)
Explanation: MST is the Cisco implementation of MSTP (IEEE 802.1s).
10. When the show spanning-tree vlan 33 command is issued on a switch, three ports are shown in the
forwarding state. In which two port roles could these interfaces function while in the forwarding state?
(Choose two.)
 alternate
 designated
 disabled
 blocked
 root
Explanation: The role of each of the three ports will be either designated port or root port. Ports in the
disabled state are administratively disabled. Ports in the blocking state are alternate ports.
11. What is the function of STP in a scalable network?
 It decreases the size of the failure domain to contain the impact of failures.
 It protects the edge of the enterprise network from malicious activity.
 It combines multiple switch trunk links to act as one logical link for increased bandwidth.
 It disables redundant paths to eliminate Layer 2 loops.
Explanation: STP is an important component in a scalable network because it allows redundant physical
connections between Layer 2 devices to be implemented without creating Layer 2 loops. STP prevents Layer
2 loops from forming by disabling interfaces on Layer 2 devices when they would create a loop.
12. What is a characteristic of spanning tree?
 It is enabled by default on Cisco switches.
 It is used to discover information about an adjacent Cisco device.
 It has a TTL mechanism that works at Layer 2.
 It prevents propagation of Layer 2 broadcast frames.
Explanation: Spanning tree does work at Layer 2 on Ethernet-based networks and is enabled by default, but it
does not have a TTL mechanism. Spanning tree exists because Layer 2 frames do not have a TTL mechanism.
Layer 2 frames are still broadcast when spanning tree is enabled, but the frames can only be transmitted
through a single path through the Layer 2 network that was created by spanning tree. Cisco Discovery
Protocol (CDP) is used to discover information about an adjacent Cisco device.
13. Which spanning tree standard supports only one root bridge so that traffic from all VLANs flows over the
same path?
 PVST+
 802.1D
 MST
  Rapid PVST
Explanation: MST is the Cisco implementation of MSTP, an IEEE standard protocol that provides up to 16
instances of RSTP. PVST+ provides a separate 802.1D spanning-tree instance for each VLAN that is
configured in the network. 802.1D is the original STP standard defined by the IEEE and allows for only one
root bridge for all VLANs. 802.1w, or RSTP, provides faster convergence but still uses only one STP instance
for all VLANs.
14. What is the purpose of the Spanning Tree Protocol (STP)?
 creates smaller collision domains
 prevents routing loops on a router
 prevents Layer 2 loops
 allows Cisco devices to exchange routing table updates
 creates smaller broadcast domains
Explanation: The Spanning-Tree Protocol (STP) creates one path through a switch network in order to prevent
Layer 2 loops.
15. What is the value used to determine which port on a non-root bridge will become a root port in a STP
network?
 the path cost
 the highest MAC address of all the ports in the switch
 the lowest MAC address of all the ports in the switch
 the VTP revision number
Explanation: STP establishes one root port on each non-root bridge. The root port is the lowest-cost path from
the non-root bridge to the root bridge, indicating the direction of the best path to the root bridge. This is
primarily based on the path cost to the root bridge.
16. Refer to the exhibit. Which switch will be the root bridge after the election process is complete?

 S1
 S2
 S3
 S4
Explanation: The root bridge is determined by the lowest bridge ID, which consists of the priority value and
the MAC address. Because the priority values of all of the switches are identical, the MAC address is used to
determine the root bridge. Because S2 has the lowest MAC address, S2 becomes the root bridge.
17. What are two drawbacks to turning spanning tree off and having multiple paths through the Layer 2 switch
network? (Choose two.)
 The MAC address table becomes unstable.
 The switch acts like a hub.
 Port security becomes unstable.
 Broadcast frames are transmitted indefinitely.
 Port security shuts down all of the ports that have attached devices.
Explanation: Spanning tree should never be disabled. Without it, the MAC address table becomes unstable,
broadcast storms can render network clients and the switches unusable, and multiple copies of unicast frames
can be delivered to the end devices.
18. A small company network has six interconnected Layer 2 switches. Currently all switches are using the
default bridge priority value. Which value can be used to configure the bridge priority of one of the switches
to ensure that it becomes the root bridge in this design?
 1
 28672
 32768
 34816
 61440
Explanation: The default bridge priority value for all Cisco switches is 32768. The range is 0 to 61440 in
increments of 4096. Thus, the values 1 and 34816 are invalid. Configuring one switch with the lower value of
28672 (and leaving the bridge priority value of all other switches unchanged) will make the switch become
the root bridge.
19. Refer to the exhibit. The administrator tried to create an EtherChannel between S1 and the other two
switches via the commands that are shown, but was unsuccessful. What is the problem?

 Traffic cannot be sent to two different switches through the same EtherChannel link.
 Traffic cannot be sent to two different switches, but only to two different devices like an
EtherChannel-enabled server and a switch.
 Traffic can only be sent to two different switches if EtherChannel is implemented on Gigabit
Ethernet interfaces.
 Traffic can only be sent to two different switches if EtherChannel is implemented on Layer 3
switches.
Explanation: An EtherChannel link can only be created between two switches or between an EtherChannel-
enabled server and a switch. Traffic cannot be sent to two different switches through the same EtherChannel
link.
20. Which statement is true regarding the use of PAgP to create EtherChannels?
 It requires full duplex.
 It increases the number of ports that are participating in spanning tree.
 It requires more physical links than LACP does.
 It mandates that an even number of ports (2, 4, 6, etc.) be used for aggregation.
 It is Cisco proprietary.
Explanation: PAgP is used to automatically aggregate multiple ports into an EtherChannel bundle, but it only
works between Cisco devices. LACP can be used for the same purpose between Cisco and non-Cisco devices.
PAgP must have the same duplex mode at both ends and can use two ports or more. The number of ports
depends on the switch platform or module. An EtherChannel aggregated link is seen as one port by the
spanning-tree algorithm.
21. What are two requirements to be able to configure an EtherChannel between two switches? (Choose two.)
 All the interfaces need to work at the same speed.
 All interfaces need to be assigned to different VLANs.
 Different allowed ranges of VLANs must exist on each end.
 All the interfaces need to be working in the same duplex mode.
 The interfaces that are involved need to be contiguous on the switch.
Explanation: All interfaces in the EtherChannel bundle must be assigned to the same VLAN or be configured
as a trunk. If the allowed range of VLANs is not the same, the interfaces do not form an EtherChannel even
when set to auto or desirable mode.
22. Refer to the exhibit. On the basis of the output that is shown, what can be determined about the
EtherChannel bundle?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 22

 The EtherChannel bundle is down.
 Two Gigabit Ethernet ports are used to form the EtherChannel.
 A Cisco proprietary protocol was used to negotiate the EtherChannel link.
 The EtherChannel bundle is operating at both Layer 2 and Layer 3.
Explanation: Two protocols can be used to send negotiation frames that are used to try to establish an
EtherChannel link: PAgP and LACP. PAgP is Cisco proprietary, and LACP adheres to the industry standard.
23. Which two parameters must match on the ports of two switches to create a PAgP EtherChannel between
the switches? (Choose two.)
 port ID
 PAgP mode
 MAC address
 speed
 VLAN information
Explanation: For an EtherChannel to be created, the ports that are concerned on the two switches must match
in terms of the speed, duplex, and VLAN information. The PAgP mode must be compatible but not
necessarily equal. The port ID and the MAC addresses do not have to match.
24. Refer to the exhibit. A network administrator is configuring an EtherChannel link between two switches,
SW1 and SW2. Which statement describes the effect after the commands are issued on SW1 and SW2?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 24

 The EtherChannel is established after SW2 initiates the link request.
 The EtherChannel is established after SW1 initiates the link request.
 The EtherChannel is established without negotiation.
 The EtherChannel fails to establish.
Explanation: The interfaces GigabitEthernet 0/1 and GigabitEthernet 0/2 are configured “on” for the
EtherChannel link. This mode forces the interface to channel without PAgP or LACP. The EtherChannel will
be established only if the other side is also set to “on”. However, the mode on SW2 side is set to PAgP
desirable. Thus the EtherChannel link will not be established.
25. Refer to the exhibit. A network administrator is configuring an EtherChannel link between two switches,
SW1 and SW2. However, the EtherChannel link fails to establish. What change in configuration would
correct the problem?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 25

 Configure SW2 EtherChannel mode to desirable.
 Configure SW2 EtherChannel mode to on.
 Configure SW1 EtherChannel mode to on.
 Configure SW2 EtherChannel mode to auto.
Explanation: The EtherChannel mode must be compatible on each side for the link to work. The three modes
from PAgP protocol are on, desirable, and auto. The three modes from LACP protocol are on, active, and
passive. The compatible modes include on-on, auto-desirable, desirable-desirable, active-passive, and active-
active. Any other combinations will not form an EtherChannel link.
26. A network administrator configured an EtherChannel link with three interfaces between two switches.
What is the result if one of the three interfaces is down?
 The remaining two interfaces continue to load balance traffic.
 The remaining two interfaces become separate links between the two switches.
 One interface becomes an active link for data traffic and the other becomes a backup link.
 The EtherChannel fails.
Explanation: EtherChannel creates an aggregation that is seen as one logical link. It provides redundancy
because the overall link is one logical connection. The loss of one physical link within the channel does not
create a change in the topology; the EtherChannel remains functional.
27. A network administrator is configuring an EtherChannel link between switches SW1 and SW2 by using
the command SW1(config-if-range)# channel-group 1 mode auto . Which command must be used on SW2 to
enable this EtherChannel?
 SW2(config-if-range)# channel-group 1 mode passive
 SW2(config-if-range)# channel-group 1 mode desirable
 SW2(config-if-range)# channel-group 1 mode on
 SW2(config-if-range)# channel-group 1 mode active
Explanation: The possible combinations to establish an EtherChannel between SW1 and SW2 using LACP or
PAgP are as follows:
PAgP
on on
auto desirable
desirable desirable
LACP
on on
active active
passive active
The EtherChannel mode chosen on each side of the EtherChannel must be compatible in order to enable it.
28. Which technology is an open protocol standard that allows switches to automatically bundle physical ports
into a single logical link?
 PAgP
 LACP
 Multilink PPP
 DTP
Explanation: LACP, or Link Aggregation Control Protocol, is defined by IEEE 802.3ad and is an open
standard protocol. LACP allows switches to automatically bundle switch ports into a single logical link to
increase bandwidth. PAgP, or Port Aggregation Protocol, performs a similar function, but it is a Cisco
proprietary protocol. DTP is Dynamic Trunking Protocol and is used to automatically and dynamically build
trunks between switches. Multilink PPP is used to load-balance PPP traffic across multiple serial interfaces.
29. What is a requirement to configure a trunking EtherChannel between two switches?
 The allowed range of VLANs must be the same on both switches.
 The participating interfaces must be assigned the same VLAN number on both switches.
 The participating interfaces must be physically contiguous on a switch.
 The participating interfaces must be on the same module on a switch.
Explanation: To enable a trunking EtherChannel successfully, the range of VLANs allowed on all the
interfaces must match; otherwise, the EtherChannel cannot be formed. The interfaces involved in an
EtherChannel do not have to be physically contiguous, or on the same module. Because the EtherChannel is a
trunking one, participating interfaces are configured as trunk mode, not access mode.
30. What are two advantages of using LACP? (Choose two.)
 It allows directly connected switches to negotiate an EtherChannel link.
 It eliminates the need for configuring trunk interfaces when deploying VLANs on multiple
switches.
 It decreases the amount of configuration that is needed on a switch.
 It provides a simulated environment for testing link aggregation.
 It allows the use of multivendor devices.
 LACP allows Fast Ethernet and Gigabit Ethernet interfaces to be mixed within a single
EtherChannel.
Explanation: The Link Aggregation Control Protocol (LACP) allows directly connected multivendor switches
to negotiate an EtherChannel link. LACP helps create the EtherChannel link by detecting the configuration of
each side and making sure that they are compatible so that the EtherChannel link can be enabled when
needed.
31. A switch is configured to run STP. What term describes a non-root port that is permitted to forward traffic
on the network?
 root port
 designated port
 alternate port
 disabled
32. What are two advantages of EtherChannel? (Choose two.)
 Spanning Tree Protocol views the physical links in an EtherChannel as one logical connection.
 Load balancing occurs between links configured as different EtherChannels.
 Configuring the EtherChannel interface provides consistency in the configuration of the physical
links.
 Spanning Tree Protocol ensures redundancy by transitioning failed interfaces in an EtherChannel
to a forwarding state.
 EtherChannel uses upgraded physical links to provide increased bandwidth.
Explanation: EtherChannel configuration of one logical interface ensures configuration consistency across the
physical links in the EtherChannel. The EtherChannel provides increased bandwidth using existing switch
ports without requiring any upgrades to the physical interfaces. Load balancing methods are implemented
between links that are part of the same Etherchannel. Because EtherChannel views the bundled physical links
as one logical connection, spanning tree recalculation is not required if one of the bundled physical links fail.
If a physical interface fails, STP cannot transition the failed interface into a forwarding state.
33. Refer to the exhibit. What are the possible port roles for ports A, B, C, and D in this RSTP-enabled
network?
 Modules 5 – 6: Redundant Networks Exam 33
 alternate, designated, root, root
 designated, alternate, root, root
 alternate, root, designated, root
 designated, root, alternate, root
Explanation: Because S1 is the root bridge, B is a designated port, and C and D root ports. RSTP supports a
new port type, alternate port in discarding state, that can be port A in this scenario.
34. Refer to the exhibit. Which switching technology would allow each access layer switch link to be
aggregated to provide more bandwidth between each Layer 2 switch and the Layer 3 switch?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 02

 trunking
 HSRP
 PortFast
 EtherChannel
Explanation: PortFast is used to reduce the amount of time that a port spends going through the spanning-tree
algorithm, so that devices can start sending data sooner. Trunking can be implemented in conjunction with
EtherChannel, but trunking alone does not aggregate switch links. HSRP is used to load-balance traffic across
two different connections to Layer 3 devices for default gateway redundancy. HSRP does not aggregate links
at either Layer 2 or Layer 3 as EtherChannel does.
35. Refer to the exhibit. An administrator wants to form an EtherChannel between the two switches by using
the Port Aggregation Protocol. If switch S1 is configured to be in auto mode, which mode should be
configured on S2 to form the EtherChannel?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 06

 auto
 on
 off
 desirable
Explanation: An EtherChannel will be formed via PAgP when both switches are in on mode or when one of
them is in auto or desirable mode and the other is in desirable mode.
36. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
Which set of configuration commands issued on SW1 will successfully complete the EtherChannel link
between SW1 and SW2?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 36

 interface GigabitEthernet0/1
no shutdown
 interface Port-channel 1
no shutdown
 interface GigabitEthernet0/2
channel-group 2 mode desirable
 interface GigabitEthernet0/1
channel-group 1 mode desirable
Explanation: Issuing the show running-configuration command on SW1 shows that interface
GigabitEthernet0/1 is missing the channel-group 1 mode desirable command which will compete the
EtherChannel configuration for interface GigabitEthernet0/1 and interface GigabitEthernet0/2.
37. A set of switches is being connected in a LAN topology. Which STP bridge priority value will make it
least likely for the switch to be selected as the root?
 65535
 4096
 32768
 61440
Explanation: The STP bridge priority is a two byte number, but it can only be customized in increments of
4096. The smaller number is preferred, but the largest usable priority value is 61440.
38. In which two PVST+ port states are MAC addresses learned? (Choose two.)
 learning
 forwarding
 disabled
 listening
 blocking
Explanation: The two PVST+ port states during which MAC addresses are learned and populate the MAC
address table are the learning and the forwarding states.
39. Which port role is assigned to the switch port that has the lowest cost to reach the root bridge?
 designated port
 disabled port
 root port
 non-designated port
Explanation: The root port on a switch is the port with the lowest cost to reach the root bridge.
40. A switch is configured to run STP. What term describes the switch port closest, in terms of overall cost, to
the root bridge?
 root port
 designated port
 alternate port
 disabled
42. A switch is configured to run STP. What term describes a field used to specify a VLAN ID?
 extended system ID
 port ID
 bridge priority
 bridge ID
43. A switch is configured to run STP. What term describes the reference point for all path calculations?
 root bridge
 root port
 designated port
 alternate port
44. A switch is configured to run STP. What term describes a field that has a default value of 32,768 and is
the initial deciding factor when electing a root bridge?
 bridge priority
 MAC Address
 extended system ID
 bridge ID
45. Which statement describes an EtherChannel implementation?
 EtherChannel operates only at Layer 2.
 PAgP cannot be used in conjunction with EtherChannel.
 A trunked port can be part of an EtherChannel bundle.
 EtherChannel can support up to a maximum of ten separate links.
Explanation: Up to 16 links can be grouped in an EtherChannel by using the the PAgP or LACP protocol.
EtherChannel can be configured as a Layer 2 bundle or a Layer 3 bundle. Configuring a Layer 3 bundle is
beyond the scope of this course. If a trunked port is a part of the EtherChannel bundle, all ports in the bundle
need to be trunk ports and the native VLAN must be the same on all of these ports. A best practice is to apply
the configuration to the port channel interface. The configuration is then automatically applied to the
individual ports.
46. Refer to the exhibit. A network administrator issued the show etherchannel summary command on the
switch S1. What conclusion can be drawn?

