Cisco Netacad SRWE - Final
-The SSID is broadcast. -A well-known administrator password is set. Explanation: Default settings on wireless routers often include broadcasting the SSID and using a well-known administrative password. Both of these pose a security risk to wireless networks. WEP encryption and MAC address filtering are not set by default. The automatic selection of the wireless channel poses no security risks.
What two default wireless router settings can affect network security? (Choose two.) -The SSID is broadcast. -MAC address filtering is enabled. -WEP encryption is enabled. -The wireless channel is automatically selected. -A well-known administrator password is set.
Although DTLS is enabled by default to secure the CAPWAP control channel, it is disabled by default for the data channel. Explanation: DTLS is a protocol which provides security between the AP and the WLC. It allows them to communicate using encryption and prevents eavesdropping or tampering.DTLS is enabled by default to secure the CAPWAP control channel but is disabled by default for the data channel. All CAPWAP management and control traffic exchanged between an AP and WLC is encrypted and secured by default to provide control plane privacy and prevent Man-In-the-Middle (MITM) attacks.
A WLAN engineer deploys a WLC and five wireless APs using the CAPWAP protocol with the DTLS feature to secure the control plane of the network devices. While testing the wireless network, the WLAN engineer notices that data traffic is being exchanged between the WLC and the APs in plain-text and is not being encrypted. What is the most likely reason for this? -DTLS only provides data security through authentication and does not provide encryption for data moving between a wireless LAN controller (WLC) and an access point (AP). -Data encryption requires a DTLS license to be installed on each access point (AP) prior to being enabled on the wireless LAN controller (WLC). -Although DTLS is enabled by default to secure the CAPWAP control channel, it is disabled by default for the data channel. -DTLS is a protocol that only provides security between the access point (AP) and the wireless client.
channels 1, 6, and 11 Explanation & Hint: In the 2.4GHz frequency band used by 802.11g, there are up to 14 channels available (depending on the country), with each channel being 5MHz apart. However, because the Wi-Fi channel width for 802.11g is 20MHz, each channel overlaps with several of the adjacent channels. To avoid overlap, it is recommended to use channels that have at least 20MHz of separation from each other. In most countries, including the United States, the non-overlapping channels that are commonly used are 1, 6, and 11. These channels are chosen because they have sufficient separation to ensure that their frequency bands do not overlap.
A company is deploying a wireless network in the distribution facility in a Boston suburb. The warehouse is quite large and it requires multiple access points to be used. Because some of the company devices still operate at 2.4GHz, the network administrator decides to deploy the 802.11g standard. Which channel assignments on the multiple access points will make sure that the wireless channels are not overlapping? -channels 1, 6, and 11 -channels 2, 6, and 10 -channels 1, 5, and 9 -channels 1, 7, and 13
sticky secure MAC addresses Answers Explanation & Hints: With sticky secure MAC addressing, the MAC addresses can be either dynamically learned or manually configured and then stored in the address table and added to the running configuration file. In contrast, dynamic secure MAC addressing provides for dynamically learned MAC addressing that is stored only in the address table.
A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this? -auto secure MAC addresses -dynamic secure MAC addresses -static secure MAC addresses -sticky secure MAC addresses
MAC address table overflow Explanation & Hint: The macof tool is used for MAC address table overflow attacks. This tool floods the switch with a large number of Ethernet frames, each with different MAC addresses. The goal is to overflow the switch's MAC address table, causing the switch to enter a state where it behaves like a hub. This means the switch would start broadcasting all incoming packets to all ports because it cannot determine which port to send the packet to based on the MAC address. As a result, an attacker could potentially capture traffic not intended for their access, which could lead to information disclosure.
