Looking for Real Exam Questions for IT Certification Exams!

You can pass any IT certification exam at your first attempt with just 10‐12
hours study of our guides.

Our study guides contain latest actual exam questions, accurate answers with detailed
explanation verified by experts and all graphics and drag‐n‐drop exhibits shown just as on
the real test.

To test the quality of our guides, you can download the one‐fourth portion of any guide
from http://www.certificationking.com absolutely free. You can also download the guides
for retired exams that you might have taken in the past.

For pricing and placing order, please visit http://certificationking.com/order.html

We accept all major credit cards through www.paypal.com

For other payment options and any further query, feel free to mail us at
[email protected]
 Product Questions: 550
Version: 33.0
Question: 1

Which two VLAN ranges can you add. modify or delete on a switch'? (Choose two)

A. 1 through 1001
B. 1006 through 4094
C. 1005 through 4094
D. 2 through 1001
E. 2 through 4094

Answer: BD

Question: 2

Which Cisco technology provides network redundancy by combining two physically separate
switches to a single logical switch'?

A. VSS
B. IPPS
C. PAGP
D. LACP

Answer: A

Question: 3

Which two commands configure RSPAN to capture incoming and outgoing traffic on a single
interface'? (Choose two)

A. monitor session 1 source interface gigabitethernetl/0/2 tx

B. monitor session 1 destination remote vlan 910
C. monitor session 1 source interface gigabitethernetl/0/1 rx
D. monitor session 1 destination interface gigabitethernetl/0/2 rx
E. monitor session 1 source interface gigabitethernet1/0/2 both

Answer: BE

Question: 4

Which feature is enabled automatically when you configure HSRP on an interface?

A. ICMP redirect messages

B. HSRP tracking
C. IGMP snooping

Page | 2
D. HSRP preemption

Answer: A

Question: 5

Which command do you enter to troubleshoot a misconfigured EtherChannel?

A. CORE-SW(config)#spanning-tree etherchannel guard misconfig.

B. CORE-SW(config-if)#spanning-tree guard root
C. CORE-SW(config-if)#spanning-tree loopguard default
D. CORE-SW(config-if)#spanning-tree etherchannel guard misconfig

Answer: A

Question: 6

Which statement about configuring an RSPAN session is true?

A. RSPAN supports, by default, the monitoring of Layer 2 switch protocols.

B. The same RSPAN VLAN is used for a RSPAN session on all the switches.
C. Only the source switch in a session must support RSPAN
D. At least one access port must be configured in the RSPAN VLAN

Answer: B

Question: 7

Which command maximizes system resources for ACLs?

A. sdm prefer default

B. sdm prefer routing
C. sdm prefer access
D. sdm prefer vlan

Answer: C

Question: 8

Which option is a benefit of configuring UDLD on a link between two switches?

A. UDLD removes switching loops.

B. UDLD helps prevent switching loops
C. UDLD provides a backup mechanism for fiber.
D. UDLD determines the best switching path

Answer: B

Question: 9

Which two tasks must you perform to configure DHCP snooping on a device? (choose two)

Page | 3
A. Enable DHCP snooping on the VLAN
B. Enable VRF support for the DHCP relay agent
C. Enable DHCP snooping globally
D. Enable DHCP packet validation on the device.
E. Enable DHCP option 82.

Answer: AC

Question: 10

When the switches in a Cisco Stack Wise stack elect a new master switch, which value is used as the
primary selector'?

A. lowest uptime
B. highest MAC address
C. lowest MAC address
D. highhest administrator assigned priority

Answer: D

Question: 11

Which two commands display trunking information on one or more Ethernet interfaces? (Choose
two)

A. show interfaces summary

B. show interface trunk
C. show interface brief
D. show interface switchport
E. show interface

Answer: BD

Question: 12

Which command displays the current SDM template?

A. show sdm prefer routing

B. show sdm prefer layer 2
C. show sdm prefer
D. show sdm prefer default

Answer: C

Question: 13

Which statement about SPAN is true'?

A. it uses a specific VLAN to transfer mirrored traffic.

B. SPAN destinations also can be SPAN sources.

Page | 4
C. It is an industry standard protocol for mirroring traffic
D. SPAN destinations participate in spanning tree instances
E. It mirrors traffic from a source port to a destination port on the same switch only

Answer: D

Question: 14

Which two TLVs are included in Cisco Discovery Protocol advertisements? (Choose two)

A. Native VLAN TLV

B. VTP Management Domain TLV
C. Network Policy TLV
D. System Name TLV
E. Inventory Management TLV

Answer: AB

Question: 15

Which command configures ail access ports on a switch to immediately enter the forwarding state
when the switch is reset?

A. spanning-tree portfast
B. spanning-tree portfast bpduguard default
C. spanning-tree portfast default
D. spanning-tree portfast bpdufilter default

Answer: A

Question: 16

Which command overrides the default priority of frames on an IP phone?

A. mls qos trust dsip

B. switchport priority extend trust
C. mls qos trust cos
D. mls qos trust cos
E. priority-queue out

Answer: B

Question: 17

Which two commands must you use to configure an interface to send traffic from a non-default
native VLAN across a link that supports all VLANs? (Choose two)

A. encapsulation dot1Q 90 native

B. switchport trunk native vlan 90
C. switchport access vlan 1
D. switchport mode trunk

Page | 5
E. switchport access vlan 90

Answer: BD

Question: 18

Which feature can protect a Layer 2 port from spoofed IP addresses?

A. uRPF
B. port security
C. IP source guard
D. DHCP snooping

Answer: D

Question: 19

Which type of port can serve as a Cisco StackWise Virtual link?

A. an uplink port only

B. any physical port
C. a downlink port only
D. a switched port only

Answer: B

Question: 20

Which command enables you to determine whether any interface on a device was shut down as a
result of a port security violation?

A. show errdisable detect

B. show interface err-disabled status
C. show port-security address
D. show port-security

Answer: D

Question: 21

Which two accounting types does AAA support'? (Choose two)

A. authorization
B. privilege
C. system
D. connection
E. authentication

Answer: AE

Question: 22

Page | 6
Which feature can prevent ARP POISINING ATTACKS ON A DEVICE?

A. Dynamic MAC Inspection

B. MAC snooping
C. CGMP snooping
D. DHCP snooping
E. Dynamic ARP inspection
F. Static ARP inspection

Answer: D

Question: 23

Which two statements about configuring VLANs on switches in VTP server mode are true'? (Choose
two)

A. The first VLAN configured on a switch becomes the native VLAN

B. Devices in a topology without a router can communicate only with other devices on the same
VLAN.
C. Newly configured VLANs remain in the down state until they are manually enabled
D. VLANs must be configured individually
E. Switches in the same domain propagate their VLAN configurations over VTP

Answer: CD

Question: 24

Refer to the exhibit

Which two statements about the network environment of the interface that generated this output
are true? (Choose two)

A. The configured VRRP priority of the interface is 120

B. The skew time is .531 seconds
C. The configured VRRP priority of the interface is 105.
D. The device on which the interface resides is acting as a standby router.
E. If the priority of another router is higher than the priority of the master router after 3.351 seconds

Answer: AB

Question: 25

Page | 7
If all switches in a network have the same spanning-tree priority, which switch is elected as the root
bridge?

A. the switch with the lowest MAC address.

B. the switch with the highest physical interface IP address.
C. the switch with the highest MAC address
D. the switch with the lowest loopback interface IP address

Answer: A

Question: 26

Which command enables you Id detect whether both sides of an aggregate link are configured
properly?