CCNA2 v7 SRWE – Modules 5 – 6 Redundant Networks Exam Answers

 The EtherChannel is suspended.
 The EtherChannel is not functional.
 The port aggregation protocol PAgP is misconfigured.
 FastEthernet ports Fa0/1, Fa0/2, and Fa0/3 do not join the EtherChannel.
Explanation: The EtherChannel status shows as (SD), which means it is a Layer 2 EtherChannel with a status
of D or down. Because the EtherChannel is down, the status of the interfaces in the channel group is stand-
alone. PAgP is configured on S1, but there is no indication whether it is configured correctly on S1. The
problem might also be the adjacent switch EtherChannel configuration.
47. Which statement describes a characteristic of EtherChannel?
 It can combine up to a maximum of 4 physical links.
 It can bundle mixed types of 100 Mb/s and 1Gb/s Ethernet links.
 It consists of multiple parallel links between a switch and a router.
 It is made by combining multiple physical links that are seen as one link between two switches.
Explanation: An EtherChannel is formed by combining multiple (same type) Ethernet physical links so they
are seen and configured as one logical link. It provides an aggregated link between two switches. Currently
each EtherChannel can consist of up to eight compatibly configured Ethernet ports.
48. Which two channel group modes would place an interface in a negotiating state using PAgP? (Choose
two.)
 on
 desirable
 active
 auto
 passive
Explanation: There are three modes available when configuring an interface for PAgP: on, desirable, and auto.
Only desirable and auto place the interface in a negotiating state. The active and passive states are used to
configure LACP and not PAgP.
49. Which mode configuration setting would allow formation of an EtherChannel link between switches SW1
and SW2 without sending negotiation traffic?
SW1: on
SW2: on
SW1: desirable
SW2: desirable
SW1: auto
SW2: auto
trunking enabled on both switches
SW1: auto
SW2: auto
PortFast enabled on both switches
SW1: passive
SW2: active
Explanation: The auto channel-group keyword enables PAgP only if a PAgP device is detected on the
opposite side of the link. If the auto keyword is used, the only way to form an EtherChannel link is if the
opposite connected device is configured with the desirable keyword. PortFast and trunking technologies are
irrelevant to forming an EtherChannel link. Even though an EtherChannel can be formed if both sides are
configured in desirable mode, PAgP is active and PAgP messages are being sent constantly across the link,
decreasing the amount of bandwidth available for user traffic.
50. Refer to the exhibit. An EtherChannel was configured between switches S1 and S2, but the interfaces do
not form an EtherChannel. What is the problem?

CCNA2 v7 SRWE – Modules 5 – 6 Redundant Networks Exam Answers 50

 The interface port-channel number has to be different on each switch.
 The switch ports were not configured with speed and duplex mode.
 The switch ports have to be configured as access ports with each port having a VLAN assigned.
 The EtherChannel was not configured with the same allowed range of VLANs on each interface.
51. When EtherChannel is configured, which mode will force an interface into a port channel without
exchanging aggregation protocol packets?
 active
 auto
 on
 desirable
Explanation: For both LACP and PAgP, the “on” mode will force an interface into an EtherChannel without
exchanging protocol packets.
52. What are two load-balancing methods in the EtherChannel technology? (Choose two.)
 combination of source port and IP to destination port and IP
 source IP to destination IP
 source port to destination port
 combination of source MAC and IP to destination MAC and IP
 source MAC to destination MAC
Explanation: Depending on the hardware platform, one or more load-balancing methods can be implemented.
These methods include source MAC to destination MAC load balancing or source IP to destination IP load
balancing, across the physical links.
53. Which protocol provides up to 16 instances of RSTP, combines many VLANs with the same physical and
logical topology into a common RSTP instance, and provides support for PortFast, BPDU guard, BPDU filter,
root guard, and loop guard?
 STP
 Rapid PVST+
 PVST+
 MST
Explanation: MST is the Cisco implementation of MSTP, an IEEE standard protocol that provides up to 16
instances of RSTP and combines many VLANs with the same physical and logical topology into a common
RSTP instance. Each instance supports PortFast, BPDU guard, BPDU filter, root guard, and loop guard. STP
and RSTP assume only one spanning-tree instance for the entire bridged network, regardless of the number of
VLANs. PVST+ provides a separate 802.1D spanning-tree instance for each VLAN that is configured in the
network.
54. What is the outcome of a Layer 2 broadcast storm?
 Routers will take over the forwarding of frames as switches become congested.
 New traffic is discarded by the switch because it is unable to be processed.
 CSMA/CD will cause each host to continue transmitting frames.
 ARP broadcast requests are returned to the transmitting host.
Explanation: When the network is saturated with broadcast traffic that is looping between switches, new
traffic is discarded by each switch because it is unable to be processed.
55. Which two network design features require Spanning Tree Protocol (STP) to ensure correct network
operation? (Choose two.)
 static default routes
 implementing VLANs to contain broadcasts
 redundant links between Layer 2 switches
 link-state dynamic routing that provides redundant routes
 removing single points of failure with multiple Layer 2 switches
Explanation: Spanning Tree Protocol (STP) is required to ensure correct network operation when designing a
network with multiple interconnected Layer 2 switches or using redundant links to eliminate single points of
failure between Layer 2 switches. Routing is a Layer 3 function and does not relate to STP. VLANs do reduce
the number of broadcast domains but relate to Layer 3 subnets, not STP.
56. A network administrator has configured an EtherChannel between two switches that are connected via
four trunk links. If the physical interface for one of the trunk links changes to a down state, what happens to
the EtherChannel?
 Spanning Tree Protocol will transition the failed physical interface into forwarding mode.
 Spanning Tree Protocol will recalculate the remaining trunk links.
 The EtherChannel will transition to a down state.
 The EtherChannel will remain functional.
Switching, Routing, and Wireless Essentials (Version 7.00) – Available and Reliable
Networks Exam
1. A DHCP-enabled client PC has just booted. During which two steps will the client PC use broadcast
messages when communicating with a DHCP server? (Choose two.)
 DHCPDISCOVER
 DHCPACK
 DHCPOFFER
 DHCPREQUEST
 DHCPNAK
Explanation: All DHCP messages between a DHCP-enabled client and a DHCP server are using broadcast
messages until after the DHCPACK message. The DHCPDISCOVER and DHCPREQUEST messages are the
only messages that are sent by a DHCP-enabled client. All DHCP messages between a DHCP-enabled client
and a DHCP server use broadcast messages when the client is obtaining a lease for the first time.
2. An administrator issues the commands:

Router(config)# interface g0/1

Router(config-if)# ip address dhcp

What is the administrator trying to achieve?

 configuring the router to act as a DHCPv4 server
 configuring the router to obtain IP parameters from a DHCPv4 server
 configuring the router to act as a relay agent
 configuring the router to resolve IP address conflicts
3. When a client is requesting an initial address lease from a DHCP server, why is the DHCPREQUEST
message sent as a broadcast?
 The client does not yet know the IP address of the DHCP server that sent the offer.
 The DHCP server may be on a different subnet, so the request must be sent as a broadcast.
 The client does not have a MAC address assigned yet, so it cannot send a unicast message at Layer
2.
 The client may have received offers from multiple servers, and the broadcast serves to implicitly
decline those other offers.
Explanation: During the initial DHCP exchange between a client and server, the client broadcasts a
DHCPDISCOVER message looking for DHCP servers. Multiple servers may be configured to respond to this
request with DHCPOFFER messages. The client will choose the lease from one of the servers by sending a
DHCPREQUEST message. It sends this message as a broadcast so that the other DHCP servers that sent
offers will know that their offers were declined and the corresponding address can go back into the pool.
4. Which DHCP IPv4 message contains the following information?
Destination address: 255.255.255.255
Client IPv4 address: 0.0.0.0
Default gateway address: 0.0.0.0
Subnet mask: 0.0.0.0
 DHCPACK
 DHCPDISCOVER
 DHCPOFFER
 DHCPREQUEST
5. Place the options in the following order:
 a client initiating a message to find a DHCP server – DHCPDISCOVER
 a DHCP server responding to the initial request by a client – DHCPOFFER
 the client accepting the IP address provided by the DHCP server – DHCPREQUEST
 the DHCP server confirming that the lease has been accepted – DHCPACK
6. Which protocol automates assignment of IP addresses on a network, and which port number does it use?
(Choose two.)
 DHCP
 DNS
 SMB
 53
 67
 80
Explanation: DNS uses port 53 and translates URLs to IP addresses. SMB provides shared access to files and
printers and uses port 445. Port 80 is used by HTTP. HTTP is a protocol used to communicate between a web
browser and a server.
7. Refer to the exhibit. PC1 is configured to obtain a dynamic IP address from the DHCP server. PC1 has been
shut down for two weeks. When PC1 boots and tries to request an available IP address, which destination IP
address will PC1 place in the IP header?

 192.168.1.1
 192.168.1.255
 255.255.255.255
 192.168.1.8
Explanation: When a host boots and has been configured for dynamic IP addressing, the device tries to obtain
a valid IP address. It sends a DHCPDISCOVER message. This is a broadcast message because the DHCP
server address is unknown (by design). The destination IP address in the IP header is 255.255.255.255 and the
destination MAC address is FF:FF:FF:FF:FF:FF.
8. Which message does an IPv4 host use to reply when it receives a DHCPOFFER message from a DHCP
server?
 DHCPOFFER
 DHCPDISCOVER
 DHCPREQUEST
 DHCPACK
Explanation: When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST
broadcast message. On receiving the DHCPREQUEST message, the server replies with a unicast DHCPACK
message.
9. Which command, when issued in the interface configuration mode of a router, enables the interface to
acquire an IPv4 address automatically from an ISP, when that link to the ISP is enabled?
 service dhcp
 ip address dhcp
 ip helper-address
 ip dhcp pool
Explanation: The ip address dhcp interface configuration command configures an Ethernet interface as a
DHCP client. The service dhcp global configuration command enables the DHCPv4 server process on the
router. The ip helper-address command is issued to enable DHCP relay on the router. The ip dhcp
pool command creates the name of a pool of addresses that the server can assign to hosts.
10. Which kind of message is sent by a DHCP client when its IP address lease has expired?
 a DHCPDISCOVER unicast message
 a DHCPREQUEST broadcast message
 a DHCPREQUEST unicast message
 a DHCPDISCOVER broadcast message
Explanation: When the IP address lease time of the DHCP client expires, it sends a DHCPREQUEST unicast
message directly to the DHCPv4 server that originally offered the IPv4 address.
11. A host PC is attempting to lease an address through DHCP. What message is sent by the server to let the
client know it is able to use the provided IP information?
 DHCPDISCOVER
 DHCPOFFER
 DHCPREQUEST
 DHCPACK
  DHCPNACK
Explanation: When a host uses DHCP to automatically configure an IP address, the typically sends two
messages: the DHCPDISCOVER message and the DHCPREQUEST message. These two messages are
usually sent as broadcasts to ensure that all DHCP servers receive them. The servers respond to these
messages using DHCPOFFER, DHCPACK, and DHCPNACK messages, depending on the circumstance.
12. What is one indication that a Windows computer did not receive an IPv4 address from a DHCP server?
 The computer cannot ping 127.0.0.1.
 The computer receives an IP address that starts with 169.254.
 Windows displays a DHCP timeout message.
 The computer cannot ping other devices on the same network with IP addresses in the
169.254.0.0/16 range.
Explanation: When a Windows PC cannot communicate with an IPv4 DHCP server, the computer
automatically assigns an IP address in the 169.254.0.0/16 range. Any other device on the same network that
receives an address in the same range is reachable.
13. Which DHCPv4 message will a client send to accept an IPv4 address that is offered by a DHCP server?
 broadcast DHCPACK
 broadcast DHCPREQUEST
 unicast DHCPACK
 unicast DHCPREQUEST
Explanation: When a DHCP client receives DHCPOFFER messages, it will send a broadcast
DHCPREQUEST message for two purposes. First, it indicates to the offering DHCP server that it would like
to accept the offer and bind the IP address. Second, it notifies any other responding DHCP servers that their
offers are declined.
14. A small coffee shop is offering free Wi-Fi to customers. The network includes a wireless router and a DSL
modem that is connected to the local phone company. What method is typically used to configure the
connection to the phone company?
 Set the WAN connection in the wireless router as a DHCP client.
 Set the connection between the wireless router and the DSL modem as a private IP network.
 Set the DSL modem as a DHCP client to get a public IP address from the wireless router.
 Set the DSL modem as a DHCP client to the phone company and a DHCP server for the internal
connection.
Explanation: In a SOHO environment, a wireless router connects to an ISP via a DSL or cable modem. The IP
address between the wireless router and ISP site is typically assigned by the ISP through DHCP. The DSL
modem does not manage IP address allocation.
15. A company uses DHCP to manage IP address deployment for employee workstations. The IT department
deploys multiple DHCP servers in the data center and uses DHCP relay agents to facilitate the DHCP requests
from workstations. Which two UDP ports are used to forward DHCP traffic? (Choose two.)
 23
 53
 67
 68
 80
Explanation: The DHCP protocol operates with 2 UDP ports. UDP port 67 is the destination port for DHCP
servers, and DHCP clients use UDP port 68.
16. A client device on an Ethernet segment needs an IP address in order to communicate on the network. A
DHCP server with IP address 192.168.1.1 has been configured and enabled on the network. How will a client
device obtain a usable IP address for this network?
 Send a DHCPACK packet to the default gateway address.
 Use a statically configured IP address from the pool of IP addresses that is offered by the DHCP
server.
 Send a DHCPDISCOVER message to physical address FF-FF-FF-FF-FF-FF.
 Send a DHCPREQUEST packet to IP address 255.255.255.255.
Explanation: Like IP addressing, there is also a special MAC address for broadcast purposes: FF-FF-FF-FF-
FF-FF. When a DHCP client needs to send a DHCP Discover message in order to seek DHCP servers, the
client will use this MAC address as the destination MAC address in the Ethernet frame. It does this because it
has no knowledge of the IP and MAC addresses of DHCP servers.
17. What is an advantage of configuring a Cisco router as a relay agent?
 It can provide relay services for multiple UDP services.
 It reduces the response time from a DHCP server.
 It can forward both broadcast and multicast messages on behalf of clients.
 It will allow DHCPDISCOVER messages to pass without alteration.
Explanation: By default, the ip helper-address command forwards the following eight UDP services:
Port 37: Time
Port 49: TACACS
Port 53: DNS
Port 67: DHCP/BOOTP client
Port 68: DHCP/BOOTP server
Port 69: TFTP
Port 137: NetBIOS name service
Port 138: NetBIOS datagram service
18. Which statement is true about DHCP operation?
 When a device that is configured to use DHCP boots, the client broadcasts a DHCPDISCOVER
message to identify any available DHCP servers on the network.
 A client must wait for lease expiration before it sends another DHCPREQUEST message.
 If the client receives several DHCPOFFER messages from different servers, it sends a unicast
DHCPREQUEST message to the server from which it chooses to obtain the IP information.
 The DHCPDISCOVER message contains the IP address and subnet mask to be assigned, the IP
address of the DNS server, and the IP address of the default gateway.
Explanation: The client broadcasts a DHCPDISCOVER message to identify any available DHCP servers on
the network. A DHCP server replies with a DHCPOFFER message. This message offers to the client a lease
that contains such information as the IP address and subnet mask to be assigned, the IP address of the DNS
server, and the IP address of the default gateway. After the client receives the lease, the received information
must be renewed through another DHCPREQUEST message prior to the lease expiration.
19. Order the DHCP message types as they would occur between a DHCP client and a DHCP server.