A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation? -VLAN double-tagging -MAC address table overflow -VLAN hopping -DHCP spoofing
restrict Explanation & Hint: The port security violation mode that fits the security policy described by the network administrator is restrict. In restrict mode, when the maximum number of allowed MAC addresses is reached on the port, the port will continue to forward traffic for the currently learned MAC addresses but will drop packets with unknown source MAC addresses and increment the security violation count. It also has the capability to send a syslog message.
A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port? -warning -restrict -shutdown -protect
CONTROLLER Explanation & Hint: On a Cisco 3500 series Wireless LAN Controller (WLC), to create a new VLAN interface that will be used for a new WLAN, the network administrator should use the CONTROLLER tab. This is where you can define dynamic interfaces, which are used to map VLANs to WLANs. Dynamic interfaces serve as the link between the wireless clients on the WLAN and the wired network infrastructure. After creating the VLAN interface, the administrator can then associate it with a WLAN under the WLANs tab.
A network administrator is adding a new WLAN on a Cisco 3500 series WLC. Which tab should the administrator use to create a new VLAN interface to be used for the new WLAN? -WLANs -CONTROLLER -WIRELESS -MANAGEMENT
to eliminate outsiders scanning for available SSIDs in the area Explanation & Hint: The administrator would disable the broadcast feature for the SSID primarily to eliminate outsiders scanning for available SSIDs in the area. Disabling the SSID broadcast makes the network name (SSID) invisible to wireless-enabled devices during a passive scan. It doesn't provide encryption or protect against interference from external devices; instead, it acts as a basic measure to hide the network from casual discovery, which can slightly increase security by obscurity.
A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID? -to reduce the risk of interference by external devices such as microwave ovens -to reduce the risk of unauthorized APs being added to the network -to provide privacy and integrity to wireless traffic by using encryption -to eliminate outsiders scanning for available SSIDs in the area
-IP address -default gateway -vty lines Explanation: To enable the remote management access, the Cisco switch must be configured with an IP address and a default gateway. In addition, vty lines must configured to enable either Telnet or SSH connections. A loopback address, default VLAN, and VTP domain configurations are not necessary for the purpose of remote switch management.
A network administrator is configuring a new Cisco switch for remote management access. Which three items must be configured on the switch for the task? (Choose three.) -IP address -default gateway -default VLAN -vty lines -VTP domain -loopback address
Link types are determined automatically. Explanation: When Rapid PVST+ is being implemented, link types are automatically determined but can be specified manually. Link types can be either point-to-point, shared, or edge.
A network administrator is preparing the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces? -Link types can only be determined if PortFast has been configured. -Link types can only be configured on access ports configured with a single VLAN. -Link types are determined automatically. -Link types must be configured with specific port configuration commands.
a key that matches the key on the AP Explanation & Hint: When a WLAN is configured with WPA2 PSK, wireless users must know the pre-shared key to associate and authenticate with the AP.
A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN? -a key that matches the key on the AP -a username and password configured on the AP -a user passphrase -the company username and password through Active Directory service
PortFast is not configured on all access ports. Explanation & Hint: The cause of the issue where BPDU guard is not activated on all access ports, even after using the spanning-tree portfast bpduguard default global configuration command, is likely because PortFast is not configured on all access ports. The spanning-tree portfast bpduguard default command globally enables BPDU guard on all ports that have PortFast enabled. If PortFast has not been enabled on a particular access port, then BPDU guard will not be automatically activated on that port as a result of the global command.
A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on a switch. However, BPDU guard is not activated on all access ports. What is the cause of the issue? -PortFast is not configured on all access ports. -Access ports belong to different VLANs. -BPDU guard needs to be activated in the interface configuration command mode. -Access ports configured with root guard cannot be configured with BPDU guard.
-creating SVI interfaces -creating VLANs -assigning ports to VLANs Explanation & Hint: Creating VLANs: VLANs must be created on the switch to logically separate networks before interVLAN routing can occur. Creating SVI interfaces: Switched Virtual Interfaces (SVIs) are required for a Layer 3 switch to perform interVLAN routing. An SVI must be created for each VLAN that needs to be routed. Assigning ports to VLANs: Physical switch ports need to be assigned to the appropriate VLANs to ensure that devices connected to those ports are part of the correct VLAN.