A. spanning-tree etherchannel guard misconfig

B. spanning-tree backbone fast
C. spanning-tree loopguard default.
D. spanning-tree guard root

Answer: A

Question: 27

Which command identifies the learned addresses in the MAC address table for a device?

A. show mac address-table multicast

B. show mac address-table static
C. show mac address-table move update
D. show mac address-table dynamic

Answer: D

Question: 28

Which VTP mode you configure on a VTP domain so that the switch with the highest VTP
configuration revision number in the domain propagates VLAN information to the other switches?

A. client mode
B. server mode
C. off mode
D. transparent mode

Answer: B

Question: 29

Which two tasks must you perform to correctly configure IP Source Guard on a switch? (Choose two)

A. Enable DHCP option 82

B. Enable DHCP packet validation on the device

Page | 8
C. Configure the DHCP snooping relay
D. Enable DHCP snooping on the switch
E. Configure the Ip verify source vlan dhcp-snooping command

Answer: DE

Question: 30

Which two commands display the VLANs that are present in the VLAN database? (Choose two)

A. show vlan brief

B. show running-config
C. show vlan
D. show vlan databas
E. show vlan id

Answer: AC

Question: 31

Which two differences between RADIUS and TACACS+ are true? (Choose two)

A. Only TACACS+ can combine authentication and authorization functions

B. Only RADIUS uses UDP
C. Only RADIUS provides granular control over the CLI commands that a user can execute
D. Only TACACS+ uses user privilege levels to determine which commands the user can execute
E. Only TACACS+ uses UDP

Answer: AB

Question: 32

Which statement about local database device authentication is true?

A. It supports the full functionality of the AAA accounting feature

B. It can be used as a fallback authentication method when the connection to the remote network
access server fails.
C. It is most appropriate for authentication on a large network with many endusers
D. It is primarily used for authentication without usernames

Answer: B

Question: 33

How many active virtual gateways can each GLBP group support?

A. 1
B. 2
C. 4
D. 16

Page | 9
 Answer: C

Question: 34

Which option is the value of the Tag Protocol Identifier for an 802 1Q tagged frame?

A. 0x0806
B. 0x888E
C. 0x0800
D. 0x8100

Answer: D

Question: 35

Which two statements about IP Source Guard are true? (Choose two)

A. It works together with DHCP snooping to verify source IP packets

B. When it is first enabled, it blocks all IP packets except DHCP packets
C. It is enabled automatically when DHCP snooping is enabled
D. When it is configured on a Layer 2 port channel, it is applied only to the port channel interface
E. When it is first enabled, it allows all IP packets except DHCP packets
F. It must be enabled globally for all ports

Answer: DF

Question: 36

Which command disables spanning tree on multiple ports?

A. no spanning-tree vlan <vlan_range>

B. no spanning-tree mode pvst
C. no spanning-tree mode mst
D. no spanning-tree mode rapid-pvst

Answer: A

Question: 37

Which two statements about RADIUS are true? (Choose two)

A. it uses UDP packets to communicate.

B. It supports several less-common protocols in addition to IP
C. It combines authentication and authorization functions.
D. It is less secure than TACACS+ because it encrypts only the user name and password.
E. It combines authentication and accounting functions.

Answer: AC

Question: 38

Page | 10
Which two tasks must you perform to enable AAA operations with a remote security database?
(Choose two)

A. Configure network equipment to query the remote security database.

B. Configure a user profile in the local database of each device to which the user will have access.
C. Configure SSH to provide remote access to network equipment.
D. Configure Cisco Discovery Protocol on all interfaces used for authentication.
E. Configure user profiles on the remote security database.

Answer: BE

Question: 39

Which two requirements for dot1 q trunking in IOS are true? (Choose two)

A. ISL must be enabled on the same link

B. MST must be running it extended VLANs are in use.
C. The encapsulation protocol must be the same on each end of the trunk.
D. Spanning-tree PortFast must be enabled.
E. The native VLAN must have the same number on each side of the link

Answer: CE

Question: 40

In which UDLD mode does a link remain up, even when a unidirectional link failure is detected?

A. aggressive
B. enable
C. reset
D. normal

Answer: A

Question: 41

Which two features are new in VTPv3? (Choose two)

A. extended VLAN support

B. support for token ring VLANs
C. using multiple switches in the server role
D. private VLAN propagation
E. transparent mode

Answer: AD

Question: 42

Which command configures an interface to accept LLDP packets without enabling the interface to
send the packets?

Page | 11
A. IIdp run
B. IIdp transmit
C. IIdp tiv-select
D. IIdp receive

Answer: D

Question: 43

Which device type can act as a client in a system that uses TACACS+?

A. router
B. ADserver
C. end user wireless device
D. end user workstation

Answer: B

Question: 44

Which two statements about source port monitoring in SPAN are true? (Choose two)

A. Traffic through a destination port can be copied and included in the SPAN session.
B. It can monitor individual interfaces within a port channel
C. The entire EtherChannel must be monitored.
D. It can monitor only FaStEthernet and GigabitEthernet port types.
E. It can monitor ingress and egress traffic

Answer: AE

Question: 45

Which AAA authorization method uses a vendor-neutral directory information protocol?

A. LDAP
B. TACACS+
C. RADIUS
D. Kerberos

Answer: C

Question: 46

Which type of load balancing is most appropriate for an Etherchannel that passes traffic from
multiple sources to a single end device?

A. destination IP address forwarding

B. source and destination IP address forwarding
C. destination MAC address forwarding
D. source MAC address forwarding

Page | 12
 Answer: C

Question: 47

Which statement is true when UDLD is configured on a link and the link is determined to be
unidirectional?

A. The port remain up for a configured time interval and then error disables if the link remains
unidirectional.
B. LLDP is enabled on the port.
C. The port sends a log message to the console.
D. The port is disabled immediately

Answer: C

Question: 48

Which three features of AAA with TACACS+ are true? (Choose three.)

A. It encrypts the entire transmission.

B. It encrypts the password for transmission.
C. It secures access to endpoint devices.
D. It secures access to network devices.
E. It separates authorization and authentication functions.
F. It integrates authorization and authentication functions.

Answer: A, D, E

Question: 49

Which two statements about VTP are true? (Choose two.)

A. A switch running in transparent mode saves learned VLANs to its local database.
B. t supports clear-text passwords only.
C. In VTPv2, a new switch can learn the VTP domain name from its peer over a trunk port.
D. Switches running in transparent mode pass VTP messages.
E. It supports only server switch within a network.

Answer: A, D

Question: 50

Refer to the exhibit.

You have applied this configuration to Switches A, B, C, and D, and the switches are connected to one
another on access ports. Which two additional actions must you take to enable the hosts on VLAN 3
to communicate with one another considering future growth with hosts on additional VLANs?
(Choose two.)

Page | 13
A. Assign VLAN 3 to the ports connecting to the hosts.
B. Configure VLAN 3 as an SVI with a working IP address.
C. Configure VLAN 3 in VLAN database mode.
D. Configure VTP transparent mode to allow hosts with additional VLANs.
E. Reconfigure the access ports connecting the switches as trunk ports.

Answer: A, E

Question: 51

Which Cisco StackWise feature is supported?