Explanation: The DHCPDISCOVER message is used to identify any DHCP servers on a network.
The DHCPOFFER message is used by a server to offer a lease to a client. The DHCPREQUEST message is
used to identify both the specific DHCP server and the lease that the client is accepting.
The DHCPACK message is used by a server to finalize a successful lease with a client.
The DHCPNAK message is used when an offered lease is no longer valid.
20. A network administrator configures a router to send RA messages with M flag as 0 and O flag as 1. Which
statement describes the effect of this configuration when a PC tries to configure its IPv6 address?
 It should contact a DHCPv6 server for the prefix, the prefix-length information, and an interface
ID that is both random and unique.
 It should use the information that is contained in the RA message and contact a DHCPv6 server for
additional information.
 It should use the information that is contained in the RA message exclusively.
 It should contact a DHCPv6 server for all the information that it needs.
Explanation: ICMPv6 RA messages contain two flags to indicate whether a workstation should use SLAAC, a
DHCPv6 server, or a combination to configure its IPv6 address. These two flags are M flag and O flag. When
both flags are 0 (by default), a client must only use the information in the RA message. When M flag is 0 and
O flag is 1, a client should use the information in the RA message and look for the other configuration
parameters (such as DNS server addresses) on DHCPv6 servers.
21. Refer to the exhibit. What should be done to allow PC-A to receive an IPv6 address from the DHCPv6
server?
  Add the ipv6 dhcp relay command to interface Fa0/0.
 Change the ipv6 nd managed-config-flag command to ipv6 nd other-config-flag.
 Configure the ipv6 nd managed-config-flag command on interface Fa0/1.
 Add the IPv6 address 2001:DB8:1234:5678::10/64 to the interface configuration of the DHCPv6
server.
Explanation: Client DHCPv6 messages are sent to a multicast address with link-local scope, which means that
the messages will not be forwarded by routers. Because the client and server are on different subnets on
different interfaces, the message will not reach the server. The router can be configured to relay the DHCPv6
messages from the client to the server by configuring the ipv6 dhcp relay command on the interface that is
connected to the client.
22. Refer to the exhibit. A network administrator is implementing the stateless DHCPv6 operation for the
company. Clients are configuring IPv6 addresses as expected. However, the clients are not getting the DNS
server address and the domain name information configured in the DHCP pool. What could be the cause of
the problem?

 The DNS server address is not on the same network as the clients are on.
 The router is configured for SLAAC operation.
 The GigabitEthernet interface is not activated.
 The clients cannot communicate with the DHCPv6 server, evidenced by the number of active
clients being 0.
Explanation: The router is configured for SLAAC operation because there is no configuration command to
change the RA M and O flag value. By default, both M and O flags are set to 0. In order to permint stateless
DHCPv6 operation, the interface command ipv6 nd other-config-flag should be issued. The GigabitEthernet
interface is in working condition because clients can get RA messages and configure their IPv6 addresses as
expected. Also, the fact that R1 is the DHCPv6 server and clients are getting RA messages indicates that
clients can communicate with the DHCP server. The number of active clients is 0 because the DHCPv6 server
does not maintain the state of clients IPv6 addresses (it is not configured for stateful DHCPv6 operation). The
DNS server address issue is not relevant to the problem.
23. Question as presented:
A stateless DHCPv6 client would send a DHCPv6 INFORMATION-REQUEST message as step 3 in the
process.
24. A company uses the SLAAC method to configure IPv6 addresses for the employee workstations. Which
address will a client use as its default gateway?
 the global unicast address of the router interface that is attached to the network
 the unique local address of the router interface that is attached to the network
 the all-routers multicast address
 the link-local address of the router interface that is attached to the network
Explanation: When a PC is configured to use the SLAAC method for configuring IPv6 addresses, it will use
the prefix and prefix-length information that is contained in the RA message, combined with a 64-bit interface
ID (obtained by using the EUI-64 process or by using a random number that is generated by the client
operating system), to form an IPv6 address. It uses the link-local address of the router interface that is attached
to the LAN segment as its IPv6 default gateway address.
25. Refer to the exhibit. A network administrator is configuring a router for DHCPv6 operation. Which
conclusion can be drawn based on the commands?

 The router is configured for stateful DHCPv6 operation, but the DHCP pool configuration is
incomplete.
 The DHCPv6 server name is ACAD_CLASS.
 Clients would configure the interface IDs above 0010.
 The router is configured for stateless DHCPv6 operation.
Explanation: The DHCPv6 is for the stateless DHCPv6 operation that is indicated by changing the O flag to 1
and leaving the M flag as default, which is 0. Therefore, it is not configured for stateful DHCPv6 operation.
Although the DNS server has the interface ID 0010, clients in stateless DHCPv6 operation will configure their
interface IDs either by EUI-64 or a random number. The ACAD_CLASS is the name of the DHCP pool, not
the DHCP server name.
26. A network administrator is analyzing the features that are supported by different first-hop router
redundancy protocols. Which statement describes a feature that is associated with HSRP?
 HSRP uses active and standby routers.
 HSRP is nonproprietary.
 It allows load balancing between a group of redundant routers.
 It uses ICMP messages in order to assign the default gateway to hosts.
Explanation: The HSRP first-hop router redundancy protocol is Cisco proprietary and supports standby and
active devices. VRRPv2 and VRRPv3 are nonproprietary. GLBP is Cisco proprietary and supports load
balancing between a group of redundant routers.
27. Refer to the exhibit. What protocol can be configured on gateway routers R1 and R2 that will allow traffic
from the internal LAN to be load balanced across the two gateways to the Internet?

 GLBP
 PVST+
 PVST
 STP
Explanation: GLBP, or Group Load Balancing Protocol, allows multiple routers to act as a single default
gateway for hosts. GLBP load balances the traffic across the individual routers on a per host basis.
28. Refer to the exhibit. A network engineer is troubleshooting host connectivity on a LAN that uses a first
hop redundancy protocol. Which IPv4 gateway address should be configured on the host?

 192.168.2.0
 192.168.2.1
 192.168.2.2
 192.168.2.100
Explanation: The host default gateway address should be the FHRP (in this case GLBP) virtual IP address.
29. Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to
the default gateway?

 MAC address of the virtual router

 MAC address of the standby router
 MAC addresses of both the forwarding and standby routers
 MAC address of the forwarding router
Explanation: The IP address of the virtual router acts as the default gateway for all the workstations.
Therefore, the MAC address that is returned by the Address Resolution Protocol to the workstation will be the
MAC address of the virtual router.
30. Question as presented:
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow for transparent
failover of a first-hop IPv4 device.
31. Which FHRP implementation is a Cisco-proprietary protocol that suppports IPv4 load sharing?
 IRDP
  GLBP
 VRRPv3
 GLBP for IPv6
32. The address pool of a DHCP server is configured with 10.92.71.0/25. The network administrator reserves
8 IP addresses for servers. How many IP addresses are left in the pool to be assigned to other hosts?
 122
 118
 119
 108
 116
Explanation: Calculate the maximum number of hosts available for the slash value and subtract the required
static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts
33. Question as presented:
The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the DHCPv4 server
receives a DHCPDISCOVER message, it reserves an available IPv4 address to lease to the client and sends
the unicast DHCPOFFER message to the requesting client. When the client receives the DHCPOFFER from
the server, it sends back a DHCPREQUEST. On receiving the DHCPREQUEST message the server replies
with a unicast DHCPACK message. DHCPREPLY and DHCPINFORMATION-REQUEST are DHCPv6
messages.
34. After a host has generated an IPv6 address by using the DHCPv6 or SLAAC process, how does the host
verify that the address is unique and therefore usable?
 The host sends an ICMPv6 echo request message to the DHCPv6 or SLAAC-learned address and
if no reply is returned, the address is considered unique.
 The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address
and if no neighbor advertisement is returned, the address is considered unique.
 The host checks the local neighbor cache for the learned address and if the address is not cached, it
it considered unique.
 The host sends an ARP broadcast to the local link and if no hosts send a reply, the address is
considered unique.
Explanation: Before a host can actually configure and use an IPv6 address learned through SLAAC or DHCP,
the host must verify that no other host is already using that address. To verify that the address is indeed
unique, the host sends an ICMPv6 neighbor solicitation to the address. If no neighbor advertisement is
returned, the host considers the address to be unique and configures it on the interface.
35. Which statement describes HSRP?
 It is used within a group of routers for selecting an active device and a standby device to provide
gateway services to a LAN.
 It uses ICMP to allow IPv4 hosts to locate routers that provide IPv4 connectivity to remote IP
networks.
 If the virtual router master fails, one router is elected as the virtual router master with the other
routers acting as backups.
 It is an open standard protocol.
Explanation: It is VRRP that elects one router as the virtual router master, with the other routers acting as
backups in case the virtual router master fails. HSRP is a Cisco-proprietary protocol. IRDP uses ICMP
messages to allow IPv4 hosts to locate routers that provide IPv4 connectivity to other (nonlocal) IP networks.
HSRP selects active and standby routers to provide gateway services to hosts on a LAN.
36.Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

What is the keyword that is displayed on www.netacad.com?

 DHCP
 switch
 Router
 networking
 Cisco
 IPv6
Explanation: In order for the host to receive the address of the DNS server, the host must use stateless
DHCPv6. The router is configured with the correct DHCPv6 pool, but is missing the command ipv6 nd other-
config-flag that signals to the host that it should use DHCPv6 to get additional address information. This
command should be added to the interface Gigabit0/0 configuration on the router.
37. Match each DHCP message type with its description. (Not all options are used.)

Explanation: Place the options in the following order:

 a client initiating a message to find a DHCP server – DHCPDISCOVER
 a DHCP server responding to the initial request by a client – DHCPOFFER
 the client accepting the IP address provided by the DHCP server – DHCPREQUEST
 the DHCP server confirming that the lease has been accepted – DHCPACK
38. Match the purpose with its DHCP message type. (Not all options are used.)

Explanation: The DHCPDISCOVER message is used to identify any DHCP servers on a network. The
DHCPOFFER message is used by a server to offer a lease to a client. The DHCPREQUEST message is used
to identify both the specific DHCP server and the lease that the client is accepting.
The DHCPACK message is used by a server to finalize a successful lease with a client.
The DHCPNAK message is used when an offered lease is no longer valid.
39. Match the DHCP message types to the order of the stateful DHCPv6 process when a client first connects
to an IPv6 network. (Not all options are used.)

40. Match the step number to the sequence of stages that occur during the HSRP failover process. (Not all
options are used.)

Explanation: Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow
for transparent failover of a first-hop IPv4 device.
41. Match the FHRP protocols to the appropriate description. (Not all options are used.)

42. Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)

Explanation: The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the
DHCPv4 server receives a DHCPDISCOVER message, it reserves an available IPv4 address to lease to the
client and sends the unicast DHCPOFFER message to the requesting client. When the client receives the
DHCPOFFER from the server, it sends back a DHCPREQUEST. On receiving the DHCPREQUEST message
the server replies with a unicast DHCPACK message. DHCPREPLY and DHCPINFORMATION-REQUEST
are DHCPv6 messages.
43. The address pool of a DHCP server is configured with 192.168.234.0/27. The network administrator
reserves 22 IP addresses for IP phones. How many IP addresses are left in the pool to be assigned to other
hosts?
 10
 0
 8
 21
 18
Explanation: Calculate the maximum number of hosts available for the slash value and subtract the required
static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts
44. A company uses DHCP servers to dynamically assign IPv4 addresses to employee workstations. The
address lease duration is set as 5 days. An employee returns to the office after an absence of one week. When
the employee boots the workstation, it sends a message to obtain an IP address. Which Layer 2 and Layer 3
destination addresses will the message contain?
 both MAC and IPv4 addresses of the DHCP server
 FF-FF-FF-FF-FF-FF and IPv4 address of the DHCP server
 FF-FF-FF-FF-FF-FF and 255.255.255.255
 MAC address of the DHCP server and 255.255.255.255
Explanation:When the lease of a dynamically assigned IPv4 address has expired, a workstation will send a
DHCPDISCOVER message to start the process of obtaining a valid IP address. Because the workstation does
not know the addresses of DHCP servers, it sends the message via broadcast, with destination addresses of
FF-FF-FF-FF-FF-FF and 255.255.255.255.
45. Which command will allow a network administrator to check the IP address that is assigned to a particular
MAC address?
 Router# show running-config I section_dhcp
 Router# show ip dhcp server statistics
 Router# show ip dhcp binding
 Router# show ip dhcp pool
Explanation: The show ip dhcp binding command will show the leases, including IP addresses, MAC addresses,
lease expiration, type of lease, client ID, and user name.
46. What is the reason that an ISP commonly assigns a DHCP address to a wireless router in a SOHO
environment?
 better network performance
 better connectivity
 easy IP address management
 easy configuration on ISP firewall
Explanation:In a SOHO environment, a wireless router connects to the ISP via a DSL or cable modem. The IP
address between the wireless router and ISP site is typically assigned by the ISP through DHCP. This method
facilitates the IP addressing management in that IP addresses for clients are dynamically assigned so that if a
client is dropped, the assigned IP address can be easily reassigned to another client.
47. What information can be verified through the show ip dhcp binding command?
 the IPv4 addresses that are assigned to hosts by the DHCP server
 that DHCPv4 discover messages are still being received by the DHCP server
 the IPv4 addresses that have been excluded from the DHCPv4 pool
 the number of IP addresses remaining in the DHCP pool
Explanation:The show ip dhcp binding command shows a list of IPv4 addresses and the MAC addresses of the
hosts to which they are assigned. Using this information an administrator can determine which host interfaces
have been assigned to specific hosts.
48. What is the result of a network technician issuing the command ip dhcp excluded-address 10.0.15.1
10.0.15.15 on a Cisco router?
 The Cisco router will exclude only the 10.0.15.1 and 10.0.15.15 IP addresses from being leased to
DHCP clients.
 The Cisco router will exclude 15 IP addresses from being leased to DHCP clients.
 The Cisco router will automatically create a DHCP pool using a /28 mask.
 The Cisco router will allow only the specified IP addresses to be leased to clients.
Explanation: The ip dhcp excluded-address command is followed by the first and the last addresses to be excluded
from being leased to DHCP clients.
49. Match the descriptions to the corresponding DHCPv6 server type. (Not all options are used.)