A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) Type A * -creating SVI interfaces -creating VLANs -installing a static route -adjusting the route metric -implementing a routing protocol -modifying the default VLAN -assigning ports to VLANs
-entering "no switchport" on the port connected to the router -assigning ports to VLANs -enabling IP routing Explanation & Hint: Enabling IP routing: This step enables the Layer 3 switch to perform routing functions, allowing it to route traffic between different VLANs. With the ip routing command in global configuration mode. Assigning ports to VLANs: This involves configuring the switch ports to belong to the appropriate VLANs. This is essential for defining which devices belong to which VLANsand it's a key step in setting up VLANs and inter-VLAN routing. Entering "no switchport" on the port connected to the router: This command converts a Layer 2 switch port into a Layer 3 interface (routed port). It's necessary for the interface that will connect to the router, as it allows routing between the switch and the rout
A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) Type B -installing a static route -assigning the ports to the native VLAN -entering "no switchport" on the port connected to the router -modifying the default VLAN -assigning ports to VLANs -enabling IP routing -adjusting the route metric
-assigning ports to VLANs -enabling IP routing -entering "no switchport" on the port connected to the router Explanation & Hint: Enabling IP routing: enables the Layer 3 switch to perform routing functions. By default, a Layer 3 switch operates like a Layer 2 switch. Enabling IP routing allows the switch to route traffic between different VLANs. Assigning ports to VLANs: This involves configuring the switch ports that connect to devices in different VLANs to the appropriate By entering the interface configuration for each port and using the switchport access vlan [VLAN_ID] command. Entering "no switchport" on the port connected to the router will turn it into a Layer 3 interface (routed port) rather than a Layer 2 interface (switch port). This is necessary for the router and the switch to route traffic between them.
A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) Type C assigning ports to VLANs assigning the ports to the native VLAN modifying the default VLAN deleting the default VLAN enabling IP routing installing a static route entering "no switchport" on the port connected to the router
-enabling IP routing -assigning ports to VLANs -creating SVI interfaces Explanation & Hint: Enabling IP routing: allows the switch to route traffic between different VLANs. The command to enable IP routing is usually ip routing in the global configuration mode. Creating SVI interfaces: Switch Virtual Interfaces (SVIs) are created for each VLAN that needs routing. SVIs act as the default gateway for VLANs and allow for interVLAN routing on the switch. This involves configuring an IP address for each VLAN interface on the switch. Assigning ports to VLANs: This step involves configuring the physical ports on the switch to belong to the appropriate VLANs. This is done by assigning VLANs to individual switch ports, ensuring that devices connected to those ports are part of the correct VLAN.
A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) Type D -installing a static route -enabling IP routing -modifying the default VLAN -implementing a routing protocol -assigning ports to VLANs -assigning the ports to the native VLAN -creating SVI interfaces
-assigning ports to VLANs -enabling IP routing -creating SVI interfaces Explanation & Hint: Enabling IP routing: This step is crucial as it allows the Layer 3 switch to route traffic between different VLANs. It is usually done with the ip routing command in the global configuration mode. Creating SVI interfaces: Switch Virtual Interfaces (SVIs) are required for interVLAN routing. An SVI must be created for each VLAN that you wish to route traffic for. This is done with the interface vlan [VLAN_ID] command followed by the IP address assignment for that VLAN. Assigning ports to VLANs: Ports must be assigned to the appropriate VLANs. This is done with the switchport access vlan [VLAN_ID] command in the interface configuration mode for each access port that is connected to devices in different VLANs.