A. using different versions of the Cisco IOS on each switch

B. using different SDM templates on each switch
C. using same software feature set on all members
D. using mixed software feature set on all members

Answer: C

Question: 52

Under which two conditin does Cisco StackWise Virtual transmit data over a virtual link? (Choose
two.)

A. Packets are processed on the ingress interface on the standby switch.

B. A VLAN is flooded over Layer 2.
C. Packets are processed on the ingress interface on the active switch.
D. Packets are processed on the egress interface on the standby switch.
E. Packets are processed on the egress interface on the active switch.

Answer: B, C

Question: 53

SIMULATION
LAB

Page | 14
 Answer: The
information of the
question
VTP Domain name : cisco
VLAN Ids 20 31
IP Addresses 172.16.71.1/24 172.16.132.1/24
These are your specific tasks:
1. Configure the VTP information with the distribution layer switch as the VTP server
2. Configure the VTP information with the access layer switch as a VTP client
3. Configure VLANs on the distribution layer switch
4. Configure inter-VLAN routing on the distribution layer switch
5. Specific VLAN port assignments will be made as users are added to the access layer switches in the
future.
6. All VLANs and VTP configurations are to completed in the global configuration To configure the
switch click on the host icon that is connected to the switch be way of a serial console cable.
Answer: Please refer to Explanation below:
Explanation:
The information of the question
These are your specific tasks:
1. Configure the VTP information with the distribution layer switch TestKing1 as the VTP server

Page | 15
2. Configure the VTP information with the access layer switch TestKing2 as a VTP client
3. Configure VLANs on the distribution layer switch TestKing1
4. Configure inter-VLAN routing on the distribution layer switch TestKing1
5. Specific VLAN port assignments will be made as users are added to the access layer switches in the
future.
6. All VLANs and VTP configurations are to completed in the global configuration To configure the
switch click on the host icon that is connected to the switch be way of a serial console cable.
vtp server configuration:
switch#conf t
switch(config)#vtp mode server
switch(config)#vtp domain CISCO
switch(config)#vlan 20
switch(config)#vlan 31
switch(config)#int vlan 20
switch(if-config)#ip add 172.64.20.1 255.255.255.0
switch(if-config)#no shut
switch(if-config)#int vlan 31
switch(if-config)#ip add 192.162.31.1 255.255.255.0
switch(if-config)#no shut
switch(if-config)#exit
switch#ip routing
switch#copy run start
vtp client configuration:
switch#conf t
switch(config)#vtp mode client
switch(config)#vtp domain CISCO
switch#copy run start

Question: 54
SIMULATION
LAB

Page | 16
VTP Domain name : cisco
VLAN Ids 20 31
IP Addresses 172.16.71.1/24 172.16.132.1/24
These are your specific tasks:
1. Configure the VTP information with the distribution layer switch as the VTP server
2. Configure the VTP information with the access layer switch as a VTP client
3. Configure VLANs on the distribution layer switch
4. Configure inter-VLAN routing on the distribution layer switch
5. Specific VLAN port assignments will be made as users are added to the access layer switches in the
future.
6. All VLANs and VTP configurations are to completed in the global configuration To configure the
switch click on the host icon that is connected to the switch be way of a serial console cable.
Answer: Please refer
to explanation below:
Explanation:
vtp server configuration:
switch#conf t
switch(config)#vtp mode server
switch(config)#vtp domain CISCO
switch(config)#vlan 20

Page | 17
switch(config)#vlan 31
switch(config)#int vlan 20
switch(if-config)#ip add 172.64.20.1 255.255.255.0
switch(if-config)#no shut
switch(if-config)#int vlan 31
switch(if-config)#ip add 192.162.31.1 255.255.255.0
switch(if-config)#no shut
switch(if-config)#exit
switch#ip routing
switch#copy run start
vtp client configuration:
switch#conf t
switch(config)#vtp mode client
switch(config)#vtp domain CISCO
switch#copy run start
Alternative #1
VTP Domain Distribution
VLAN Ids 20 31
IP Addresses 172.16.16.1/24 172.16.193.1/24
Alternative #12
VTP Domain Distribution
VLAN Ids 30 21
IP Addresses 172.16.203.1/24 172.16.93.1/24

Question: 55
DRAG DROP
Drag and drop the characteristic from the left to the matching STP feature on the right.

Answer:

Page | 18
Question: 56
DRAG DROP
Drag the description from the left to add on appropriate section of Port Cost / Switch Port Priority /
Port Priority

Page | 19
 Answer:

Question: 57
DRAG DROP

Page | 20
Drag the description from the left to add on appropriate section on right

Answer:

Question: 58
DRAG DROP
Drop the STP components from the left onto the correct descriptions on the right.

Page | 21
 Answer:

Question: 59
DRAG DROP
Drag and drop the LLDP-MED TLVs from the left onto the correct statements on the right.

Page | 22
 Answer:

Question: 60
DRAG DROP
Drag the appropriate from left to right on description.

Page | 23
 Answer:

Question: 61
DRAG DROP
Drag the appropriate from left to right on description.

Page | 24
 Answer:

Question: 62
DRAG DROP
Drag the appropriate from left to right on description.

Page | 25
 Answer:

Question: 63
DRAG DROP
Drag and drop the statements about SPAN source and destination ports from the left onto the correct
port types on the right

Page | 26
 Answer:

Question: 64
Refer to the exhibit.

Page | 27
Which two statements about the network environment are true? (Choose two)

A. The two aaaa.aaaa.aaaa MAC address entries must be from the same VLAN
B. Interfaces Fa0/a and Fa0/3 cannot communicate via Layer 2 switching
C. Interfaces Fa0/1 and Fa0/2 cannot communicate via Layer 2 switching
D. The two aaaa.aaaa.aaaa MAC address entries must be from different VLANs
E. Interfaces Fa0/2 and Fa0/3 can communicate via Layer 2 switching.

Answer: CD

Question: 65

Which command configures VLAN 99 as an untagged VLAN on a trunk?

A. switchport access vlan 99

B. switchport trunk pruning vlan except 99
C. switchport trunk allowed vlan 99
D. switchport trunk native vlan 99

Answer: D

Question: 66

Which two DTP negotiated interface mode combinations negotiate to form an access port? (Choose
two )

A. dynamic auto and dynamic auto

B. renegotiate and trunk
C. dynamic auto and trunk
D. dynamic desirable and access
E. dynamic desirable and dynamic auto

Answer: AD

Question: 67

Refer to the exhibit.

Page | 28
Currently, R1 is the VRRP master virtual router. Which statement about the VRRP configuration on R1
and R2 is true?

A. Communication between VRRP members is encrypted using MD5.

B. R1 has a route to 10.10.1.1/32 in its routing table.
C. R2 does not have a route to 10.10.1.11/32 in its routing table.
D. R2 becomes master if R1 reboots or track in R1 does not fail.

Answer: B

Question: 68

Which two statements about StackWise are true? (Choose two.)

A. It groups multiple switch ports as a single EtherChannel.

B. It can use one IP address to communicate with n/w (network).
C. It monitors multiple switches from a central console.
D. It enables multiple switch ports to share a single master configuration.
E. It allows multiple switches to operate as a single switch.

Answer: BE

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-
switches/prod_white_paper09186a00801b096a.html

Question: 69

Page | 29
A physical switch port is part of an EtherChannel group. What happens while the same port is
configured as a SPAN destination?

A. The port is removed from the EtherChannel group.

B. The operation is not allowed as an EtherChannel member cannot be a SPAN source port.
C. The port forwards traffic in the EtherChannel group and acts as a SPAN source simultaneously.
D. The port is put in the errdisabled state and can only be re-enabled manually.