50. Refer to the exhibit. Based on the output that is shown, what kind of IPv6 addressing is being configured?

CCNA 2 v7 Modules 7 – 9: Available and Reliable Networks Exam Answers

 stateless DHCPv6
 SLAAC
 static link-local
 stateful DHCPv6
Explanation: Stateful DHCPv6 pools are configured with address prefixes for hosts via the address command,
whereas stateless DHCPv6 pools typically only contain information such as DNS server addresses and the
domain name. RA messages that are sent from routers that are configured as stateful DHCPv6 servers have
the M flag set to 1 with the command ipv6 nd managed-config-flag, whereas stateless DHCPv6 servers are indicated
by setting the O flag to 1 with the ipv6 nd other-config-flag command.
51. Which FHRP implementation is a Cisco-proprietary protocol that suppports IPv6 load balancing?
 GLBP
 GLBP for IPv6
 VRRPv3
  VRRPv2
52. Which set of commands will configure a router as a DHCP server that will assign IPv4 addresses to the
192.168.100.0/23 LAN while reserving the first 10 and the last addresses for static assignment?
ip dhcp excluded-address 192.168.100.1 192.168.100.9
ip dhcp excluded-address 192.168.101.254
ip dhcp pool LAN-POOL-100
ip network 192.168.100.0 255.255.254.0
ip default-gateway 192.168.100.1
dhcp pool LAN-POOL-100
ip dhcp excluded-address 192.168.100.1 192.168.100.9
ip dhcp excluded-address 192.168.100.254
network 192.168.100.0 255.255.254.0
default-router 192.168.101.1
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.100.254
ip dhcp pool LAN-POOL-100
network 192.168.100.0 255.255.255.0
ip default-gateway 192.168.100.1
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.101.254
ip dhcp pool LAN-POOL-100
network 192.168.100.0 255.255.254.0
default-router 192.168.100.1
Explanation: The /23 prefix is equivalent to a network mask of 255.255.254.0. The network usable IPv4
address range is 192.168.100.1 to 192.168.101.254 inclusive. The commands dhcp pool, ip default-gateway,
and ip network are not valid DHCP configuration commands.
53. What is a result when the DHCP servers are not operational in a network?
 Workstations are assigned with the IP address 127.0.0.1.
 Workstations are assigned with IP addresses in the 10.0.0.0/8 network.
 Workstations are assigned with IP addresses in the 169.254.0.0/16 network.
 Workstations are assigned with the IP address 0.0.0.0.
Explanation: When workstations are configured with obtaining IP address automatically but DHCP servers
are not available to respond to the requests, a workstation can assign itself an IP addresses from the
169.254.0.0/16 network.
54. A company uses the method SLAAC to configure IPv6 addresses for the workstations of the employees. A
network administrator configured the IPv6 address on the LAN interface of the router. The interface status is
UP. However, the workstations on the LAN segment did not obtain the correct prefix and prefix length. What
else should be configured on the router that is attached to the LAN segment for the workstations to obtain the
information?
R1(config)# ipv6 dhcp pool
R1(config-if)# ipv6 enable
R1(config)# ipv6 unicast-routing
R1(config-if)# ipv6 nd other-config-flag
Explanation: A PC that is configured to use the SLAAC method obtains the IPv6 prefix and prefix length
from a router. When the PC boots, it sends an RS message to inform the routers that it needs the information.
A router sends an RA message that includes the required information. For a router to be able to send RA
messages, it must be enabled as an IPv6 router by the unicast ipv6-routing command in global configuration
mode. The other options are not used to enable IPv6 routing on a router.
55. Which FHRP implementation is a nonproprietary protocol which relies on ICMP to provide IPv4
redundancy?
 VRRPv3
 GLBP for IPv6
 IRDP
 GLBP
56. Refer to the exhibit. PC-A is unable to receive an IPv6 address from the stateful DHCPv6 server. What is
the problem?

 The ipv6 dhcp relay command should be applied to interface Gig0/0.

 The ipv6 nd managed-config-flag should be applied to interface Gig0/1.
 The ipv6 dhcp relay command should use the link-local address of the DHCP server.
 The ipv6 nd managed-config-flag command should be ipv6 nd other-config-flag .
Explanation: The ipv6 dhcp relay command must be applied to the interface where the clients are located.
The ipv6 dhcp relay command can use either the link-local or global unicast address of the DHCPv6 server, or
even a multicast address. The ipv6 nd managed-config-flag indicates to the clients that they should use
stateful DHCPv6 and is also applied to the interface where the clients are located.
57. Refer to the exhibit. A network administrator is configuring a router as a DHCPv6 server. The
administrator issues a show ipv6 dhcp pool command to verify the configuration. Which statement explains
the reason that the number of active clients is 0?

 The default gateway address is not provided in the pool.

 No clients have communicated with the DHCPv6 server yet.
 The IPv6 DHCP pool configuration has no IPv6 address range specified.
 The state is not maintained by the DHCPv6 server under stateless DHCPv6 operation.
Explain:
Under the stateless DHCPv6 configuration, indicated by the command ipv6 nd other-config-flag, the DHCPv6
server does not maintain the state information, because client IPv6 addresses are not managed by the DHCP
server. Because the clients will configure their IPv6 addresses by combining the prefix/prefix-length and a
self-generated interface ID, the ipv6 dhcp pool configuration does not need to specify the valid IPv6 address
range. And because clients will use the link-local address of the router interface as the default gateway
address, the default gateway address is not necessary.
58. Which FHRP implementation is Cisco-proprietary and permits only one router in a group to forward IPv6
packets?
 VRRPv3
 HSRP
 HSRP for IPv6
 VRRPv2
59. Which FHRP implementation is a nonproprietary IPv4-only election protocol which has one master router
per group?
 HSRP for IPv6
 GLBP
 VRRPv2
 VRRPv3
60. The address pool of a DHCP server is configured with 172.18.93.0/25. The network administrator reserves
10 IP addresses for web servers. How many IP addresses are left in the pool to be assigned to other hosts?
 106
 117
 114
 120
 116
Explain:
Calculate the maximum number of hosts available for the slash value and subtract the required static IP
addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts
61. The address pool of a DHCP server is configured with 10.3.2.0/24. The network administrator reserves 3
IP addresses for printers. How many IP addresses are left in the pool to be assigned to other hosts?
 252
 241
 255
 249
 251
Explain: CIDR Subnet Calculator Online
62. The address pool of a DHCP server is configured with 172.23.143.0/26. The network administrator
reserves 14 IP addresses for file servers. How many IP addresses are left in the pool to be assigned to other
hosts?
 58
 48
 50
 61
 40
63. The address pool of a DHCP server is configured with 10.7.30.0/24. The network administrator reserves 5
IP addresses for printers. How many IP addresses are left in the pool to be assigned to other hosts?
 253
 239
 249
 250
 247
Explain: Calculate the maximum number of hosts available for the slash value and subtract the required static
IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts
64. Which FHRP implementation is a nonproprietary IPv4-only election protocol with limited scalability?
 VRRPv2
 GLBP
 GLBP for IPv6
 IRDP
65. The address pool of a DHCP server is configured with 192.168.184.0/26. The network administrator
reserves 18 IP addresses for access points. How many IP addresses are left in the pool to be assigned to other
hosts?
 57
 44
 54
  36
 46
66. The address pool of a DHCP server is configured with 10.19.44.0/24. The network administrator reserves
3 IP addresses for servers. How many IP addresses are left in the pool to be assigned to other hosts?
 255
 252
 241
 251
 249
67. The address pool of a DHCP server is configured with 10.19.44.0/24. The network administrator reserves
6 IP addresses for servers. How many IP addresses are left in the pool to be assigned to other hosts?
 246
 252
 249
 248
 238
68. The address pool of a DHCP server is configured with 172.21.121.0/25. The network administrator
reserves 12 IP addresses for web servers. How many IP addresses are left in the pool to be assigned to other
hosts?
 115
 114
 118
 104
 112
Explanation: Calculate the maximum number of hosts available for the slash value and subtract the required
static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts

Switching, Routing, and Wireless Essentials ( Version 7.00) – L2 Security and WLANs
Exam
1. Which Layer 2 attack will result in legitimate users not getting valid IP addresses?
 ARP spoofing
 DHCP starvation
 IP address spoofing
 MAC address flooding
Explanation: The DHCP starvation attack causes the exhaustion of the IP address pool of a DHCP server
before legitimate users can obtain valid IP addresses.
2. What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
 Disable DTP.
 Disable STP.
 Enable port security.
 Place unused ports in an unused VLAN.
Explanation: A MAC address (CAM) table overflow attack, buffer overflow, and MAC address spoofing can
all be mitigated by configuring port security. A network administrator would typically not want to disable
STP because it prevents Layer 2 loops. DTP is disabled to prevent VLAN hopping. Placing unused ports in an
unused VLAN prevents unauthorized wired connectivity.
3. Which three Cisco products focus on endpoint security solutions? (Choose three.)
 IPS Sensor Appliance
 Web Security Appliance
 Email Security Appliance
 SSL/IPsec VPN Appliance
 Adaptive Security Appliance
 NAC Appliance
Explanation: The primary components of endpoint security solutions are Cisco Email and Web Security
appliances, and Cisco NAC appliance. ASA, SSL/IPsec VPN, and IPS sensor appliances all provide security
solutions that focus on the enterprise network, not on endpoint devices.
4. True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.
 true
 false
5. Which authentication method stores usernames and passwords in the router and is ideal for small networks?
 server-based AAA over TACACS+
 local AAA over RADIUS
 server-based AAA
 local AAA over TACACS+
 local AAA
 server-based AAA over RADIUS
Explanation: In a small network with a few network devices, AAA authentication can be implemented with
the local database and with usernames and passwords stored on the network devices. Authentication using the
TACACS+ or RADIUS protocol will require dedicated ACS servers although this authentication solution
scales well in a large network.
6. What represents a best practice concerning discovery protocols such as CDP and LLDP on network
devices?
 Enable CDP on edge devices, and enable LLDP on interior devices.
 Use the open standard LLDP rather than CDP.
 Use the default router settings for CDP and LLDP.
 Disable both protocols on all interfaces where they are not required.
Explanation: Both discovery protocols can provide hackers with sensitive network information. They should
not be enabled on edge devices, and should be disabled globally or on a per-interface basis if not required.
CDP is enabled by default.
7. Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network
devices?
 SNMP
 TFTP
 SSH
 SCP
Explanation: Telnet uses plain text to communicate in a network. The username and password can be captured
if the data transmission is intercepted. SSH encrypts data communications between two network devices.
TFTP and SCP are used for file transfer over the network. SNMP is used in network management solutions.
8. Which statement describes the behavior of a switch when the MAC address table is full?
 It treats frames as unknown unicast and floods all incoming frames to all ports on the switch.
 It treats frames as unknown unicast and floods all incoming frames to all ports across multiple
switches.
 It treats frames as unknown unicast and floods all incoming frames to all ports within the local
VLAN.
 It treats frames as unknown unicast and floods all incoming frames to all ports within the collision
domain.
Explanation: When the MAC address table is full, the switch treats the frame as an unknown unicast and
begins to flood all incoming traffic to all ports only within the local VLAN.
9. What device is considered a supplicant during the 802.1X authentication process?
 the router that is serving as the default gateway
 the authentication server that is performing client authentication
 the client that is requesting authentication
 the switch that is controlling network access
Explanation: The devices involved in the 802.1X authentication process are as follows:
 The supplicant, which is the client that is requesting network access
 The authenticator, which is the switch that the client is connecting to and that is actually
controlling physical network access
 The authentication server, which performs the actual authentication
10. Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work
properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator
has the following goals?
No one is allowed to disconnect the IP phone or the PC and connect some other wired device.
If a different device is connected, port Fa0/2 is shut down.
The switch should automatically detect the MAC address of the IP phone and the PC and add those addresses
to the running configuration.
 SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security mac-address sticky
 SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security violation restrict
 SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security maximum 2
 SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
Explanation: The default mode for a port security violation is to shut down the port so the switchport port-
security violation command is not necessary. The switchport port-security command must be entered with no
additional options to enable port security for the port. Then, additional port security options can be added.
11. Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action
will occur when PC1 is attached to switch S1 with the applied configuration?