A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) Type E -assigning ports to VLANs -assigning the ports to the native VLAN -enabling IP routing -modifying the default VLAN -installing a static route -implementing a routing protocol -creating SVI interfaces
-enabling IP routing -entering "no switchport" on the port connected to the router -assigning ports to VLANs Explanation & Hint: Enabling IP routing: This is done with the ip routing command in global configuration mode. It allows the Layer 3 switch to perform routing functions between the VLANs. Entering "no switchport" on the port connected to the router: This command is used on the interface connected to the router to turn it into a Layer 3 interface (routed port) rather than a Layer 2 interface (switch port). Assigning ports to VLANs: This involves configuring the switch ports that connect to devices in different VLANs to the appropriate VLANs. This is done by entering the interface configuration for each port and using the switchport access vlan [VLAN_ID] command.
A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) Type F -establishing adjacencies -enabling IP routing -assigning the ports to the native VLAN -adjusting the route metric -modifying the default VLAN -entering "no switchport" on the port connected to the router -assigning ports to VLANs
-Configure the existing VTP domain name on the new switch. -Configure the new switch as a VTP client. Explanation & Hint: Configure the existing VTP domain name on the new switch.This step is essential for the new switch to participate in the VTP domain and receive VLAN updates from the VTP server. Configure the new switch as a VTP client.Setting the switch to VTP client mode will ensure that it receives updates from the VTP server but cannot create, modify, or delete VLANs. The technicians will not be able to add new VLANs in this mode.
A new switch is to be added to an existing network in a remote office. The network administrator does not want the technicians in the remote office to be able to add new VLANs to the switch, but the switch should receive VLAN updates from the VTP domain. Which two steps must be performed to configure VTP on the new switch to meet these conditions? (Choose two.) -Configure the existing VTP domain name on the new switch. -Configure all ports of both switches to access mode. -Enable VTP pruning. -Configure an IP address on the new switch. -Configure the new switch as a VTP client.
Remove the route using the no ip route command. Explanation & Hint: To remove a static route from the routing table on a router, an administrator should use the "no ip route" command. This command effectively deletes the specified static route from the router's configuration, ensuring that it is no longer used for routing decisions.
A static route has been configured on a router. However, the destination network no longer exists. What should an administrator do to remove the static route from the routing table? -Remove the route using the no ip route command. -Change the administrative distance for that route. -Nothing. The static route will go away on its own. -Change the routing metric for that route.
Create static routes to all internal networks and a default route to the internet. Explanation & Hint: For a small company with multiple WLANs that does not require the complexity of a dynamic routing protocol, the technician should: Create static routes to all internal networks and a default route to the internet. Static routing is a simple way to ensure that data can reach its destination without the need for a routing protocol. The technician would specify a fixed path in the router's configuration for each network. Additionally, a default route (often referred to as the "gateway of last resort") should be configured to direct any traffic destined for unknown networks (typically the internet) to the next hop router or directly to the company's internet service provider.
A technician is configuring a router for a small company with multiple WLANs and doesn't need the complexity of a dynamic routing protocol. What should be done or checked? -Check the configuration on the floating static route and adjust the AD. -Create a floating static route to that network. -Verify that there is not a default route in any of the edge router routing tables. -Create static routes to all internal networks and a default route to the internet.
-AES -personal Explanation & Hint: When configuring a wireless network with WPA2 on a SOHO router, the two authentication methods associated with WPA2 are: AES (Advanced Encryption Standard): WPA2 uses AES for encryption, which provides strong security. Personal or Enterprise:Personal (also known as WPA2-PSK for Pre-Shared Key): This is used in smaller networks where each user is given the same passphrase to connect.Enterprise (also known as WPA2-802.1X): This is used in larger businesses where an authentication server authenticates each user individually, often through a RADIUS server.