Answer: A

Question: 70

Which two conditions must be met to establish a Layer 2 EtherChannel? (Choose two.)

A. SPAN must be disabled on the ports.

B. LAN ports in the EtherChannel must be contiguous.
C. The trunking protocol must be the same for all links in the EtherChannel.
D. All ports in the EtherChannel must be on the same module.
E. All ports in the EtherChannel must operate in half duplex.

Answer: AC

Question: 71

Which two authentication types does VRRP support? (Choose two.)

A. Plain-text
B. CHAP
C. PAP
D. 802.1x
E. MD5

Answer: AE

Question: 72

Which two new features are included in VTPv3? (Choose two.)

A. VTPs can now be configured in off mode.

B. It can be configured to prevent the override of the VLAN database.
C. VTP now supports MD5 passwords.
D. VLANs configured for token ring are now eligible to participate in VTP.
E. VLANs in the extended range are now eligible to participate in VTP.

Answer: AE

Explanation/Reference:
http://brbccie.blogspot.com/2014/07/vtp-v3.html
Supports extended VLANs (1006 - 4094)
VTP can now be turned off completely, as opposed to just transparent mode
Fixes the bane of VTP v1/2, the accidental-high-configuration-revision-wipes-out-your-network issue,

Page | 30
by design it does this no configuration is necessary.

Question: 73

Which feature actively validates DHCP messages and drops invalid messages?

A. IGMP snooping
B. DHCP host tracking
C. CGMP binding
D. DHCP snooping
E. DHCP inspection
F. Dynamic ARP inspection

Answer: D

Question: 74

Which two limitations of local SPAN are true? (Choose two.)

A. The source and destination ports must reside in the same switch or switch stack.
B. It can monitor only traffic that ingresses or egresses on the source interface or VLAN.
C. A SPAN session can support multiple destination ports only if they are on the same VLAN.
D. Each SPAN session supports only one source VLAN or interface.
E. A switch can support only one local SPAN session at a time.

Answer: AB

Question: 75

DRAG DROP
Drag and drop the characteristic from the left to the matching STP category on the right

Page | 31
 Answer:

Question: 76
Refer to the exhibit.

You have configured routers R1 and R2 with VRRP for load sharing as shown. Which two effects of
this configuration are true? (Choose two.)

A. Router R2 is the primary gateway for 10.1.0.1 and Router R1 is the primary gateway for 10.1.0.10.
B. PC2 and PC4 use router R1 as the primary gateway.

Page | 32
C. The four PCs send all request to router R1, which forward traffic to router R2 as necessary.
D. Router R1 is the primary gateway for 10.1.0.1 and router R2 is the primary gateway for 10.1.0.10.
E. PC1 and PC3 use router R1 as the primary gateway.
F. The four PCs send packets round-robin between routers R1 and R2.

Answer: DE

Question: 77

Which two prerequisites for HSRP to become active on an interface are true? (Choose two.)

A. Cisco Express Forwarding must be disabled globally.

B. The VIP must be in the same subnet as the primary IP address.
C. A Virtual-MAC address must be configured on the interface.
D. An IP address must be configured on the interface.
E. PIM routing must be disabled on the interface.

Answer: BD

Question: 78

Refer to the exhibit.

Which two statements about the network environment of the device that generated this output are
true? (Choose two.)

A. The default hello and hold timer values are in use.

B. The standby router can take the active HSRP if it fails to receive a hello packet from the active
router within 1.616 seconds.
C. The priority value of the HSRP group is 1.
D. HSRP version 2 is in use.
E. The standby router can take the active HSRP role if it fails to receive a hello packet from the active
router within 10 seconds.

Answer: AE

Question: 79

Which two statements about Cisco Discovery Protocol are true? (Choose two)

Page | 33
A. It is not supported with SNMP
B. It runs on OSI Layer 2
C. It is supported on Frame Relay subinterfaces
D. It uses a TLV to advertise the native VLAN
E. It runs on OSI Layer 1

Answer: BD

Question: 80

Which two statements about GLBP are true? (Choose two.)

A. The AVF responds to ARP request for the virtual IP address.

B. The LAN client traffic is handled by the active AVF only.
C. The AVG assigns virtual MAC addresses to GLBP group members.
D. The AVF assigns virtual MAC addresses to GLBP group members.
E. The AVG responds to ARP requests for the virtual IP address.

Answer: CE

Question: 81

Which command is required for root guard for Cisco device to place ID:2071948x?
(Where x is the last digit ID)

A. (config if)# spanning-tree guard root

B. (config)# spanning-tree guard root
C. (config-if)# spanning-tree root guard
D. (config)# spanning-tree root guard

Answer: A

Question: 82

Which component does the GLBP client cache stores for each host of a particular GLBP group?

A. IP address
B. MAC address
C. VLAN
D. Token ring
E. DCSP

Answer: B

Question: 83

Which three design types of capable Ethernet LANs does HSRP support? (Choose three.)

A. Multicaccess
B. Multicast

Page | 34
C. Broadcast
D. Unicast
E. Token Ring
F. FDDI

Answer: ABC

Question: 84

Which statement is true when one of its virtual gateway redundancy with an AVF has failed?

A. If an AVF has failed, one of the primary virtual forwarders in the listen state assumes responsibility
for the virtual MAC address.
B. If an AVF has failed, one of the secondary virtual forwarders in the listen state assumes
responsibility for the virtual MAC address.
C. If an AVF has failed, one of the secondary virtual forwarders in the listen state will also fail.
D. If an AVF has failed, one of the primary virtual forwarders in the listen state will also fail.

Answer: B

Question: 85

In which state does the standby virtual gateway take election?

A. learn
B. listen
C. init
D. reply

Answer: B

Question: 86

Which statement about GLBP is true?

A. Unused bandwidth is never utilized.

B. They communicate under TCP port 3222 for both source and destination.
C. They become active if any of the existing forwarding switches fail.
D. They become restricted if any of the existing forwarding switches fail.

Answer: C

Question: 87

Which feature rate-limits DHCP traffic?

A. DHCP Snooping
B. DHCP Acknowledge
C. DHCP Request
D. DHCP Spoofing

Page | 35
 Answer: A

Question: 88

How can you set VLAN 99 on a trunk to become a native VLAN?

A. switchport trunk native vlan 99

B. switchport trunk vlan 99 native
C. switchport native vlan 99 trunk
D. switchport native trunk vlan 99
E. switchport vlan 99 native
F. switchport vlan native trunk 99

Answer: A

Question: 89

Which two statements correctly describe the benefits of GLBP? (Choose two.)

A. it can load-share LAN traffic across up to four AVFs in a GLDP group

B. it uses dual active AVGs for redundancy
C. LAN traffic can be distributed to up to six routers in a GLBP group
D. It supports up to 128 virtual routers per physical interface
E. It can automatically adjust group weighting when an interface goes down.

Answer: AE

Question: 90

Which two statements about manually-configured LACP EtherChannels are true? (Choose two)

A. LACP negotiation must be disabled on both devices in the EtherChannel

B. They require Cisco Discovery Protocol
C. Each Physical port in the EtherChannel must have the same speed and duplex settings.
D. LACP negotiation must be disabled on one device in the EtherChannel
E. They use an MD5 hash for equal load balancing.
F. If the physical port configurations on the two devices are different, the ports are placed into the
errdisabled state

Answer: AC

Question: 91

Which two statements about extended-range VLANs are true? (Choose two.)