 Frames from PC1 will be forwarded since the switchport port-security violation command is
missing.
 Frames from PC1 will be forwarded to its destination, and a log entry will be created.
 Frames from PC1 will be forwarded to its destination, but a log entry will not be created.
 Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made.
 Frames from PC1 will be dropped, and there will be no log of the violation.
 Frames from PC1 will be dropped, and a log message will be created.
Explanation: Manual configuration of the single allowed MAC address has been entered for port fa0/12. PC1
has a different MAC address and when attached will cause the port to shut down (the default action), a log
message to be automatically created, and the violation counter to increment. The default action of shutdown is
recommended because the restrict option might fail if an attack is underway.
12. Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native
VLAN?
 DHCP spoofing
 DHCP starvation
 VLAN double-tagging
 DTP spoofing
Explanation: Spoofing DTP messages forces a switch into trunking mode as part of a VLAN-hopping attack,
but VLAN double tagging works even if trunk ports are disabled. Changing the native VLAN from the default
to an unused VLAN reduces the possibility of this type of attack. DHCP spoofing and DHCP starvation
exploit vulnerabilities in the DHCP message exchange.
13. A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-
mac. What is the purpose of this configuration command?
  It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs.
 It checks the source MAC address in the Ethernet header against the MAC address table.
 It checks the source MAC address in the Ethernet header against the sender MAC address in the
ARP body.
 It checks the source MAC address in the Ethernet header against the target MAC address in the
ARP body.
Explanation: DAI can be configured to check for both destination or source MAC and IP addresses:
 Destination MAC – Checks the destination MAC address in the Ethernet header against the target
MAC address in the ARP body.
 Source MAC – Checks the source MAC address in the Ethernet header against the sender MAC
address in the ARP body.
 IP address – Checks the ARP body for invalid and unexpected IP addresses including addresses
0.0.0.0, 255.255.255.255, and all IP multicast addresses.
14. Which two commands can be used to enable BPDU guard on a switch? (Choose two.)
 S1(config)# spanning-tree bpduguard default
 S1(config-if)# spanning-tree portfast bpduguard
 S1(config)# spanning-tree portfast bpduguard default
 S1(config-if)# enable spanning-tree bpduguard
 S1(config-if)# spanning-tree bpduguard enable
Explanation: BPDU guard can be enabled on all PortFast-enabled ports by using the spanning-tree portfast
bpduguard default global configuration command. Alternatively, BPDU guard can be enabled on a PortFast-
enabled port through the use of the spanning-tree bpduguard enable interface configuration command.
15. As part of the new security policy, all switches on the network are configured to automatically learn MAC
addresses for each port. All running configurations are saved at the start and close of every business day. A
severe thunderstorm causes an extended power outage several hours after the close of business. When the
switches are brought back online, the dynamically learned MAC addresses are retained. Which port security
configuration enabled this?
 auto secure MAC addresses
 dynamic secure MAC addresses
 static secure MAC addresses
 sticky secure MAC addresses
Explanation: With sticky secure MAC addressing, the MAC addresses can be either dynamically learned or
manually configured and then stored in the address table and added to the running configuration file. In
contrast, dynamic secure MAC addressing provides for dynamically learned MAC addressing that is stored
only in the address table.
16. Which type of management frame may regularly be broadcast by an AP?
 authentication
 probe request
 probe response
 beacon
Explanation: Beacons are the only management frame that may regularly be broadcast by an AP. Probing,
authentication, and association frames are used only during the association (or reassociation) process.
17. What are the two methods that are used by a wireless NIC to discover an AP? (Choose two.)
 delivering a broadcast frame
 receiving a broadcast beacon frame
 initiating a three-way handshake
 sending an ARP request
 transmitting a probe request
Explanation: Two methods can be used by a wireless device to discover and register with an access point:
passive mode and active mode. In passive mode, the AP sends a broadcast beacon frame that contains the
SSID and other wireless settings. In active mode, the wireless device must be manually configured for the
SSID, and then the device broadcasts a probe request.
18. A technician is configuring the channel on a wireless router to either 1, 6, or 11. What is the purpose of
adjusting the channel?
 to enable different 802.11 standards
 to avoid interference from nearby wireless devices
 to disable broadcasting of the SSID
 to provide stronger security modes
Explanation: Channels 1, 6, and 11 are selected because they are 5 channels apart. thus minimizing the
interference with adjacent channels. A channel frequency can interfere with channels on either side of the
main frequency. All wireless devices need to be used on nonadjacent channels.
19. While attending a conference, participants are using laptops for network connectivity. When a guest
speaker attempts to connect to the network, the laptop fails to display any available wireless networks. The
access point must be operating in which mode?
 mixed
 passive
 active
 open
Explanation: Active is a mode used to configure an access point so that clients must know the SSID to
connect to the access point. APs and wireless routers can operate in a mixed mode meaning that that multiple
wireless standards are supported. Open is an authentication mode for an access point that has no impact on the
listing of available wireless networks for a client. When an access point is configured in passive mode, the
SSID is broadcast so that the name of wireless network will appear in the listing of available networks for
clients.
20. A network administrator is required to upgrade wireless access to end users in a building. To provide data
rates up to 1.3 Gb/s and still be backward compatible with older devices, which wireless standard should be
implemented?
 802.11n
 802.11ac
 802.11g
 802.11b
Explanation: 802.11ac provides data rates up to 1.3 Gb/s and is still backward compatible with 802.11a/b/g/n
devices. 802.11g and 802.11n are older standards that cannot reach speeds over 1Gb/s. 802.11ad is a newer
standard that can offer theoretical speeds of up to 7 Gb/s.
21. A technician is about to install and configure a wireless network at a small branch office. What is the first
security measure the technician should apply immediately upon powering up the wireless router?
 Enable MAC address filtering on the wireless router.
 Configure encryption on the wireless router and the connected wireless devices.
 Change the default user-name and password of the wireless router.
 Disable the wireless network SSID broadcast.
Explanation: The first action a technician should do to secure a new wireless network is to change the default
user-name and password of the wireless router. The next action would usually be to configure encryption.
Then once the initial group of wireless hosts have connected to the network, MAC address filtering would be
enabled and SSID broadcast disabled. This will prevent new unauthorized hosts from finding and connecting
to the wireless network.
22. On a Cisco 3504 WLC dashboard, which option provides access to the full menu of features?
 Access Points
 Network Summary
 Advanced
 Rogues
Explanation: The Cisco 3504 WLC dashboard displays when a user logs into the WLC. It provides some basic
settings and menus that users can quickly access to implement a variety of common configurations. By
clicking the Advanced button, the user will access the advanced Summary page and access all the features of
the WLC.
23. Which step is required before creating a new WLAN on a Cisco 3500 series WLC?
 Create a new SSID.
 Build or have an SNMP server available.
 Build or have a RADIUS server available.
 Create a new VLAN interface.
Explanation: Each new WLAN configured on a Cisco 3500 series WLC needs its own VLAN interface. Thus
it is required that a new VLAN interface to be created first before a new WLAN can be created.
24. A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11
standards. When users access high bandwidth services such as streaming video, the wireless network
performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency
band SSID and train users to use that SSID for streaming media services. Why might this solution improve the
wireless network performance for that type of service?
 Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will
result in fewer users accessing these services.
 The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it
more suited to streaming multimedia.
 The 5 GHz band has a greater range and is therefore likely to be interference-free.
 The only users that can switch to the 5 GHz band will be those with the latest wireless NICs,
which will reduce usage.
Explanation: Wireless range is determined by the access point antenna and output power, not the frequency
band that is used. In this scenario it is stated that all users have wireless NICs that comply with the latest
standard, and so all can access the 5 GHz band. Although some users may find it inconvenient to switch to the
5 Ghz band to access streaming services, it is the greater number of channels, not just fewer users, that will
improve network performance.
25. A network administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The
configuration requires a shared secret password. What is the purpose for the shared secret password?
 It is used by the RADIUS server to authenticate WLAN users.
 It is used to authenticate and encrypt user data on the WLAN.
 It is used to encrypt the messages between the WLC and the RADIUS server.
 It allows users to authenticate and access the WLAN.
Explanation: The RADIUS protocol uses security features to protect communications between the RADIUS
server and clients. A shared secret is the password used between the WLC and the RADIUS server. It is not
for end users.
26. Which three parameters would need to be changed if best practices are being implemented for a home
wireless AP? (Choose three.)
 wireless client operating system password
 antenna frequency
 wireless network password
 wireless beacon time
 AP password
 SSID
Explanation: As soon as an AP is taken out of a box, the default device password, SSID, and security
parameters (wireless network password) should be set. The frequency of a wireless antenna can be adjusted,
but doing so is not required. The beacon time is not normally configured. The wireless client operating system
password is not affected by the configuration of a home wireless network.
27. Which access control component, implementation, or protocol is based upon usernames and passwords?
 802.1X
 accounting
 authentication
 authorization
28. Which type of wireless network is based on the 802.11 standard and a 2.4-GHz or 5-GHz radio frequency?
 wireless metropolitan-area network
 wireless wide-area network
 wireless local-area network
 wireless personal-area network
29. Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.)
 DHCP Snooping
 IP Source Guard
 Dynamic ARP Inspection
 Port Security
 Web Security Appliance
Explanation: Cisco provides solutions to help mitigate Layer 2 attacks including these:
 IP Source Guard (IPSG) – prevents MAC and IP address spoofing attacks
 Dynamic ARP Inspection (DAI) – prevents ARP spoofing and ARP poisoning attacks
 DHCP Snooping – prevents DHCP starvation and SHCP spoofing attacks
 Port Security – prevents many types of attacks including MAC table overflow attacks and DHCP
starvation attacks
Web Security Appliance (WSA) is a mitigation technology for web-based threats.
30. What are three techniques for mitigating VLAN attacks? (Choose three.)
 Enable trunking manually.
 Disable DTP.
 Enable Source Guard.
 Set the native VLAN to an unused VLAN.
 Use private VLANs.
 Enable BPDU guard.
Explanation: Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP),
manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use.
31. Refer to the exhibit. What can be determined about port security from the information that is shown?
  The port has the maximum number of MAC addresses that is supported by a Layer 2 switch port
which is configured for port security.
 The port has been shut down.
 The port violation mode is the default for any port that has port security enabled.
 The port has two attached devices.
Explanation: The Port Security line simply shows a state of Enabled if the switchport port-security command
(with no options) has been entered for a particular switch port. If a port security violation had occurred, a
different error message appears such as Secure-shutdown. The maximum number of MAC addresses
supported is 50. The Maximum MAC Addresses line is used to show how many MAC addresses can be
learned (2 in this case). The Sticky MAC Addresses line shows that only one device has been attached and
learned automatically by the switch. This configuration could be used when a port is shared by two cubicle-
sharing personnel who bring in separate laptops.
32. A network administrator of a college is configuring the WLAN user authentication process. Wireless users
are required to enter username and password credentials that will be verified by a server. Which server would
provide such service?
 AAA
 NAT
 RADIUS
 SNMP
Explanation: Remote Authentication Dial-In User Service (RADIUS) is a protocol and server software that
provides user-based authentication for an organization. When a WLAN is configured to use a RADIUS
server, users will enter username and password credentials that are verified by the RADIUS server before
allowing to the WLAN.
33. A technician is troubleshooting a slow WLAN that consists of 802.11b and 802.11g devices . A new
802.11n/ac dual-band router has been deployed on the network to replace the old 802.11g router. What can the
technician do to address the slow wireless speed?
 Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band.
 Update the firmware on the new router.
 Configure devices to use a different channel.
 Change the SSID.
Explanation: Splitting the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band will allow
for the 802.11n to use the two bands as two separate wireless networks to help manage the traffic, thus
improving wireless performance.
34. The company handbook states that employees cannot have microwave ovens in their offices. Instead, all
employees must use the microwave ovens located in the employee cafeteria. What wireless security risk is the
company trying to avoid?
 improperly configured devices
 rogue access points
 accidental interference
 interception of data
Explanation: Denial of service attacks can be the result of improperly configured devices which can disable
the WLAN. Accidental interference from devices such as microwave ovens and cordless phones can impact
both the security and performance of a WLAN. Man-in-the-middle attacks can allow an attacker to intercept
data. Rogue access points can allow unauthorized users to access the wireless network.
35. What is the function provided by CAPWAP protocol in a corporate wireless network?
 CAPWAP creates a tunnel on Transmission Control Protocol (TCP) ports in order to allow a WLC
to configure an autonomous access point.
 CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access
point and a wireless LAN controller.
  CAPWAP provides connectivity between an access point using IPv6 addressing and a wireless
client using IPv4 addressing.
 CAPWAP provides the encryption of wireless user traffic between an access point and a wireless
client.
Explanation: CAPWAP is an IEEE standard protocol that enables a WLC to manage multiple APs and
WLANs. CAPWAP is also responsible for the encapsulation and forwarding of WLAN client traffic between
an AP and a WLC.
36. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

Modules 10 – 13: L2 Security and WLANs Exam Answers

Which event will take place if there is a port security violation on switch S1 interface Fa0/1?
 A syslog message is logged.
 The interface will go into error-disabled state.
 Packets with unknown source addresses will be dropped.
 A notification is sent.
Explanation: The violation mode can be viewed by issuing the show port-security interface <int>command.
Interface FastEthernet 0/1 is configured with the violation mode of protect. If there is a violation, interface
FastEthernet 0/1 will drop packets with unknown MAC addresses.
37. Match each functional component of AAA with its description. (Not all options are used.)

38. What are two protocols that are used by AAA to authenticate users against a central database of usernames
and password? (Choose two.)
  SSH
 HTTPS
 TACACS+
 RADIUS
 CHAP
 NTP
Explanation: By using TACACS+ or RADIUS, AAA can authenticate users from a database of usernames
and passwords stored centrally on a server such as a Cisco ACS server.
39. What is the result of a DHCP starvation attack?
 The attacker provides incorrect DNS and default gateway information to clients.
 The IP addresses assigned to legitimate clients are hijacked.
 Clients receive IP address assignments from a rogue DHCP server.
 Legitimate clients are unable to lease IP addresses.
Explanation: DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP
clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages to lease
the entire pool of available IP addresses, thus denying them to legitimate hosts.
40. Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks?
 the limited size of content-addressable memory space
 the automatic trunking port feature enabled for all ports by default
 the native VLAN of the trunking port being the same as a user VLAN
 mixed duplex mode enabled for all ports by default
Explanation: A double-tagging (or double-encapsulated) VLAN hopping attack takes advantage of the way
that hardware on most switches operates. Most switches perform only one level of 802.1Q de-encapsulation,
which allows an attacker to embed a hidden 802.1Q tag inside the frame. This tag allows the frame to be
forwarded to a VLAN that the original 802.1Q tag did not specify. An important characteristic of the double-
encapsulated VLAN hopping attack is that it works even if trunk ports are disabled, because a host typically
sends a frame on a segment that is not a trunk link. This type of attack is unidirectional and works only when
the attacker is connected to a port residing in the same VLAN as the native VLAN of the trunk port.
41. Which component of AAA allows an administrator to track individuals who access network resources and
any changes that are made to those resources?
 authentication
 accounting
 accessibility
 authorization
Explanation: One of the components in AAA is accounting. After a user is authenticated through AAA, AAA
servers keep a detailed log of exactly what actions the authenticated user takes on the device.
42. Refer to the exhibit. PC1 and PC2 should be able to obtain IP address assignments from the DHCP server.
How many ports among switches should be assigned as trusted ports as part of the DHCP snooping
configuration?

 1
 3
 5
 7
Explanation: The DHCP snooping configuration includes building the DHCP Snooping Binding Database and
assigning necessary trusted ports on switches. A trusted port points to the legitimate DHCP servers. In this
network design, because the DHCP server is attached to AS3, seven switch ports should be assigned as trusted
ports, one on AS3 toward the DHCP server, one on DS1 toward AS3, one on DS2 toward AS3, and two
connections on both AS1 and AS2 (toward DS1 and DS2), for a total of seven.
43. An IT security specialist enables port security on a switch port of a Cisco switch. What is the default
violation mode in use until the switch port is configured to use a different violation mode?
 shutdown
 disabled
 restrict
 protect
Explanation: If no violation mode is specified when port security is enabled on a switch port, then the security
violation mode defaults to shutdown.
44. A laptop cannot connect to a wireless access point. Which two troubleshooting steps should be taken first?
(Choose two.)
 Ensure that the correct network media is selected.
 Ensure that the laptop antenna is attached.
 Ensure that the wireless NIC is enabled.
 Ensure that the wireless SSID is chosen.
 Ensure that the NIC is configured for the proper frequency.
Explanation: A wireless laptop normally does not have an antenna attached unless a repair has recently been
implemented. If the wireless NIC is enabled, the correct media, radio, will be used. When the NIC detects an
access point, the correct frequency is automatically used.
45. What is an advantage of SSID cloaking?
 Clients will have to manually identify the SSID to connect to the network.
 It is the best way to secure a wireless network.
 SSIDs are very difficult to discover because APs do not broadcast them.
 It provides free Internet access in public locations where knowing the SSID is of no concern.
Explanation: SSID cloaking is a weak security feature that is performed by APs and some wireless routers by
allowing the SSID beacon frame to be disabled. Although clients have to manually identify the SSID to be
connected to the network, the SSID can be easily discovered. The best way to secure a wireless network is to
use authentication and encryption systems. SSID cloaking does not provide free Internet access in public
locations, but an open system authentication could be used in that situation.
46. What is a wireless security mode that requires a RADIUS server to authenticate wireless users?
 personal
 shared key
 enterprise
 WEP
Explanation: WPA and WPA2 come in two types: personal and enterprise. Personal is used in home and small
office networks. Shared key allows three different authentication techniques: (1) WEP, (2) WPA, and (3)
802.11i/WPA2. WEP is an encryption method.
47. A company has recently implemented an 802.11n wireless network. Some users are complaining that the
wireless network is too slow. Which solution is the best method to enhance the performance of the wireless
network?
 Disable DHCP on the access point and assign static addresses to the wireless clients.
 Upgrade the firmware on the wireless access point.
 Split the traffic between the 2.4 GHz and 5 GHz frequency bands.
 Replace the wireless NICs on the computers that are experiencing slow connections.
Explanation: Because some users are complaining about the network being too slow, the correct option would
be to split the traffic so that there are two networks using different frequencies at the same time. Replacing the
wireless NICs will not necessarily correct the network being slow and it could be expensive for the company.
DHCP versus static addressing should have no impact of the network being slow and it would be a huge task
to have all users assigned static addressing for their wireless connection. Upgrading the firmware on the
wireless access point is always a good idea. However, if some of the users are experiencing a slow network
connection, it is likely that this would not substantially improve network performance.
48. Which protocol can be used to monitor the network?
 DHCP
 SNMP
 RADIUS
 AAA
Explanation: Simple Network Management Protocol (SNMP) is used to monitor the network.
49. A network administrator deploys a wireless router in a small law firm. Employee laptops join the WLAN
and receive IP addresses in the 10.0.10.0/24 network. Which service is used on the wireless router to allow the
employee laptops to access the internet?
 DHCP
 RADIUS
 DNS
 NAT
Explanation: Any address with the 10 in the first octet is a private IPv4 address and cannot be routed on the
internet. The wireless router will use a service called Network Address Translation (NAT) to convert private
IPv4 addresses to internet-routable IPv4 addresses for wireless devices to gain access to the internet.
50. Which service can be used on a wireless router to prioritize network traffic among different types of
applications so that voice and video data are prioritized over email and web data?
 QoS
 DNS
 DHCP
 NAT
Explanation: Many wireless routers have an option for configuring quality of service (QoS). By configuring
QoS, certain time-sensitive traffic types, such as voice and video, are prioritized over traffic that is not as
time-sensitive, such as email and web browsing.
51. Which access control component, implementation, or protocol is based on device roles of supplicant,
authenticator, and authentication server?
 accounting
 authentication
 authorization
 802.1X
52. Which type of wireless network is suitable for national and global communications?
 wireless metropolitan-area network
 wireless local-area network
 wireless personal-area network
 wireless wide-area network
53. Which feature on a switch makes it vulnerable to VLAN hopping attacks?
 the mixed duplex mode enabled for all ports by default
 the limited size of content-addressable memory space
 mixed port bandwidth support enabled for all ports by default
 the automatic trunking port feature enabled for all ports by default
Explanation: A VLAN hopping attack enables traffic from one VLAN to be seen by another VLAN without
routing. In a basic VLAN hopping attack, the attacker takes advantage of the automatic trunking port feature
enabled by default on most switch ports.
54. Which component of AAA is used to determine which resources a user can access and which operations
the user is allowed to perform?
 accounting
 authentication
 auditing
 authorization
Explanation: One of the components in AAA is authorization. After a user is authenticated through AAA,
authorization services determine which resources the user can access and which operations the user is allowed
to perform.
55. Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-
security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the
reason that the Fa0/2 interface is shutdown?
 CCNA 2 v7 Modules 10 – 13: L2 Security and WLANs Exam Answers 55
 The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface.
 The connection between S1 and PC1 is via a crossover cable.
 S1 has been configured with a switchport port-security aging command.
 The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.
Explanation: The security violation counter for Fa0/2 has been incremented (evidenced by the 1 in the
SecurityViolation column). The most secure addresses allowed on port Fa0/2 is 1 and that address was
manually entered. Therefore, PC1 must have a different MAC address than the one configured for port Fa0/2.
Connections between end devices and the switch, as well as connections between a router and a switch, are
made with a straight-through cable.
56. A network administrator enters the following commands on the switch SW1.