A technician is configuring a wireless network for a small business using a SOHO wireless router. Which two authentication methods are used, if the router is configured with WPA2? (Choose two.) ** -AES -TKIP -personal -WEP -enterprise
-Configure the 2.4 GHz band for basic internet traffic that is not time sensitive. -Configure the 5 GHz band for streaming multimedia and time sensitive traffic. Explanation & Hint: Configure the 2.4 GHz band for basic internet traffic that is not time-sensitive.This involves setting up a wireless network (SSID) on the 2.4 GHz band with appropriate security settings and possibly quality of service (QoS) policies to prioritize internet traffic that is not time-sensitive, such as general web browsing. Configure the 5 GHz band for streaming multimedia and time-sensitive traffic.On the 5 GHz band, you would set up a separate wireless network (SSID) with the necessary security settings and QoS policies to prioritize time-sensitive traffic like streaming multimedia, voice, or video conferencing. The 5 GHz band is often preferred for time-sensitive applications due to its higher throughput and less interference.
A technician is troubleshooting a slow WLAN and decides to use the split-the-traffic approach. Which two parameters would have to be configured to do this? (Choose two.) -Configure the 2.4 GHz band for basic internet traffic that is not time sensitive. -Configure the security mode to WPA Personal TKIP/AES for both networks. -Configure the security mode to WPA Personal TKIP/AES for one network and WPA2 Personal AES for the other network -Configure a common SSID for both split networks. -Configure the 5 GHz band for streaming multimedia and time sensitive traffic.
The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address and if no neighbor advertisement is returned, the address is considered unique. Answers Explanation & Hints: Before a host can actually configure and use an IPv6 address learned through SLAAC or DHCP, the host must verify that no other host is already using that address. To verify that the address is indeed unique, the host sends an ICMPv6 neighbor solicitation to the address. If no neighbor advertisement is returned, the host considers the address to be unique and configures it on the interface.
After a host has generated an IPv6 address by using the DHCPv6 or SLAAC process, how does the host verify that the address is unique and therefore usable? -The host checks the local neighbor cache for the learned address and if the address is not cached, it it considered unique. -The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address and if no neighbor advertisement is returned, the address is considered unique. -The host sends an ICMPv6 echo request message to the DHCPv6 or SLAAC-learned address and if no reply is returned, the address is considered unique. -The host sends an ARP broadcast to the local link and if no hosts send a reply, the address is considered unique
wireless router Explanation & Hint: Wireless Router: A wireless router combines the functions of a router (directing traffic between networks, typically including Internet connectivity), a switch (providing multiple Ethernet ports for wired connections), and a wireless access point (allowing devices to connect to the network wirelessly). It also often includes firewall capabilities to protect the network from external threats. This makes it the most fitting choice for the scenario described, as it encompasses all the functionalities mentioned: switch ports, wireless SSID and authentication configuration, and a firewall for Internet connectivity.
After attaching four PCs to the switch ports, configuring the SSID and setting authentication properties for a small office network, a technician successfully tests the connectivity of all PCs that are connected to the switch and WLAN. A firewall is then configured on the device prior to connecting it to the Internet. What type of network device includes all of the described features? -standalone wireless access point -firewall appliance -switch -wireless router
Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted. Answers Explanation & Hints: Standard range VLANs (1-1005) are stored in a file that is called vlan.dat that is located in flash memory. Erasing the startup configuration and reloading a switch does not automatically remove these VLANs. The vlan.dat file must be manually deleted from flash memory and then the switch must be reloaded.
An administrator is trying to remove configurations from a switch. After using the command erase startup-config and reloading the switch, the administrator finds that VLANs 10 and 100 still exist on the switch. Why were these VLANs not removed? -These VLANs cannot be deleted unless the switch is in VTP client mode. -These VLANs can only be removed from the switch by using the no vlan 10 and no vlan 100 commands. -These VLANs are default VLANs that cannot be removed. -Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted.