A. They support pruning

B. They can be created in VTP server mode in VTP version 3.
C. VTP versions 1 and 2 store extended range VI ANs in the VLAN database
D. They can be created when the switch is in VTP server mode.
E. VTP version 3 stores extended range VLANs in the VLAN database

Page | 36
 Answer: BE

Question: 92

When Ether Channel guard is enabled and a misconfiguration is detected on a port, how does the
port respond"?

A. It enters the channel-error state

B. enters the errdisable state
C. The port remains up. but it is unable to pass traffic
D. enters the shutdown state
E. The port state remains unchanged, but the EtherChannel stays down.

Answer: B

Question: 93

Which three pieces of information about the remote device are reported by Cisco Discovery
Protocol? (Choose
three.)

A. The routing protocols in use on the device

B. Its spanning-tree state
C. Its hostname
D. Its port number
E. Its configuration register value
F. Its hardware platform

Answer: CDF

Question: 94

When port security is configured on a switch, which violation mode is the default?

A. shutdown
B. logging
C. no change
D. error disable

Answer: A

Question: 95

For which reason does an administrator disable MAC address learning within a VLAN?

A. to configure a VLAN as an SVI

B. to free up space in the MAG address table
C. to implement port security
D. to reduce flooding in the network

Answer: C

Page | 37
Question: 96

Which command can be used to block a frame with an unknown destination MAC address from being
forwarded out of an interface?

A. Switchport protected
B. It is not forwarded it the destination MAC address is unknown
C. switchport port-fast
D. switchport block unicast

Answer: A

Question: 97

Refer to the exhibit.

Which two statement can be derived from the output of the show standby command? (Choose two.)

A. R2 Fai/O regains mastership when the link comes back up.

B. R2 becomes the active router after the hold time expires.
C. Router with IP 10.10 1 3 is active because it has a higher IP address.
D. If Fa0/0 is shut down, the HSRP priority on R2 becomes 80.
E. R2 is using the default HSRP hello and hold timers.

Answer: DE

Question: 98

Which two statements about HSRP, GLBP, and VRRP are true? (Choose two.)

A. HSRP is the preferred protocol to be used on multivendor environments.

B. VRRP has one master router, one standby router, and many listening routers.
C. GLBP allows for a maximum of four MAC addresses per group.
D. HSRP supports up to 255 groups on the same switch or router.
E. VRRP is a Cisco proprietary protocol.

Answer: C, D

Page | 38
Question: 99

When a Layer 2 EtherChannel is configured, which statement about interaction with the Spanning
Tree Protocol is true?

A. Spanning Tree uses only the member ports for forwarding

B. Spanning Tree uses the port channel for forwarding.
C. Spanning Tree uses the port channel and member ports for forwarding
D. Spanning Tree does not use port channels in loop prevention.

Answer: B

Question: 100

Which statement about the default behavior of a Cisco switch MAC address table is true?

A. MAC addresses are not learned on extended VLANs.

B. MAC addresses are aged out of the MAC table after 600 seconds.
C. MAC addresses are associated with a VLAN.
D. MAC address filtering is enabled on trunk ports.

Answer: D

Question: 101

DRAG DROP
Drag and drop the correct statements about HSRP from the left into the True column on the right
Not all options arc used.

Answer:

Page | 39
Question: 102
Which two statements about the monitored traffic in a SPAN session are true? (Choose two )

A. You cannot configure two separate SPAN or RSPAN source sessions with separate or overlapping
sets of SPAN source ports and VLANs.
B. By default, all monitored packets are captured without the IEEE 802.1Q tag
C. Egress SPAN monitors packets sent by the source interface before any QoS modifications
D. Sources can be ports or VLANs or any combination in the same session
E. By default, all monitored packets include the IEEE 802.1Q tag that they had on the source port
F. Ingress SPAN monitors packets received by the source interface before any QoS modifications

Answer: CF

Question: 103

Which configuration do you apply to a device to place interface GigabrtEthernet0/0 info VRRP group
10?

A. interface GigabitEthernet0/0
ip address 172.16.13.2 265 255.255.0
standby 10 ip 172.16.13.254 255.255.255.0
standby 10 priority 120
standby 10 preempt
B. interface GigabitEthernet0/0
description to Executive Offices A 08-38338
ip address 172.16.13.2 265.255.255.0
vrrp 10 ip 172.16.13.254 255.255.255.0
vrrp 10 active
C. interface GigabitEthernet0/0
description to Executive Offices A 08-38338
ip address 172.16.13.2 255.255.250.0
vrrp group 10 ip 172.16.13.254 255.256.255.0
vrrp group 10 priority 120
D. interface GigabitEthernet0/0
ip address 172.16.13.2 255.255.255.0
vrrp 10 ip 172.16.13.254
vrrp 10 priority 120
vrrp 10 preempt
E. interface GigabitEthernet0/0
ip address 172.16.13.2 255.255.255.0

Page | 40
vrrp 10 ip 172.16.13.254 256.255.255.0
vrrp 10 priority 120
vrrp 10 preempt
F. interface GigabitEthernet0/0
ip address 172.16.13.2 255.255.255.0
standby 10 ip 172.16.13.254

Answer: D

Question: 104

Which virtual MAC address does HSRP group 37 use with default configuration?

A. C0.00:00:25:00:00
B. 00:00:0c:07:ac:25
C. C0:00:00:37:00:00
D. 00:00:00c:07:ac:37

Answer: B

Question: 105

Which statement about the configuration of a trunk port as the source of a SPAN session is true?

A. Only VLANs that are configured individually as SPAN sources are monitored.
B. All VLANs on the trunk are monitored.
C. The trunk is errdisabled automatically.
D. All VLANs on the trunk are monitored, provided the SPAN destination port is a trunk.

Answer: B

Question: 106

On which PVLAN type can host ports communicate with promiscuous ports?

A. primary
B. community
C. promiscuous
D. isolated

Answer: C

Question: 107

Which feature places a port in an err-disabled state when it receives an unanticipated BPDU?

A. loop guard
B. root guard
C. BPOU guard
D. BPDU filtering

Page | 41
 Answer: C

Question: 108

Which two functions of DHCP snooping are true? (Choose two.)

A. It listens to multicast messages between senders and receivers

B. It filters invalid messages from untrusted sources.
C. It rate-limits DHCP traffic from trusted and untrusted sources.
D. It helps build the route table
E. It correlates IP addresses to hostnames.

Answer: BC

Question: 109

Which feature do you implement so that a physical port enters the loop inconsistent state if it fails to
receive BPDUs?

A. loop guard
B. loop disable
C. root guard
D. flex links
E. BPDU ignore
F. loop block

Answer: A

Question: 110

Which two restrictions of the port security feature are true? (Choose two.)

A. It is not supported on destination SPAN ports.

B. It is not supported on EtherChannel port-channel interfaces.
C. Static port MAC address assignments are not supported
D. A single device can learn a maximum of three sticky MAC addresses.
E. It is not supported on PVLAN ports.

Answer: BC

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-
2SY/configuration/guide/sy_swcg/port_security.html#84716

Question: 111

Refer to the exhibit.

Page | 42
When troubleshooting a network problem, a network analyzer is connected to Port f0/1 of a LAN
switch. Which command can prevent BPDU transmission on this port?