SW1(config)# interface range fa0/5 - 10

SW1(config-if)# ip dhcp snooping limit rate 6

What is the effect after these commands are entered?

 If any of the FastEthernet ports 5 through 10 receive more than 6 DHCP messages per second, the
port will be shut down.
 FastEthernet ports 5 through 10 can receive up to 6 DHCP messages per second of any type.
 If any of the FastEthernet ports 5 through 10 receive more than 6 DHCP messages per second, the
port will continue to operate and an error message will be sent to the network administrator.
 FastEthernet ports 5 through 10 can receive up to 6 DHCP discovery messages per second.
Explanation: When DHCP snooping is being configured, the number of DHCP discovery messages that
untrusted ports can receive per second should be rate-limited by using the ip dhcp snooping limit rate interface
configuration command. When a port receives more messages than the rate allows, the extra messages will be
dropped.
57. A network administrator is configuring port security on a Cisco switch. The company security policy
specifies that when a violation occurs, packets with unknown source addresses should be dropped and no
notification should be sent. Which violation mode should be configured on the interfaces?
 off
 restrict
 protect
 shutdown
Explain: On a Cisco switch, an interface can be configured for one of three violation modes, specifying the
action to be taken if a violation occurs:Protect – Packets with unknown source addresses are dropped until a
sufficient number of secure MAC addresses are removed, or the number of maximum allowable addresses is
increased. There is no notification that a security violation has occurred.
Restrict – Packets with unknown source addresses are dropped until a sufficient number of secure MAC
addresses are removed, or the number of maximum allowable addresses is increased. In this mode, there is a
notification that a security violation has occurred.
Shutdown – The interface immediately becomes error-disabled and the port LED is turned off.
58. A network administrator is working to improve WLAN performance on a dual-band wireless router. What
is a simple way to achieve a split-the-traffic result?
 Add a Wi-Fi range extender to the WLAN and set the AP and the range extender to serve different
bands.
 Check and keep the firmware of the wireless router updated.
 Make sure that different SSIDs are used for the 2.4 GHz and 5 GHz bands.
 Require all wireless devices to use the 802.11n standard.
Explanation: By default, dual-band routers and APs use the same network name on both the 2.4 GHz band
and the 5 GHz band. The simplest way to segment traffic is to rename one of the wireless networks.
59. Which access control component, implementation, or protocol controls what users can do on the network?
 accounting
 802.1X
 authorization
 authentication
60. Which type of wireless network is suitable for providing wireless access to a city or district?
 wireless wide-area network
 wireless personal-area network
 wireless local-area network
 wireless metropolitan-area network
61. On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network
administrator to access and configure a WLAN for a specific security option such as WPA2?
 MANAGEMENT
 WIRELESS
 WLANs
 SECURITY
Explanation: The WLANs tab in the Cisco 3504 WLC advanced Summary page allows a user to access the
configuration of WLANs including security, QoS, and policy-mapping.
62. What type of wireless antenna is best suited for providing coverage in large open spaces, such as hallways
or large conference rooms?
 Yagi
 omnidirectional
 dish
 directional
Explanation: Omnidirectional antennas send the radio signals in a 360 degree pattern around the antenna. This
provides coverage to devices situated anywhere around the access point. Dishes, directional, and Yagi
antennas focus the radio signals in a single direction, making them less suitable for covering large, open areas.
64. What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?
 preventing buffer overflow attacks
 preventing rogue switches from being added to the network
 protecting against Layer 2 loops
 enforcing the placement of root bridges
Explanation: BPDU guard immediately error-disables a port that receives a BPDU. This prevents rogue
switches from being added to the network. BPDU guard should only be applied to all end-user ports.
65. Which access control component, implementation, or protocol logs EXEC and configuration commands
configured by a user?
 authentication
 authorization
 802.1X
 accounting
66. Which type of wireless network uses transmitters to provide coverage over an extensive geographic area?
 wireless metropolitan-area network
 wireless local-area network
 wireless personal-area network
 wireless wide-area network
67. Which access control component, implementation, or protocol controls who is permitted to access a
network?
 authorization
 802.1X
 accounting
 authentication
68. What two IEEE 802.11 wireless standards operate only in the 5 GHz range? (Choose two.)
 802.11g
 802.11ad
 802.11ac
 802.11a
 802.11n
 802.11b
Explanation: The 802.11a and 802.11ac standards operate only in the 5 GHZ range. The 802.11b and 802.11g
standards operate only in the 2.4 GHz range. The 802.11n standard operates in both the 2.4 and 5 GHz ranges.
The 802.11ad standard operates in the 2.4, 5, and 60 GHz ranges.
69. Which type of wireless network uses low powered transmitters for a short-range network, usually 20 to 30
ft. (6 to 9 meters)?
 wireless metropolitan-area network
 wireless personal-area network
 wireless local-area network
 wireless wide-area network
71. Which wireless network topology would be used by network engineers to provide a wireless network for
an entire college building?
 ad hoc
 hotspot
 infrastructure
 mixed mode
Explanation: Ad hoc mode (also known as independent basic service set or IBSS) is used in a peer-to-peer
wireless network such as when Bluetooth is used. A variation of the ad hoc topology exists when a smart
phone or tablet with cellular data access is enabled to create a personal wireless hotspot. Mixed mode allows
older wireless NICs to attach to an access point that can use a newer wireless standard.
72. Which type of wireless network uses transmitters to provide wireless service over a large urban region?
 wireless wide-area network
 wireless personal-area network
 wireless metropolitan-area network
 wireless local-area network.
73. Which type of wireless network is suitable for use in a home or office?
 wireless wide-area network
 wireless personal-area network
 wireless local-area network
 wireless metropolitan-area network
74. Which access control component, implementation, or protocol indicates success or failure of a client-
requested service with a PASS or FAIL message?
 accounting
 authentication
 802.1X
 authorization
75. Which type of wireless network often makes use of devices mounted on buildings?
 wireless local-area network
 wireless metropolitan-area network
 wireless personal-area network
 wireless wide-area network
76. A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-
mac . What is the purpose of this configuration command?
 It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs.
 It checks the source MAC address in the Ethernet header against the MAC address table.
 It checks the source MAC address in the Ethernet header against the sender MAC address in the
ARP body.
 It checks the source MAC address in the Ethernet header against the target MAC address in the
ARP body.
Explanation: DAI can be configured to check for both destination or source MAC and IP addresses:
Destination MAC – Checks the destination MAC address in the Ethernet header against the target MAC
address in the ARP body.
Source MAC – Checks the source MAC address in the Ethernet header against the sender MAC address in the
ARP body.
IP address – Checks the ARP body for invalid and unexpected IP addresses including addresses 0.0.0.0,
255.255.255.255, and all IP multicast addresses.
77. Which access control component, implementation, or protocol collects and reports usage data?
 accounting
 authentication
 authorization
 802.1X
78. Which type of wireless network uses transmitters to cover a medium-sized network, usually up to 300 feet
(91.4 meters)?
  Wireless LANs (WLAN)
79. Which access control component, implementation, or protocol audits what users actions are performed on
the network?
 Accounting
 Authorization
 Authentication
 802.1X
Explanation:
The final plank in the AAA framework is accounting, which measures the resources a user consumes during
access. This can include the amount of system time or the amount of data a user has sent and/or received
during a session. Accounting is carried out by logging of session statistics and usage information and is used
for authorization control, billing, trend analysis, resource utilization, and capacity planning activities.
80. Which type of wireless network commonly uses Bluetooth or ZigBee devices?
 wireless wide-area network
 wireless personal-area network
 wireless local-area network
 wireless metropolitan-area network
81. Which access control component, implementation, or protocol is implemented either locally or as a server-
based solution?
 authorization
 802.1X
 accounting
 authentication
82. A technician is troubleshooting a slow WLAN and decides to use the split-the-traffic approach. Which two
parameters would have to be configured to do this? (Choose two.)
 Configure the 5 GHz band for streaming multimedia and time sensitive traffic.
 Configure the security mode to WPA Personal TKIP/AES for one network and WPA2 Personal
AES for the other network
 Configure the 2.4 GHz band for basic internet traffic that is not time sensitive.
 Configure the security mode to WPA Personal TKIP/AES for both networks.
 Configure a common SSID for both split networks.
83. Which access control component, implementation, or protocol restricts LAN access through publicly
accessible switch ports?
 802.1X
 authorization
 accounting
 authentication
84. A network administrator is required to upgrade wireless access to end users in a building. To provide data
rates up to 1.3Gb/s and still be backward compatible with older devices, which wireless standard should be
implemented?
 802.11g
 802.11n
 802.11ac
 802.11b
Explanation: 802.11ac provides data rates up to 1.3 Gb/s and is still backward compatible with 802.11a/b/g/n
devices. 802.11g and 802.11n are older standards that cannot reach speeds over 1Gb/s. 802.11ad is a newer
standard that can offer theoretical speeds of up to 7 Gb/s.

Switching, Routing, and Wireless Essentials ( Version 7.00) – Routing Concepts and
Configuration Exam
1. Which feature on a Cisco router permits the forwarding of traffic for which there is no specific route?
 next-hop
 gateway of last resort
 route source
 outgoing interface
Explanation: A default static route is used as a gateway of last resort to forward unknown destination traffic to
a next hop/exit interface. The next-hop or exit interface is the destination to send traffic to on a network after
the traffic is matched in a router. The route source is the location a route was learned from.
2. Which three advantages are provided by static routing? (Choose three.)
 Static routing does not advertise over the network, thus providing better security.
 Configuration of static routes is error-free.
  Static routes scale well as the network grows.
 Static routing typically uses less network bandwidth and fewer CPU operations than dynamic
routing does.
 The path a static route uses to send data is known.
 No intervention is required to maintain changing route information.
Explanation: Static routes are prone to errors from incorrect configuration by the administrator. They do not
scale well, because the routes must be manually reconfigured to accommodate a growing network.
Intervention is required each time a route change is necessary. They do provide better security, use less
bandwidth, and provide a known path to the destination.
3. What are two functions of dynamic routing protocols? (Choose two.)
 to maintain routing tables
 to assure low router overhead
 to avoid exposing network information
 to discover the network
 to choose the path that is specified by the administrator
Explanation: Dynamic routing protocols exist to discover the network, maintain routing tables, and calculate
the best path. Having low levels of routing overhead, using the path specified by the administrator, and
avoiding the exposure of network information are functions of static routing.
4. What is an advantage of using dynamic routing protocols instead of static routing?
 easier to implement
 more secure in controlling routing updates
 fewer router resource overhead requirements
 ability to actively search for new routes if the current path becomes unavailable
Explanation: Dynamic routing has the ability to search and find a new best path if the current path is no longer
available. The other options are actually the advantages of static routing.
5. What happens to a static route entry in a routing table when the outgoing interface associated with that
route goes into the down state?
 The static route is removed from the routing table.
 The router polls neighbors for a replacement route.
 The router automatically redirects the static route to use another interface.
 The static route remains in the table because it was defined as static.
Explanation: When the interface associated with a static route goes down, the router will remove the route
because it is no longer valid.
6. What is a characteristic of a static route that matches all packets?
 It uses a single network address to send multiple static routes to one destination address.
 It identifies the gateway IP address to which the router sends all IP packets for which it does not
have a learned or static route.
 It backs up a route already discovered by a dynamic routing protocol.
 It is configured with a higher administrative distance than the original dynamic routing protocol
has.
Explanation: A default static route is a route that matches all packets. It identifies the gateway IP address to
which the router sends all IP packets for which it does not have a learned or static route. A default static route
is simply a static route with 0.0.0.0/0 as the destination IPv4 address. Configuring a default static route creates
a gateway of last resort.
7. When would it be more beneficial to use a dynamic routing protocol instead of static routing?
 in an organization where routers suffer from performance issues
 on a stub network that has a single exit point
 in an organization with a smaller network that is not expected to grow in size
 on a network where there is a lot of topology changes
Explanation: Dynamic routing protocols consume more router resources, are suitable for larger networks, and
are more useful on networks that are growing and changing.
8. Which route would be used to forward a packet with a source IP address of 192.168.10.1 and a destination
IP address of 10.1.1.1?
 C 192.168.10.0/30 is directly connected, GigabitEthernet0/1
 O 10.1.1.0/24 [110/65] via 192.168.200.2, 00:01:20, Serial0/1/0
 S* 0.0.0.0/0 [1/0] via 172.16.1.1
 S 10.1.0.0/16 is directly connected, GigabitEthernet0/0
Explanation: Even though OSPF has a higher administrative distance value (less trustworthy), the best match
is the route in the routing table that has the most number of far left matching bits.
9. Refer to the exhibit. What is the administrative distance value of the route for router R1 to reach the
destination IPv6 address of 2001:DB8:CAFE:4::A?
  120
 110
 1
 4
Explanation: The RIP route with the source code R is used to forward data to the destination IPv6 address of
2001:DB8:CAFE:4::A. This route has an AD value of 120.
10. Which value in a routing table represents trustworthiness and is used by the router to determine which
route to install into the routing table when there are multiple routes toward the same destination?
 administrative distance
 metric
 outgoing interface
 routing protocol
Explanation: The administrative distance represents the trustworthiness of a particular route. The lower an
administrative distance, the more trustworthy the learned route is. When a router learns multiple routes toward
the same destination, the router uses the administrative distance value to determine which route to place into
the routing table. A metric is used by a routing protocol to compare routes received from the routing protocol.
An exit interface is the interface used to send a packet in the direction of the destination network. A routing
protocol is used to exchange routing updates between two or more adjacent routers.
12. Refer to the graphic. Which command would be used on router A to configure a static route to direct
traffic from LAN A that is destined for LAN C?

 A(config)# ip route 192.168.3.0 255.255.255.0 192.168.3.1

 A(config)# ip route 192.168.3.2 255.255.255.0 192.168.4.0
 A(config)# ip route 192.168.4.0 255.255.255.0 192.168.5.2
 A(config)# ip route 192.168.5.0 255.255.255.0 192.168.3.2
 A(config)# ip route 192.168.4.0 255.255.255.0 192.168.3.2
Explanation: The destination network on LAN C is 192.168.4.0 and the next-hop address from the perspective
of router A is 192.168.3.2.
13. On which two routers would a default static route be configured? (Choose two.)
 any router where a backup route to dynamic routing is needed for reliability
 the router that serves as the gateway of last resort
 any router running an IOS prior to 12.0
 stub router connection to the rest of the corporate or campus network
 edge router connection to the ISP
Explanation: A stub router or an edge router connected to an ISP has only one other router as a connection. A
default static route works in those situations because all traffic will be sent to one destination. The destination
router is the gateway of last resort. The default route is not configured on the gateway, but on the router
sending traffic to the gateway. The router IOS does not matter.
14. Refer to the exhibit. This network has two connections to the ISP, one via router C and one via router B.
The serial link between router A and router C supports EIGRP and is the primary link to the Internet. If the
primary link fails, the administrator needs a floating static route that avoids recursive route lookups and any
potential next-hop issues caused by the multiaccess nature of the Ethernet segment with router B. What should
the administrator configure?

 Create a static route pointing to 10.1.1.1 with an AD of 95.