Check the routing table for a missing static route. Explanation & Hint: If the issue of packets being dropped is tied to a missing static route, then checking the routing table for such a missing route would be the correct course of action. In the absence of a specific route, routers will either drop packets or forward them to the default route, if one exists. If the expected static route is missing, the router may not know where to forward the packets, leading to drops. To resolve this issue, the administrator should review the routing table to confirm that all necessary static routes are present and correctly configured. If a route is indeed missing, it should be added to ensure that packets destined for that network are properly routed and not dropped. This is a critical part of network troubleshooting and ensures that all network paths are correctly defined and functioning as expected.
An administrator notices that large numbers of packets are being dropped on one of the branch routers. What should be done or checked? -Create extra static routes to the same location with an AD of 1. -Check the routing table for a missing static route. -Create static routes to all internal networks and a default route to the internet. -Check the statistics on the default route for oversaturation.
-They use fewer router resources. -They improve network security. Explanation & Hint: They use fewer router resources: Static routes are manually configured and do not require the overhead of a routing protocol, which means they use less CPU and memory resources on the router. They improve network security: Static routes add a measure of security because they allow the network administrator to control the routing in a very precise manner, which can prevent unwanted routing updates or potential routing loops. Unauthorized networks cannot be advertised since routing decisions are made by the administrator and not a routing protocol.
Compared with dynamic routes, what are two advantages of using static routes on a router? (Choose two.) -They automatically switch the path to the destination network when the topology changes. -They improve the efficiency of discovering neighboring networks. -They use fewer router resources. -They improve network security. -They take less time to converge when the network topology changes.
when packets are being dropped from a particular directly attached host Explanation: The show interfaces command is useful to detect media errors, to see if packets are being sent and received, and to determine if any runts, giants, CRCs, interface resets, or other errors have occurred. Problems with reachability to a remote network would likely be caused by a misconfigured default gateway or other routing issue, not a switch issue. The show mac address-table command shows the MAC address of a directly attached device.
In which situation would a technician use the show interfaces switch command? -to determine if remote access is enabled -when an end device can reach local devices, but not remote devices -to determine the MAC address of a directly attached network device on a particular interface -when packets are being dropped from a particular directly attached host
Step 1 -DHCPDISCOVER Step 2 -DHCPOFFER Step 3 -DHCPREQUEST Step 4 -DHCPACK Answers Explanation & Hints: The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the DHCPv4 server receives a DHCPDISCOVER message, it reserves an available IPv4 address to lease to the client and sends the unicast DHCPOFFER message to the requesting client. When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST. On receiving the DHCPREQUEST message the server replies with a unicast DHCPACK message. DHCPREPLY and DHCPINFORMATION-REQUEST are DHCPv6 messages.
Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.) -Step 1 -Step 2 -Step 3 -Step 4 -DHCPACK -DHCPREQUEST -DHCPDISCOVER -DHCPREPLY -DHCPINFORMATION-REQUEST -DHCPOFFER
an IP address and subnet mask are assigned to this VLAN, allowing the switch to be accessed by HTTP, Telnet, SSH, or SNMP -management VLAN carries untagged traffic -native VLAN configured to carry user generated traffic -data VLANs all switch ports are assigned to this VLAN after initial bootup of the switch -default VLAN Answers Explanation & Hints: A data VLAN is configured to carry user-generated traffic. A default VLAN is the VLAN where all switch ports belong after the initial boot up of a switch loading the default configuration. A native VLAN is assigned to an 802.1Q trunk port, and untagged traffic is placed on it. A management VLAN is any VLAN that is configured to access the management capabilities of a switch. An IP address and subnet mask are assigned to it, allowing the switch to be managed via HTTP, Telnet, SSH, or SNMP.