A. spanning-tree portfast bpduguard enable

B. spanning-tree bpduguard default
C. spanning-tree portfast bpdufilter default
D. no spanning-tree link-type shared

Answer: C

Question: 112

Which two StackWise configuration setting types are applied at the system level? (Choose two)

A. port-security settings
B. VLAN settings
C. speed/duplex settings
D. SNMH settings
E. 802.1k settings

Answer: BD

Question: 113

Which feature prevents from sending BPDUs on a portfast enabled port?

A. BPDU guard
B. PortFast
C. root guard
D. BPDU filtering

Answer: D

Question: 114

Which type of MAC address can be dropped by a switch that is configured for MAC address filtering?

A. unicast
B. router
C. multicast
D. CPU-destined

Answer: A

Question: 115

Page | 43
A network engineer is installing a switch for temporary workers to connect to. The engineer does not
want this switch participating in Spanning Tree with the rest of the network; however, end user
connectivity is still required. Which spanning-tree feature accomplishes this?

A. BPDUblock
B. BPDUfilter
C. BPDUignore
D. BPDUguard
E. BPDUdisable

Answer: B

Question: 116

Refer to the exhibit.

Which two statements about the network environment of the device that generated this output are
true? (Choose two.)

A. The local device has a higher priority setting than the active router.
B. The virtual IP address of the HSRP group is 10.1.1.1
C. If a router with a higher IP address and same HSRP priority as the active router becomes available,
that router becomes the new active router 5 seconds later.
D. if the local device fails to receive a hello from the active router for more than 5 seconds, it can
become the active router.
E. The hello and hold timers are set to custom values.

Answer: BC

Question: 117

A Cisco Catalyst switch that is prone to reboots continues to rebuild the DHCP snooping database.
What is the solution to avoid the snooping database from being rebuilt after every device reboot?

A. A DHCP snooping database agent should be configured.

B. Enable DHCP snooping for all VLANs that are associated with the switch.
C. Disable Option 82 for DHCP data insertion.
D. Use IP Source Guard to protect the DHCP binding table entries from being lost upon rebooting.

Page | 44
E. Apply ip dhcp snooping trust on all interfaces with dynamic addresses.

Answer: A

Question: 118

Refer to the exhibit.

Which two statements about the spanning-tree operation of this switch are true? (Choose two )

A. The switch is operating in the default Cisco spanning-tree mode

B. The spanning-tree operation mode for this switch is IEEE
C. The spanning-tree mode stp ieee command was entered on this switch
D. The spanning -tree operation mode for this switch is PVST+.
E. The spanning-tree operation mode for this switch is PVST

Answer: AD

Question: 119

A switch has been configured with the Vlan dot1q tag native command. Which statement describes
what the switch does with untagged frames that it receives on a trunked interface?

A. Untagged frames are forwarded via the default VLAN

B. it drops the untagged frames.
C. The trunked port is put in err-disabled state.
D. Untagged frames are forwarded via the native VLAN

Answer: B

Question: 120

Which four LACP components are used to determine which hot-standby links become active after an

Page | 45
interface failure within an EtherChannel bundle? (Choose four.)

A. LACP system priority

B. LACP port priority
C. interface MAC address
D. system ID
E. port number
F. hot-standby link identification number
G. interface bandwidth

Answer: A, B, D, E

Question: 121

Which two statements about HSRP are true? (Choose two.)

A. You must manually configure ICMP redirect messages on HSRP interfaces.

B. It is supported on switch virtual interfaces and routed ports.
C. Primary and secondary HSRP switches forward traffic in a round-robin style.
D. The interfaces in a HSRP group share a virtual MAC address.
E. An HSRP group can support a maximum of eight switches.

Answer: BD

Question: 122

Which two statements about VRRP are true? (Choose Two)

A. Preemption is not supported

B. It support clear text authentication only
C. It uses a shared vip to support default gateway redundancy
D. It requires each device in the group to participate in the same dynamic routing protocol.
E. It can use a single virtual address to provide default gateways redundancy

Answer: CD

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/asr903/fhp-xe-
3s-asr903-book/fhp-vrrp.pdf

Question: 123

Which security violation mode drops packets with unknown source addresses and increments the
violation counter ?

A. Shutdown
B. Restrict
C. Protect
D. Drop
E. Inhibit

Answer: B

Page | 46
Question: 124

Which command sequence do you enter to configure an rspan vlan ?

A. Vlan 4097 remote-span

B. Vlan 4097 name RSPAN
C. Vlan 51
D. Remote-span
E. Vlan 51
F. Name rspan

Answer: CD

Question: 125

Refer to the output below.

Which two effects of this configuration are true'? (Choose two.)

A. The device adds an 8-byte VLAN tag to data on VLAN 2

B. Data on VLAN 2 remains untagged
C. Data on VLANs 4, 6, and 8 remains untagged.
D. The device adds a 4-byte VLAN tag to data on VLAN 2 only.
E. The switch adds a 4-byte VLAN tag to data on VLANs 4. 6 and 8.

Answer: BE

Question: 126

Refer to the exhibit.

Page | 47
You change a switch SDM template to maximize the number of supported MAC addresses You notice
that the switch routing performance has been significantly degraded. Which action do you take to
correct the problem?

A. Configure the sdm prefer routing command

B. Execute the clear ip route * command to reset the routing table.
C. Configure the sdm prefer default command
D. Configure the sdm prefer vlan command.

Answer: C

Question: 127

Which two ways can you use to disable Cisco Discovery Protocol? (Choose two.)

A. Enter the no cdp enablecommand to disable it on a device.

B. Enter the no cdp runcommand to disable it in the global configuration.
C. Enter the no cdp runcommand to disable it on an individual interface.
D. Enter the cdp disablecommand to disable it on an individual interface.
E. Enter the no cdp enablecommand to disable it on an individual interface.

Answer: BE

Question: 128

Which technique allows specific VLANs to be strictly permitted by the administrator?

A. VTP pruning
B. transparent bridging
C. trunk allowed VLANs
D. VLAN access-list
E. L2P tunneling

Answer: C

Question: 129

Which two statements about RPVST+ are True ?

Page | 48
A. It automatically enables uplinkfast and backbonefast.
B. It elects one root switch per vlan instance
C. It support two stp instances per vlan
D. It is incompatible with spanning tree portfast
E. Backwards compatibility with 802.1d is not supported
F. It requires approximately 50 seconds to complete reconvergence

Answer: AB

Question: 130

Which two statements about HSRP timers are true? (Choose two.)

A. the default hold timer is 15 seconds

B. the default hello timer is 3 seconds.
C. the default hello timer is 5 seconds.
D. the default hold timer is 10 seconds.
E. the default hello timer is 30 seconds.
F. the default hold timer is 30 seconds.

Answer: BD

Question: 131

Which statement about the configuration of MST on an IOS switch is true?

A. When MST is enabled. RSTP is automatically enabled and MST will use BPDU version 4, maximum
of 16 instances of MST can exist
B. When MST is enabled. RSTP is automatically disabled and MST will use BPDU version 2. maximum
of 16 instances of MST can exist.
C. When MST is enabled. RSTP is automatically enabled and MST will use BPDU version 2, maximum
of 16 instances of MST can exist.
D. When MST is enabled, RSTP is automatically disabled and MST will use BPDU version 4, maximum
of 16 instances of MST can exist.

Answer: C

Question: 132

Which two configuration requirements for port security are true? (Choose two.)