 Create a fully specified static route pointing to Fa0/0 with an AD of 1.
 Create a fully specified static route pointing to Fa0/0 with an AD of 95.
 Create a static route pointing to 10.1.1.1 with an AD of 1.
 Create a static route pointing to Fa0/0 with an AD of 1.
Explanation: A floating static route is a static route with an administrative distance higher than that of another
route already in the routing table. If the route in the table disappears, the floating static route will be put into
the routing table in its place. Internal EIGRP has an AD of 90, so a floating static route in this scenario would
need to have an AD higher than 90. Also, when creating a static route to a multiaccess interface like a
FastEthernet segment a fully specified route should be used, with both a next-hop IP address and an exit
interface. This prevents the router from doing a recursive lookup, but still ensures the correct next-hop device
on the multiaccess segment forwards the packet.
15. What is a characteristic of a floating static route?
 When it is configured, it creates a gateway of last resort.
 It is used to provide load balancing between static routes.
 It is simply a static route with 0.0.0.0/0 as the destination IPv4 address.
 It is configured with a higher administrative distance than the original dynamic routing protocol
has.
Explanation: Floating static routes are static routes used to provide a backup path to a primary static or
dynamic route, in the event of a link failure. They must be configured with a higher administrative distance
than the original dynamic routing protocol has. A default static route is simply a static route with 0.0.0.0/0 as
the destination IPv4 address. Configuring a default static route creates a gateway of last resort.
16. What network prefix and prefix-length combination is used to create a default static route that will match
any IPv6 destination?
 FFFF::/128
 ::1/64
 ::/128
 ::/0
Explanation: A default static route configured for IPv6, is a network prefix of all zeros and a prefix mask of 0
which is expressed as ::/0.
17. Consider the following command:
ip route 192.168.10.0 255.255.255.0 10.10.10.2 5
What does the 5 at the end of the command signify?
 exit interface
 maximum number of hops to the 192.168.10.0/24 network
 metric
 administrative distance
Explanation: The 5 at the end of the command signifies administrative distance. This value is added to
floating static routes or routes that only appear in the routing table when the preferred route has gone down.
The 5 at the end of the command signifies administrative distance configured for the static route. This value
indicates that the floating static route will appear in the routing table when the preferred route (with an
administrative distance less than 5) is down.
18. Refer to the exhibit. The routing table for R2 is as follows:
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, Serial0/0/0
C 10.0.0.4 is directly connected, Serial0/0/1
192.168.10.0/26 is subnetted, 3 subnets
S 192.168.10.0 is directly connected, Serial0/0/0
C 192.168.10.64 is directly connected, FastEthernet0/0
S 192.168.10.128 [1/0] via 10.0.0.6
What will router R2 do with a packet destined for 192.168.10.129?

 send the packet out interface FastEthernet0/0

 send the packet out interface Serial0/0/1
 drop the packet
 send the packet out interface Serial0/0/0
Explanation: When a static route is configured with the next hop address (as in the case of the 192.168.10.128
network), the output of the show ip route command lists the route as “via” a particular IP address. The router
has to look up that IP address to determine which interface to send the packet out. Because the IP address of
10.0.0.6 is part of network 10.0.0.4, the router sends the packet out interface Serial0/0/1.
19. An administrator issues the ipv6 route 2001:db8:acad:1::/32 gigabitethernet0/0 2001:db8:acad:6::1 100
command on a router. What administrative distance is assigned to this route?
 0
 1
 32
 100
Explanation: The command ipv6 route 2001:db8:acad:1::/32 gigabitethernet0/0 2001:db8:acad:6::1 100 will
configure a floating static route on a router. The 100 at the end of the command specifies the administrative
distance of 100 to be applied to the route.
20. Refer to the exhibit. Which default static route command would allow R1 to potentially reach all unknown
networks on the Internet?

 R1(config)# ipv6 route 2001:db8:32::/64 G0/0

 R1(config)# ipv6 route ::/0 G0/0 fe80::2
 R1(config)# ipv6 route 2001:db8:32::/64 G0/1 fe80::2
 R1(config)# ipv6 route ::/0 G0/1 fe80::2
Explanation: To route packets to unknown IPv6 networks a router will need an IPv6 default route. The static
route ipv6 route ::/0 G0/1 fe80::2 will match all networks and send packets out the specified exit interface
G0/1 toward R2.
21. Refer to the exhibit. The network engineer for the company that is shown wants to use the primary ISP
connection for all external connectivity. The backup ISP connection is used only if the primary ISP
connection fails. Which set of commands would accomplish this goal?

 ip route 0.0.0.0 0.0.0.0 s0/0/0

ip route 0.0.0.0 0.0.0.0 s0/1/0
 ip route 0.0.0.0 0.0.0.0 s0/0/0
ip route 0.0.0.0 0.0.0.0 s0/1/0 10
 ip route 198.133.219.24 255.255.255.252
ip route 64.100.210.80 255.255.255.252 10
 ip route 198.133.219.24 255.255.255.252
ip route 64.100.210.80 255.255.255.252
Explanation: A static route that has no administrative distance added as part of the command has a default
administrative distance of 1. The backup link should have a number higher than 1. The correct answer has an
administrative distance of 10. The other quad zero route would load balance packets across both links and
both links would appear in the routing table. The remaining answers are simply static routes (either a default
route or a floating static default route).
22. Refer to the exhibit. Which set of commands will configure static routes that will allow the Park and the
Alta routers to a) forward packets to each LAN and b) direct all other traffic to the Internet?

 Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1

Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
  Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 198.18.222.0 255.255.255.255 s0/0/0
 Park(config)# ip route 172.16.67.0 255.255.255.0 192.168.14.1
Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
 Park(config)# ip route 172.16.67.0 255.255.255.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1
Explanation: The LAN connected to the router Park is a stud network, therefore, a default route should be
used to forward network traffic destined to non-local networks. The router Alta connects to both the internet
and the Park router, it would require two static routes configured, one toward the internet and the other toward
the LAN connected to the router Park.
23. Refer to the exhibit. The small company shown uses static routing. Users on the R2 LAN have reported a
problem with connectivity. What is the issue?

 R1 needs a static route to the R2 LAN.

 R2 needs a static route to the R1 LANs.
 R1 needs a default route to R2.
 R2 needs a static route to the Internet.
 R1 and R2 must use a dynamic routing protocol.
Explanation: R1 has a default route to the Internet. R2 has a default route to R1. R1 is missing a static route
for the 10.0.60.0 network. Any traffic that reached R1 and is destined for 10.0.60.0/24 will be routed to the
ISP.
24. Refer to the exhibit. An administrator is attempting to install an IPv6 static route on router R1 to reach the
network attached to router R2. After the static route command is entered, connectivity to the network is still
failing. What error has been made in the static route configuration?
  The next hop address is incorrect.
 The interface is incorrect.
 The destination network is incorrect.
 The network prefix is incorrect.
Explanation: In this example the interface in the static route is incorrect. The interface should be the exit
interface on R1, which is s0/0/0.
25. Refer to the exhibit. How was the host route 2001:DB8:CAFE:4::1/128 installed in the routing table?

 The route was dynamically created by router R1.

 The route was dynamically learned from another router.
 The route was manually entered by an administrator.
 The route was automatically installed when an IP address was configured on an active interface.
Explanation: A host route is an IPv6 route with a 128-bit mask. A host route can be installed in a routing table
automatically when an IP address is configured on a router interface or manually if a static route is created.
26. Refer to the exhibit. HostA is attempting to contact ServerB. Which two statements correctly describe the
addressing that HostA will generate in the process? (Choose two.)

 A packet with the destination IP address of RouterA.

 A frame with the destination MAC address of SwitchA.
 A packet with the destination IP address of ServerB.
 A frame with the destination MAC address of RouterA.
 A frame with the destination MAC address of ServerB.
 A packet with the destination IP address of RouterB.
Explanation: In order to send data to ServerB, HostA will generate a packet that contains the IP address of the
destination device on the remote network and a frame that contains the MAC address of the default gateway
device on the local network.
27. Refer to the exhibit. A ping from R1 to 10.1.1.2 is successful, but a ping from R1 to any address in the
192.168.2.0 network fails. What is the cause of this problem?
  There is no gateway of last resort at R1.
 The static route for 192.168.2.0 is incorrectly configured.
 A default route is not configured on R1.
 The serial interface between the two routers is down.
28. Refer to the exhibit. An administrator is attempting to install a default static route on router R1 to reach
the Site B network on router R2. After entering the static route command, the route is still not showing up in
the routing table of router R1. What is preventing the route from installing in the routing table?

 The netmask is incorrect.

 The exit interface is missing.
 The next hop address is incorrect.
 The destination network is incorrect.
Explanation: The next hop address is incorrect. From R1 the next hop address should be that of the serial
interface of R2, 209.165.202.130.
29. Refer to the exhibit. The Branch Router has an OSPF neighbor relationship with the HQ router over the
198.51.0.4/30 network. The 198.51.0.8/30 network link should serve as a backup when the OSPF link goes
down. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/1/1 100 was issued on Branch and now
traffic is using the backup link even when the OSPF link is up and functioning. Which change should be made
to the static route command so that traffic will only use the OSPF link when it is up?
  Add the next hop neighbor address of 198.51.0.8.
 Change the administrative distance to 1.
 Change the destination network to 198.51.0.5.
 Change the administrative distance to 120.
Explanation: The problem with the current floating static route is that the administrative distance is set too
low. The administrative distance will need to be higher than that of OSPF, which is 110, so that the router will
only use the OSPF link when it is up.
30. What characteristic completes the following statement?
When an IPv6 static route is configured, the next-hop address can be ……
 a destination host route with a /128 prefix.
 the “show ipv6 route static” command.
 an IPv6 link-local address on the adjacent router.
 the interface type and interface number.
31. Gateway of last resort is not set.
172.19.115.0/26 is variously subnetted, 7 subnets, 3 masks
O 172.19.115.0/26 [110/10] via 172.19.39.1, 00:00:24, Serial0/0/0
O 172.19.115.64/26 [110/20] via 172.19.39.6, 00:00:56, Serial 0/0/1
O 172.19.115.128/26 [110/10] via 172.19.39.1, 00:00:24, Serial 0/0/0
C 172.19.115.192/27 is directly connected, GigabitEthernet0/0
L 172.19.115.193/27 is directly connected, GigabitEthernet0/0
C 172.19.115.224/27 is directly connected, GigabitEthernet0/1
L 172.19.115.225/27 is directly connected, GigabitEthernet0/1
172.19.39.0/24 is variably subnetted, 4 subnets, 2 masks
C 172.19.39.0/30 is directly connected, Serial0/0/0
L 172.19.39.2/32 is directly connected, Serial0/0/0
C 172.19.39.4/30 is directly connected, Serial0/0/1
L 172.19.39.5/32 is directly connected, Serial0/0/1
S 172.19.40.0/26 [1/0] via 172.19.39.1, 00:00:24, Serial0/0/0
R1#
Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the destination
IP address 172.19.115.206?
 GigabitEthernet0/1
 None, the packet will be dropped.
 GigabitEthernet0/0
 Serial0/0/1
32. Refer to the exhibit. What routing solution will allow both PC A and PC B to access the Internet with the
minimum amount of router CPU and network bandwidth utilization?
  Configure a dynamic routing protocol between R1 and Edge and advertise all routes.
 Configure a static route from R1 to Edge and a dynamic route from Edge to R1.
 Configure a static default route from R1 to Edge, a default route from Edge to the Internet, and a
static route from Edge to R1.
 Configure a dynamic route from R1 to Edge and a static route from Edge to R1.
Explanation: Two routes have to be created: a default route in R1 to reach Edge and a static route in Edge to
reach R1 for the return traffic. This is a best solution once PC A and PC B belong to stub networks. Moreover,
static routing consumes less bandwidth than dynamic routing.
33. Refer to the exhibit. What would happen after the IT administrator enters the new static route?

 The 172.16.1.0 static route would be entered into the running-config but not shown in the routing
table.
 The 172.16.1.0 route learned from RIP would be replaced with the 172.16.1.0 static route.
 The 0.0.0.0 default route would be replaced with the 172.16.1.0 static route.
 The 172.16.1.0 static route is added to the existing routes in the routing table.
Explanation: A route will be installed in a routing table if there is not another routing source with a lower
administrative distance. If a route with a lower administrative distance to the same destination network as a
current route is entered, the route with the lower administrative distance will replace the route with a higher
administrative distance.
34. What two pieces of information are needed in a fully specified static route to eliminate recursive lookups?
(Choose two.)
 the interface ID of the next-hop neighbor
 the interface ID exit interface
 the IP address of the exit interface
  the IP address of the next-hop neighbor
 the administrative distance for the destination network
Explanation: A fully specified static route can be used to avoid recursive routing table lookups by the router.
A fully specified static route contains both the IP address of the next-hop router and the ID of the exit
interface.
35. Refer to the exhibit. Which command will properly configure an IPv6 static route on R2 that will allow
traffic from PC2 to reach PC1 without any recursive lookups by router R2?

 R2(config)# ipv6 route ::/0 2001:db8:32::1

 R2(config)# ipv6 route 2001:db8:10:12::/64 S0/0/0
 R2(config)# ipv6 route 2001:db8:10:12::/64 2001:db8:32::1
 R2(config)# ipv6 route 2001:db8:10:12::/64 S0/0/1
Explanation: A nonrecursive route must have an exit interface specified from which the destination network
can be reached. In this example 2001:db8:10:12::/64 is the destination network and R2 will use exit interface
S0/0/0 to reach that network. Therefore, the static route would be ipv6 route 2001:db8:10:12::/64 S0/0/0.
36. Refer to the exhibit. Which static route would an IT technician enter to create a backup route to the
172.16.1.0 network that is only used if the primary RIP learned route fails?

 ip route 172.16.1.0 255.255.255.0 s0/0/0

 ip route 172.16.1.0 255.255.255.0 s0/0/0 121
 ip route 172.16.1.0 255.255.255.0 s0/0/0 111
 ip route 172.16.1.0 255.255.255.0 s0/0/0 91
Explanation: A backup static route is called a floating static route. A floating static route has an administrative
distance greater than the administrative distance of another static route or dynamic route.
37. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
 Modules 14 – 16: Routing Concepts and Configuration Exam
A user reports that PC0 cannot visit the web server www.server.com . Troubleshoot the network configuration
to identify the problem.
What is the cause of the problem?
 The clock rate on one of the serial links is configured incorrectly.
 A serial interface on Branch is configured incorrectly.
 The DNS server address on PC0 is configured incorrectly.
 Routing between HQ and Branch is configured incorrectly.
Explanation: In order to allow communication to remote networks, proper routing, either static or dynamic, is
necessary. Both routers must be configured with a routing method.
38. Match the routing table entry to the corresponding function. (Not all options are used.)

39. Refer to the exhibit. PC A sends a request to Server B. What IPv4 address is used in the destination field
in the packet as the packet leaves PC A?
  192.168.11.1
 192.168.10.1
 192.168.12.16
 192.168.10.10
Explanation: The destination IP address in packets does not change along the path between the source and
destination.
40. What does R1 use as the MAC address of the destination when constructing the frame that will go from
R1 to Server B?

 If the destination MAC address that corresponds to the IPv4 address is not in the ARP cache, R1
sends an ARP request.
 R1 uses the destination MAC address of S1.
 The packet is encapsulated into a PPP frame, and R1 adds the PPP destination address to the
frame.
 R1 leaves the field blank and forwards the data to the PC.
Explanation: Communication inside a local network uses Address Resolution Protocol to obtain a MAC
address from a known IPv4 address. A MAC address is needed to construct the frame in which the packet is
encapsulated.
41. What route would have the lowest administrative distance?
 a route received through the OSPF routing protocol
 a directly connected network
 a static route
 a route received through the EIGRP routing protocol
Explanation: The most believable route or the route with the lowest administrative distance is one that is
directly connected to a router.
42. What characteristic completes the following statement?
When an IPv6 static route is configured, as a backup route to a static route in the routing table, the “distance”
command is used with ……
 the “show ipv6 route static” command.
 an administrative distance of 2.
 a destination host route with a /128 prefix.
 the interface type and interface number.
43. A router has used the OSPF protocol to learn a route to the 172.16.32.0/19 network. Which command will
implement a backup floating static route to this network?
 ip route 172.16.0.0 255.255.224.0 S0/0/0 100
 ip route 172.16.0.0 255.255.240.0 S0/0/0 200
 ip route 172.16.32.0 255.255.224.0 S0/0/0 200
 ip route 172.16.32.0 255.255.0.0 S0/0/0 100
Explanation: OSPF has an administrative distance of 110, so the floating static route must have an
administrative distance higher than 110. Because the target network is 172.16.32.0/19, that static route must
use the network 172.16.32.0 and a netmask of 255.255.224.0.
44. Consider the following command:

ip route 192.168.10.0 255.255.255.0 10.10.10.2 5

How would an administrator test this configuration?