Match the description to the correct VLAN type. (Not all options are used.) -default VLAN -management VLAN -data VLANs -native VLAN -configured to carry user generated traffic -all switch ports are assigned to this VLAN after initial bootup of the switch -carries untagged traffic -an IP address and subnet mask are assigned to this VLAN, allowing the switch to be accessed by HTTP, Telnet, SSH, or SNMP -only accessible by the network administrator
cut-through -appropriate for high-performance computing applications -forwarding process can begin after receiving the destination address -may forward invalid frames store-and-forward -error checking before forwarding -forwarding process only begins after receiving the entire frame -only forwards valid frames Explanation & Hint: Cut-through switching has the advantage of lower latency, which is critical for high-performance applications, but runs the risk of forwarding frames with errors because it does not wait to receive the entire frame before making the forwarding decision. On the other hand, store-and-forward switching incurs more latency because it checks the entire frame for errors, ensuring that only valid frames are forwarded.
Match the forwarding characteristic to its type. (Not all options are used.) -appropriate for high-performance computing applications -error checking before forwarding -forwarding process can begin after receiving the destination address -forwarding process only begins after receiving the entire frame -may forward invalid frames -only forwards valid frames -cut-through -store-and-forward
disabled -administratively down Layer 1 problem -down/down Layer 2 problem -up/down operational -up/up Explanation: The login and password cisco commands are used with Telnet switch configuration, not SSH configuration.
Match the link state to the interface and protocol status. (Not all options are used.) -disabled -Layer 1 problem -Layer 2 problem -operational -administratively down -down/down -up/disabled -up/down -up/up
Step 1 -The forwarding router fails. Step 2 -The standby router stops seeing hello messages from the forwarding router. Step 3 -The standby router assumes the role of the forwarding router. Step 4 -The forwarding router assumes both the IP and MAC addresses of the virtual router. Answers Explanation & Hints: Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow for transparent failover of a first-hop IPv4 device.
Match the step number to the sequence of stages that occur during the HSRP failover process. (Not all options are used.) -Step 1 -Step 2 -Step 3 -Step 4 -The forwarding router assumes both the IP and MAC addresses of the virtual router. -The host initiates an ARP request. -The standby router assumes the role of the forwarding router. -The forwarding router fails. -The standby router stops seeing hello messages from the forwarding router.
WLANs Explanation & Hint: On a Cisco Wireless LAN Controller (WLC) like the 3504, to configure a particular WLAN with a WPA2 policy, you would typically use the WLANs tab. Within this section, you can edit the settings for individual WLANs, including security policies such as WPA2. Here's a more detailed step on how you might do this: Click on the WLANs tab to view the list of WLANs. Select the specific WLAN you wish to configure. Within the WLAN settings, navigate to the Security tab (which is a sub-tab within the WLAN configuration). Choose the appropriate options for Layer 2 security, such as WPA2, and configure encryption and authentication settings as required. So, while the WLANs tab is where you start the process, the actual security policy configuration (like setting WPA2) is done under the security settings for the specific WLAN you are configuring.
On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to configure a particular WLAN with a WPA2 policy? -MANAGEMENT -WLANs -SECURITY -WIRELESS
-(config)# ip routing -(config)# interface gigabitethernet 1/1(config-if)# no switchport(config-if)# ip address 192.168.1.2 255.255.255.252 Explanation & Hint: Enable IP Routing:Since the switch is performing Layer 3 routing for the VLANs, the ip routing command would be used to enable the routing functionality on the switch.(config)# ip routing Configure the Interface Connected to the Router:The interface Gi1/1 on the switch that connects to the router should have an IP address that is in the same subnet as the router interface it is connected to. Since the router's interface is configured with the IP address 192.168.1.1/30, the switch interface Gi1/1 would need an IP address in the same subnet, but not the same IP. The next available IP in this subnet would typically be 192.168.1.2/30.(config)# interface gigabitethernet 1/1(config-if)# no switchport(config-if)# ip address 192.168.1.2 255.255.255.252
Refer to the exhibit. A Layer 3 switch routes for three VLANs and connects to a router for Internet connectivity. Which two configurations would be applied to the switch? (Choose two.) -(config)# interface fastethernet0/4(config-if)# switchport mode trunk -(config)# interface vlan 1(config-if)# ip address 192.168.1.2 255.255.255.0(config-if)# no shutdown -(config)# ip routing -(config)# interface gigabitethernet 1/1(config-if)# no switchport(config-if)# ip address 192.168.1.2 255.255.255.252 -(config)# interface gigabitethernet1/1(config-if)# switchport mode trunk
the virtual IP address and the virtual MAC address for the HSRP group 1 Explanation: Hosts will send an ARP request to the default gateway which is the virtual IP address. ARP replies from the HSRP routers contain the virtual MAC address. The host ARP tables will contain a mapping of the virtual IP to the virtual MAC.