A. Port must be in access mode

B. Port security must be enabled on the port level
C. Port must be in interface VLAN mode
D. Port security must be disabled on the port level
E. Port must be in encapsulation mode

Answer: AB

Question: 133

Page | 49
Which file lists all of the configured VLANs on a switch?

A. flash:vlan.dat
B. nvram:vlans.xml
C. flash:vlans.txt
D. nvram:vlan.txt
E. flash.config.txt
F. flash:vlan.xml

Answer: A

Question: 134

Which statement about Layer 2 protocol participation of ports involved m a SPAN session is true?

A. Neither a SPAN source nor SPAN destination participates m any Layer 2 protocols.
B. A SPAN source does not participate n any Layer 2 protocols
C. A SPAN destination does not participate n any Layer 2 protocols
D. Both SPAN source and SPAN destination participate in any Layer 2 protocols

Answer: C

Question: 135

Which two statements are true of root guard? (Choose two)

A. Configure root guard to automatically change a designated port to a root port.

B. Configure uplinkfast on an enabled root guard interface to protect the root status a switch.
C. Configure root guard to ensure that root guard enabled ports become designated ports.
D. Configure root guard to prevent an unauthorized switch from becoming the root switch
E. Issue a no shutdown command to recover a port from the root-inconsistent state

Answer: CD

Question: 136

Under which two circumstances does a stack master lose its role?

A. When the stack master is reset

B. When the priority value of a stack member is changed to a higher value
C. When a switch with a higher priority is added to the stack
D. When a stack member fails
E. When switch stack resets

Answer: BE

Question: 137

RSPAN has been configured on a Cisco Catalyst switch; however, traffic is not being replicated to the
remote switch. Which type of misconfiguration is a cause?

Page | 50
A. The RSPAN designated VLAN is missing the remote span command.
B. The local and remote RSPAN switches are configured using different session IDs.
C. The local RSPAN switch is replicating only Rx traffic to the remote switch.
D. The local switch is overloaded with the amount of sourced traffic that must be replicated to the
remote switch.

Answer: A

Question: 138

Which two statements about static mac addresses are true ?

A. They are configured without an aging time

B. They have a default aging time of 300 seconds
C. They supersede dynamically learned mac address
D. They can be configured on multiple interfaces in the same vlan
E. They have a default aging time of 60 seconds.

Answer: BD

Question: 139

Refer to the exhibit.

Which two commands ensure that dsw1 becomes root bridge for vlan 10 ?

A. DSW2(Config)#spanning-tree vlan 10 priority 61440

B. DSW2(Config)#spanning-tree vlan 10 priority 4066
C. DSW2(Config)#spanning-tree vlan 20 priority 0

Page | 51
D. DSW2(Config)#spanning-tree vlan 10 priority root
E. DSW2(Config)#spanning-tree vlan 10 port-priority 0

Answer: BD

Question: 140

Refer to the exhibit.

Which two effects of this configuration are true? (Choose two.)

A. R1 becomes the active router

B. If R2 goes down, R1 becomes active but reverts to standby when R2 comes back online
C. Hello messages are sent to multicast address 224.0.0.5.
D. If R1 goes down, R2 becomes active but reverts to standby when R1 comes back online.
E. R1 goes down, R2 becomes active and remains the active device when R1 comes back online
F. R1 becomes the standby router.

Answer: AE

Question: 141

Which two command sequences must you enter on a pair of switches so that they negotiate an
EtherChannel using the Cisco proprietary port-aggregation protocol? (Choose two.)

A. channel-protocol lacp
channel-group 1 mode on
B. channel-protocol pagp
channel-group 1 mode auto
C. channel-protocol lacp
channel-group 1 mode active
D. channel-protocol pagp
channel-group 1 mode desirable
E. channel-protocol pagp
channel-group 1 mode on

Answer: BD

Question: 142

Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?

Page | 52
A. SW1(config-vlan)#ip arp inspection vlan 15
B. SW1(config-v1an)#ip arp inspection trust
C. SW1(config)#ip arp inspection vlan 15
D. SW1(config-if)#ip arp-inspection trust

Answer: C

Question: 143

Which two statements about PortFast are true?

A. The port moves immediately to the forwarding state when a device is connected
B. it allows the port to skip the learning state only.
C. It forces the port to skip all spanning-tree states
D. It is most appropriate for ports that provide connectivity to individual workstations or servers
E. The port is error-disabled if it attempts to move into the listening or /earning states.

Answer: AD

Question: 144

Which statement describes the result of configuring SPAN on a Cisco device?

A. If not carefully planned, SPAN can lead to loops between source and destination ports.
B. SPAN doubles traffic internally
C. SPAN blocks for normal use one additional port for each configured source port
D. SPAN halves the capacity of the source port.

Answer: C

Question: 145

Which two statements about VRRP advertisements are true? (Choose two)

A. They are sent every three seconds by default.

B. They include VRRP timer information.
C. They are sent from the master router and standby routers.
D. They are sent only from the master router.
E. They include priority information.

Answer: DE

VRRP Advertisements
The virtual router master sends VRRP advertisements to other VRRP routers in the same group. The
advertisements communicate the priority and state of the virtual router master. The VRRP
advertisements are encapsulated in IP packets and sent to the IP Version 4 multicast address
assigned to the VRRP group. The advertisements are sent every second by default; the interval is
configurable.
Although the VRRP protocol as per RFC 3768 does not support millisecond timers, Cisco routers allow
you to configure millisecond timers. You need to manually configure the millisecond timer values on
both the primary and the backup routers. The master advertisement value displayed in
the show vrrp command output on the backup routers is always 1 second because the packets on the

Page | 53
backup routers do not accept millisecond values.
You must use millisecond timers where absolutely necessary and with careful consideration and
testing. Millisecond values work only under favorable circumstances, and you must be aware that the
use of the millisecond timer values restricts VRRP operation to Cisco devices only.

Question: 146

Which statement about the default Switch Database Management template is true?

A. The default template disables routing and supports the maximum number of unicast MAC
addresses
B. The default template gives balance to all functions.
C. The default template maximizes system resources for unicast routing
D. The default template maximizes system resources for access control lists

Answer: B

Question: 147

Which two statements about the VLAN database are true? (Choose two )

A. VLAN information is stored in the running configuration

B. It supports VLANs 1 to 1001.
C. If the switch is in VTP transparent mode, the VLAN can be configured if it is in VLAN database
mode.
D. It supports extended VLANs.
E. VLAN IDs can be duplicated, but their names must be unique.

Answer: BC

Question: 148

Which two statements about error-disabled ports are true? (Choose two.)

A. They can be recovered only by resetting the interface.

B. When a port is error-disabled, all traffic on the port stops.
C. When a port is error-disabled, it may continue to pass management traffic.
D. When a port is error-disabled, the port LED changes to solid orange.
E. By default, error-disabled ports automatically recover once the issue is resolved.

Answer: BD

When a port is in error-disabled state, it is effectively shut down and no traffic is sent or received on
that port. The port LED is set to the orange color and, when you issue the show interfaces command,
the port status shows as Errdisabled.

Question: 149

Which keyword can be applied to the spanning-tree priority command that allows the IT department
to adjust the timers based on the number of switches between any two end stations?

A. hello-time

Page | 54
B. cost
C. diameter
D. priority
E. root primary

Answer: C

Use the diameter keyword to specify the Layer 2 network diameter (that is, the maximum number of
switch hops between any two end stations in the Layer 2 network). When you specify the network
diameter, the switch automatically sets an optimal hello time, forward-delay time, and maximum-
age time for a network of that diameter, which can significantly reduce the convergence time. You
can use the hello keyword to override the automatically calculated hello time.