 Delete the default gateway route on the router.
 Manually shut down the router interface used as a primary route.
 Ping from the 192.168.10.0 network to the 10.10.10.2 address.
 Ping any valid address on the 192.168.10.0/24 network.
Explanation: A floating static is a backup route that only appears in the routing table when the interface used
with the primary route is down. To test a floating static route, the route must be in the routing table. Therefore,
shutting down the interface used as a primary route would allow the floating static route to appear in the
routing table.
45. Refer to the exhibit. Which type of IPv6 static route is configured in the exhibit?

 floating static route

 fully specified static route
 recursive static route
 directly attached static route
Explanation: The route provided points to another address that must be looked up in the routing table. This
makes the route a recursive static route.
46. What characteristic completes the following statement?
When an IPv6 static route is configured, it is first necessary to configure ……
 the next-hop address of two different adjacent routers.
 the “ipv6 unicast-routing” command.
 an IPv6 link-local address on the adjacent router.
 an administrative distance of 2.
47. Gateway of last resort is not set.

172.18.109.0/26 is variously subnetted, 7 subnets, 3 masks

O 172.18.109.0/26 [110/10] via 172.18.32.1, 00:00:24, Serial0/0/0

O 172.18.109.64/26 [110/20] via 172.18.32.6, 00:00:56, Serial 0/0/1

O 172.18.109.128/26 [110/10] via 172.18.32.1, 00:00:24, Serial 0/0/0

C 172.18.109.192/27 is directly connected, GigabitEthernet0/0

L 172.18.109.193/27 is directly connected, GigabitEthernet0/0

C 172.18.109.224/27 is directly connected, GigabitEthernet0/1

L 172.18.109.225/27 is directly connected, GigabitEthernet0/1

172.18.32.0/24 is variably subnetted, 4 subnets, 2 masks

C 172.18.32.0/30 is directly connected, Serial0/0/0

L 172.18.32.2/32 is directly connected, Serial0/0/0

C 172.18.32.4/30 is directly connected, Serial0/0/1

L 172.18.32.5/32 is directly connected, Serial0/0/1

S 172.18.33.0/26 [1/0] via 172.18.32.1, 00:00:24, Serial0/0/0

R1#

Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the destination
IP address 172.18.109.152?
 GigabitEthernet0/0
 GigabitEthernet0/1
 Serial0/0/0
 None, the packet will be dropped.
48. Refer to the exhibit. What will the router do with a packet that has a destination IP address of
192.168.12.227?

 Drop the packet.

 Send the packet out the GigabitEthernet0/0 interface.
 Send the packet out the Serial0/0/0 interface.
 Send the packet out the GigabitEthernet0/1 interface.
Explanation: After a router determines the destination network by ANDing the destination IP address with the
subnet mask, the router examines the routing table for the resulting destination network number. When a
match is found, the packet is sent to the interface associated with the network number. When no routing table
entry is found for the particular network, the default gateway or gateway of last resort (if configured or
known) is used. If there is no gateway of last resort, the packet is dropped. In this instance, the
192.168.12.224 network is not found in the routing table and the router uses the gateway of last resort. The
gateway of last resort is the IP address of 209.165.200.226. The router knows this is an IP address that is
associated with the 209.165.200.224 network. The router then proceeds to transmit the packet out the
Serial0/0/0 interface, or the interface that is associated with 209.165.200.224.
49. Consider the following command:

ip route 192.168.10.0 255.255.255.0 10.10.10.2 5

Which route would have to go down in order for this static route to appear in the routing table?
 a default route
 a static route to the 192.168.10.0/24 network
 an OSPF-learned route to the 192.168.10.0/24 network
 an EIGRP-learned route to the 192.168.10.0/24 network
The administrative distance of 5 added to the end of the static route creates a floating static situation for a
static route that goes down. Static routes have a default administrative distance of 1. This route that has an
administrative distance of 5 will not be placed into the routing table unless the previously entered static route
to the 192.168.10.0/24 goes down or was never entered. The administrative distance of 5 added to the end of
the static route configuration creates a floating static route that will be placed in the routing table when the
primary route to the same destination network goes down. By default, a static route to the 192.168.10.0/24
network has an administrative distance of 1. Therefore, the floating route with an administrative distance of 5
will not be placed into the routing table unless the previously entered static route to the 192.168.10.0/24 goes
down or was never entered. Because the floating route has an administrative distance of 5, the route is
preferred to an OSPF-learned route (with the administrative distance of 110) or an EIGRP-learned route (with
the administrative distance of 110) to the same destination network.
50. What are two advantages of static routing over dynamic routing? (Choose two.)
 Static routing is more secure because it does not advertise over the network.
 Static routing scales well with expanding networks.
 Static routing requires very little knowledge of the network for correct implementation.
 Static routing uses fewer router resources than dynamic routing.
 Static routing is relatively easy to configure for large networks.
Static routing requires a thorough understanding of the entire network for proper implementation. It can be
prone to errors and does not scale well for large networks. Static routing uses fewer router resources, because
no computing is required for updating routes. Static routing can also be more secure because it does not
advertise over the network.
51. What characteristic completes the following statement?
When an IPv6 static route is configured, it is possible that the same IPv6 link-local address is used for …
 a destination host route with a /128 prefix.
 the “ipv6 unicast-routing” command.
 the next-hop address of two different adjacent routers.
 an administrative distance of 2.
52. A network administrator configures the interface fa0/0 on the router R1 with the command ip address
172.16.1.254 255.255.255.0. However, when the administrator issues the command show ip route, the routing
table does not show the directly connected network. What is the possible cause of the problem?
 The subnet mask is incorrect for the IPv4 address.
 The configuration needs to be saved first.
 The interface fa0/0 has not been activated.
 No packets with a destination network of 172.16.1.0 have been sent to R1.
Explanation: A directly connected network will be added to the routing table when these three conditions are
met: (1) the interface is configured with a valid IP address; (2) it is activated with no shutdown command; and
(3) it receives a carrier signal from another device that is connected to the interface. An incorrect subnet mask
for an IPv4 address will not prevent its appearance in the routing table, although the error may prevent
successful communications.

53. Refer to the exhibit. What command would be used to configure a static route on R1 so that traffic from
both LANs can reach the 2001:db8:1:4::/64 remote network?

 ipv6 route 2001:db8:1:4::/64 2001:db8:1:3::1

 ipv6 route 2001:db8:1::/65 2001:db8:1:3::1
 ipv6 route ::/0 serial0/0/0
 ipv6 route 2001:db8:1:4::/64 2001:db8:1:3::2
Explanation: To configure an IPv6 static route, use the ipv6 route command followed by the destination
network. Then add either the IP address of the adjacent router or the interface R1 will use to transmit a packet
to the 2001:db8:1:4::/64 network.

54. Refer to the exhibit. What two commands will change the next-hop address for the 10.0.0.0/8 network
from 172.16.40.2 to 192.168.1.2? (Choose two.)

 A(config)# ip route 10.0.0.0 255.0.0.0 192.168.1.2

 A(config)# ip route 10.0.0.0 255.0.0.0 s0/0/0
 A(config)# no ip address 10.0.0.1 255.0.0.0 172.16.40.2
 A(config)# no network 10.0.0.0 255.0.0.0 172.16.40.2
 A(config)# no ip route 10.0.0.0 255.0.0.0 172.16.40.2
Explanation: The two required commands are A(config)# no ip route 10.0.0.0 255.0.0.0 172.16.40.2 and
A(config)# ip route 10.0.0.0 255.0.0.0 192.168.1.2.

55. Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the
destination IP address 192.168.139.244?

Gateway of last resort is not set.

192.168.139.0/26 is variously subnetted, 7 subnets, 3 masks

O 192.168.139.0/26 [110/10] via 192.168.70.1, 00:00:24, Serial0/0/0

O 192.168.139.64/26 [110/20] via 192.168.70.6, 00:00:56, Serial 0/0/1

O 192.168.139.128/26 [110/10] via 192.168.70.1, 00:00:24, Serial 0/0/0

C 192.168.139.192/27 is directly connected, GigabitEthernet0/0

L 192.168.139.193/27 is directly connected, GigabitEthernet0/0

C 192.168.139.224/27 is directly connected, GigabitEthernet0/1

L 192.168.139.225/27 is directly connected, GigabitEthernet0/1

192.168.70.0/24 is variably subnetted, 4 subnets, 2 masks

C 192.168.70.0/30 is directly connected, Serial0/0/0

L 192.168.70.2/32 is directly connected, Serial0/0/0

C 192.168.70.4/30 is directly connected, Serial0/0/1

L 192.168.70.5/32 is directly connected, Serial0/0/1

S 192.168.71.0/26 [1/0] via 192.168.70.1, 00:00:24, Serial0/0/0

R1#

 GigabitEthernet0/1
 None, the packet will be dropped.
 Serial0/0/1
 GigabitEthernet0/0
56. What characteristic completes the following statement?
When an IPv6 static route is configured, a fully-specified configuration should be used with …
 ::/0.
 the “ipv6 unicast-routing” command.
 the next-hop address of two different adjacent routers.
  a directly connected multiaccess network.
57. Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the
destination IP address 192.168.71.52?

Gateway of last resort is not set.

192.168.139.0/26 is variously subnetted, 7 subnets, 3 masks

O 192.168.139.0/26 [110/10] via 192.168.70.1, 00:00:24, Serial0/0/0

O 192.168.139.64/26 [110/20] via 192.168.70.6, 00:00:56, Serial 0/0/1

O 192.168.139.128/26 [110/10] via 192.168.70.1, 00:00:24, Serial 0/0/0

C 192.168.139.192/27 is directly connected, GigabitEthernet0/0

L 192.168.139.193/27 is directly connected, GigabitEthernet0/0

C 192.168.139.224/27 is directly connected, GigabitEthernet0/1

L 192.168.139.225/27 is directly connected, GigabitEthernet0/1

192.168.70.0/24 is variably subnetted, 4 subnets, 2 masks

C 192.168.70.0/30 is directly connected, Serial0/0/0

L 192.168.70.2/32 is directly connected, Serial0/0/0

C 192.168.70.4/30 is directly connected, Serial0/0/1

L 192.168.70.5/32 is directly connected, Serial0/0/1

S 192.168.71.0/26 [1/0] via 192.168.70.1, 00:00:24, Serial0/0/0

R1#

 The packet will take the gateway of last resort.

 GigabitEthernet0/1
 Serial0/0/0
 None, the packet will be dropped.
58. What characteristic completes the following statement?
When an IPv6 static route is configured, the installation of the route can be verified with ……
 a destination host route with a /128 prefix.
 the interface type and interface number.
 the “show ipv6 route static” command.
 an administrative distance of 2.
59. Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the
destination IP address 10.55.99.78?

Gateway of last resort is not set.

10.55.99.0/26 is variously subnetted, 7 subnets, 3 masks

O 10.55.99.0/26 [110/10] via 10.55.18.1, 00:00:24, Serial0/0/0

O 10.55.99.64/26 [110/20] via 10.55.18.6, 00:00:56, Serial 0/0/1

O 10.55.99.128/26 [110/10] via 10.55.18.1, 00:00:24, Serial 0/0/0

C 10.55.99.192/27 is directly connected, GigabitEthernet0/0

L 10.55.99.193/27 is directly connected, GigabitEthernet0/0

C 10.55.99.224/27 is directly connected, GigabitEthernet0/1

L 10.55.99.225/27 is directly connected, GigabitEthernet0/1

10.55.18.0/24 is variably subnetted, 4 subnets, 2 masks

C 10.55.18.0/30 is directly connected, Serial0/0/0

L 10.55.18.2/32 is directly connected, Serial0/0/0

C 10.55.18.4/30 is directly connected, Serial0/0/1

L 10.55.18.5/32 is directly connected, Serial0/0/1

S 10.55.19.0/26 [1/0] via 10.55.18.1, 00:00:24, Serial0/0/0

R1#

 None, the packet will be dropped.

 GigabitEthernet0/0
 GigabitEthernet0/1
 Serial0/0/1
60. A network administrator configures the interface fa0/0 on the router R1 with the command ip address
172.16.1.254 255.255.255.0 . However, when the administrator issues the command show ip route , the
routing table does not show the directly connected network. What is the possible cause of the problem?
 The subnet mask is incorrect for the IPv4 address.
 No packets with a destination network of 172.16.1.0 have been sent to R1.
 The configuration needs to be saved first.
 The interface fa0/0 has not been activated.
Explanation: A directly connected network will be added to the routing table when these three conditions are
met: (1) the interface is configured with a valid IP address; (2) it is activated with no shutdown command; and
(3) it receives a carrier signal from another device that is connected to the interface. An incorrect subnet mask
for an IPv4 address will not prevent its appearance in the routing table, although the error may prevent
successful communications.
61. Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the
destination IP address 10.3.86.2?

Gateway of last resort is not set.

10.3.86.0/26 is variously subnetted, 7 subnets, 3 masks

O 10.3.86.0/26 [110/10] via 10.3.2.1, 00:00:24, Serial0/0/0

O 10.3.86.64/26 [110/20] via 10.3.2.6, 00:00:56, Serial 0/0/1

O 10.3.86.128/26 [110/10] via 10.3.2.1, 00:00:24, Serial 0/0/0

C 10.3.86.192/27 is directly connected, GigabitEthernet0/0

L 10.3.86.193/27 is directly connected, GigabitEthernet0/0

C 10.3.86.224/27 is directly connected, GigabitEthernet0/1

L 10.3.86.225/27 is directly connected, GigabitEthernet0/1

10.3.2.0/24 is variably subnetted, 4 subnets, 2 masks

C 10.3.2.0/30 is directly connected, Serial0/0/0

L 10.3.2.2/32 is directly connected, Serial0/0/0

C 10.3.2.4/30 is directly connected, Serial0/0/1

L 10.3.2.5/32 is directly connected, Serial0/0/1

S 10.3.3.0/26 [1/0] via 10.3.2.1, 00:00:24, Serial0/0/0

R1#

 GigabitEthernet0/1
 Serial0/0/1
 GigabitEthernet0/0
 Serial0/0/0
62. Match the characteristic to the corresponding type of routing. (Not all options are used.)

Explanation: Both static and dynamic routing could be used when more than one router is involved. Dynamic
routing is when a routing protocol is used. Static routing is when every remote route is entered manually by an
administrator into every router in the network topology.
63. Refer to the exhibit. Which interface will be the exit interface to forward a data packet that has the
destination IP address 172.25.128.244?

Gateway of last resort is not set.

172.25.128.0/26 is variously subnetted, 7 subnets, 3 masks

O 172.25.128.0/26 [110/10] via 172.25.56.1, 00:00:24, Serial0/0/0

O 172.25.128.64/26 [110/20] via 172.25.56.6, 00:00:56, Serial 0/0/1

O 172.25.128.128/26 [110/10] via 172.25.56.1, 00:00:24, Serial 0/0/0

C 172.25.128.192/27 is directly connected, GigabitEthernet0/0

L 172.25.128.193/27 is directly connected, GigabitEthernet0/0

C 172.25.128.224/27 is directly connected, GigabitEthernet0/1

L 172.25.128.225/27 is directly connected, GigabitEthernet0/1

172.25.56.0/24 is variably subnetted, 4 subnets, 2 masks

C 172.25.56.0/30 is directly connected, Serial0/0/0

L 172.25.56.2/32 is directly connected, Serial0/0/0

C 172.25.56.4/30 is directly connected, Serial0/0/1

L 172.25.56.5/32 is directly connected, Serial0/0/1

S 172.25.57.0/26 [1/0] via 172.25.56.1, 00:00:24, Serial0/0/0

R1#
  GigabitEthernet0/0
 GigabitEthernet0/1
 None, the packet will be dropped.
 Serial0/0/1
64. Ipv6 route 2001:0DB8::/32 2001:0DB8:3000::1
Which static route is configured here?
 Floating static
 Recursive static
 Directly attached static
 Fully specified static
Explain: The Router has to look up in the routing table twice to find the exit interface. The first is shown in
the Question now the router has to lookup what interface ex.s0/0/0 that the 3000::1 address is associated with.
route table ex. 2001:0DB8:3000::1 is directly connected, Serial0/0/0. This is the 2nd lookup in the table to
find out that the packet needs to exit the s0/0/0 interface making the first route a recursive and 2nd route a
direct.