Question: 150

Which two statements about LLDP frames are true? (Choose two)

A. The destination MAC address in a LLDP frame is a multicast address.

B. All switches forward the destination MAC address in a LLDP frame.
C. Each LLDP frame includes a field containing the CoS value.
D. They have an EtherType of 0x8080.
E. They contain a CRC for error checking.
F. Each LLDP frame contains a sequence of TLVs.

Answer: AF

Question: 151

Which two tasks must you perform to enable DHCP option 82 on an untrusted port? (Choose two)

A. Enter the ip dhcp snooping information option replace command to enable DHCP option 82.
B. Enter the ip dhcp snooping trust command to enable DHCP option 82.
C. Enter the ip dhcp snooping information option allow-untrusted command to enable the untrusted
port.
D. Enter the ip dhcp snooping information option command to enable option 82.
E. Enter the ip dhcp snooping trust command to enable data insertion DHCP option 82.

Answer: CD

Question: 152

Refer to Exhibit.

Page | 55
You have applied these configurations to switches A, B, C and D respectively and the switches are
connected to one another on a trunk port that is passing all VLAN traffic. Which statements about
traffic on the network is true?

A. Unless a Layer 3 device is installed, hots on any of the switches will be able to communicate only
with other hosts on the same switch.
B. Hosts on all four switches can communicate normally with one another on VLAN 10 only.
C. Unless a Layer 3 device in installed, hosts on the FastEthernet 0/1 interface of switch D will be
unable to communicate with hosts on the other switches.
D. Hosts on all four switches can communicate normally with one another over the trunk port.

Answer: C

Question: 153

Which two commands displays IP Source Guard bindings? (Choose two)

A. show ip dhcp binding

B. show ip source binding
C. show ip dhcp snooping database
D. show ip guard source
E. show ip verify source

Answer: BE

Page | 56
Question: 154

Which two Criteria must be met to support SSO redundancy in a Cisco StackWise environment?
(Choose two)

A. The two switches must use the same license type.

B. The software version can be different between switches.
C. Both switches must be in the same StackWise logical group.
D. You must manually configure the role of each switch.
E. The two switches must use the same StackWise Virtual Configuration.

Answer: AE

Question: 155

Refer to the exhibit.

Which effect of this configuration is true?

A. Spanning tree blocks EtherChannel formation on the device

B. Spanning tree is disabled if the switch port establishes an EtherChannel
C. The switch port continues to negotiate an EtherChannel even when there are configuration
discrepancies between the two ports
D. The switch port error disables when a port attempts to form an EtherChannel with a port that has
a different configuration

Answer: D

Question: 156

For which reason would you configure RSPAN instead of SPAN on your network?

A. Only RSPAN can log traffic on a VLAN that spans multiple switches
B. RSPAN provides more complete monitoring of the traffic on a single switch.
C. Only RSPAN supports STP on multiple switches across a campus
D. Only RSPAN devices can monitor traffic on other devices

Answer: D

Question: 157

Which two statements about MST are true? (Choose two )

A. It can operate without a root bridge

B. It supports one STP instance per VLAN
C. It can map multiple VLANs to a single STP instance.
D. All VLANs must reside in a single MST region

Page | 57
E. It is vendor neutral

Answer: CE

Question: 158

Which configuration do you apply to an interface so that a host can be placed into VLAN 593?

A. interface GigabitEthernetO/0
switchport mode access
switchport access vlan 593
switchport host
B. interface GigabitEthernetO/0
switchport trunk encapsulation dotlq
switchport trunk native vlan 593
switchport access vlan 593
C. interface GigabitEthernetO/0
switchport mode trunk
switchport trunk allowed vlan 593
D. interface GigabttEthtrnetO/0.593
encapsulation dotlq 593
switchport access vlan 593

Answer: A

Question: 159

Refer to the output below.

Which two commands remove VLAN 100 from the VLANs allowed on the trunk port? (Choose two )

A. switchport trunk allowed vlan 81-97.99.101-121

B. switchport trunk allowed vlan 81-121 remove 98,100
C. switchport trunk allowed vlan remove 100
D. switchport trunk vlan remove 100
E. no switchport trunk allowed vlan 100

Answer: AC

Question: 160

If a switch that is configured globally with DHCP snooping receives a packet that has DHCP Option-82
set to 192 168.1.254, how does the switch handle the packet?

A. It replaces the source MAC address of the packet with its own MAC address and forwards the
packet
B. It forwards the packet normally

Page | 58
C. It sends a proxy ARP request for the MAC address of 192 168.1 254
D. It drops the packet
E. It removes the Option-82 information from the packet and forwards the packet
F. It replaces the source IP address of the packet with its own management IP address and forwards
the packet

Answer: B

Question: 161

Which benefit of StackWise is true?

A. It allows multiple switches to be managed by a single management address

B. It allows multiple switches to operate independently while sharing a single management address
C. It supports single-chassis EtherChannel mode option
D. It enables a Layer 2 switch to be converted to a Layer 3 switch when additional switches are added
to the stack

Answer: A

Question: 162

Refer to the exhibit.

A pair of fiber that is connected to Gi0/1 has been damaged. What is likely to happen?

A. The interface is prevented from causing spanning-tree loops

B. After the fiber pair is replaced the interface recovers within 15 minutes
C. The interface is shut down until the fiber pair is replaced
D. The interface actively tries to fix the damaged fiber link

Answer: A

Question: 163

After reviewing UDLD status on switch ports an engineer notices that the current bidirectional state
for an access port is "Unknown" Which statement describes what this indicates about the status of
the port?

A. The UDLD port is placed in the "unknown" state for 5 seconds until the next UDLD packet is
received on the interface.
B. The bidirectional status of "unknown" indicates that the port will go into the disabled state
because it stopped receiving UDLD packets from its neighbor
C. The port is fully operational and no known issues are detected
D. UDLD moved into aggressive mode after inconsistent acknowledgements were detected

Answer: C

Page | 59
Question: 164

Which two statements about native VLANs are true? (Choose two)

A. VLAN 1 and VLAN 1001 are native VLANs by default

B. The native VLAN is untagged over trunks
C. Cisco Discovery Protocol versions 1 and 2 can carry native VLAN information.
D. Only one VLAN can be the native VLAN on a device.
E. The native VLAN can be changed on a per-port basis

Answer: BE

Question: 165

Which two statements about an access port with voice VLAN are true? (Choose two. )

A. Frames on the Voice VLAN are tagged with a Layer 2 CoS value.
B. They can be configured on trunk ports and access ports.
C. They can be configured on VLANs 1 through 1001 only.
D. They support a single VLAN for data traffic.
E. They require VTP

Answer: A, D

Question: 166

Winch two statements about GLBP are true? (Choose two.)

A. It supports up to 32 groups on a single interface.

B. Member devices send hello messages to multicast address 224.0.0.39.
C. Member devices can elect one or more AVGs.
D. Member devices must elect exactly one AVG.
E. The AVG assigns virtual MAC addresses to all group members.

Answer: D, E

Question: 167

Which of two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose
two.)

A. user-facing provider edge devices

B. provider edge devices
C. provider devices
D. end host devices
E. customer edge devices

Answer: D, E

Question: 168

Page | 60