Refer to the exhibit. A network administrator configured routers R1 and R2 as part of HSRP group 1. After the routers have been reloaded, a user on Host1 complained of lack of connectivity to the Internet The network administrator issued the show standby brief command on both routers to verify the HSRP operations. In addition, the administrator observed the ARP table on Host1. Which entry should be seen in the ARP table on Host1 in order to gain connectivity to the Internet? -the IP address and the MAC address of R1 -the virtual IP address of the HSRP group 1 and the MAC address of R1 -the virtual IP address of the HSRP group 1 and the MAC address of R2 -the virtual IP address and the virtual MAC address for the HSRP group 1
-R1(config-if)# ip helper-address 10.2.0.250 -R1(config)# interface G0/0 Explanation: DHCP server has an IP address of 10.2.0.250 and is connected to R2. The new subnet is directly connected to R1's G0/0 interface. R1 must be configured to relay DHCP requests from the new subnet to the DHCP server. 1st command forward DHCP requests it receives on the G0/0 interface to the DHCP server at 10.2.0.250. DHCP requests are broadcast messages, and by default, routers do not forward broadcast messages across different subnets. 2nd command enables the router to convert the broadcast to unicast message to the specified IP address of the DHCP server, allowing the DHCP server to respond with an appropriate IP address lease for the host on the new subnet.
Refer to the exhibit. A network administrator has added a new subnet to the network and needs hosts on that subnet to receive IPv4 addresses from the DHCPv4 server. What two commands will allow hosts on the new subnet to receive addresses from the DHCP4 server? (Choose two.) -R2(config-if)# ip helper-address 10.2.0.250 -R1(config)# interface G0/1 -R1(config-if)# ip helper-address 10.2.0.250 -R1(config)# interface G0/0 -R1(config-if)# ip helper-address 10.1.0.254 -R2(config)# interface G0/0
STP will block one of the redundant links. Answers Explanation & Hints: Cisco switches support two protocols for negotiating a channel between two switches: LACP and PAgP. PAgP is Cisco-proprietary. In the topology shown, the switches are connected to each other using redundant links. By default, STP is enabled on switch devices. STP will block redundant links to prevent loops.
Refer to the exhibit. A network administrator has connected two switches together using EtherChannel technology. If STP is running, what will be the end result? -The switches will load balance and utilize both EtherChannels to forward packets. -Both port channels will shutdown. -The resulting loop will create a broadcast storm. -STP will block one of the redundant links.
It identifies the VLAN number. Answers Explanation & Hints: The completed command would be encapsulation dot1q 7 . The encapsulation dot1q part of the command enables trunking and identifies the type of trunking to use. The 7 identifies the VLAN number.
Refer to the exhibit. A network administrator is configuring inter-VLAN routing on a network. For now, only one VLAN is being used, but more will be added soon. What is the missing parameter that is shown as the highlighted question mark in the graphic? -It identifies the number of hosts that are allowed on the interface. -It identifies the type of encapsulation that is used. -It identifies the subinterface. -It identifies the native VLAN number. -It identifies the VLAN number.
PAgP Explanation & Hint: The configuration in the exhibit shows that the interfaces FastEthernet0/8 and FastEthernet0/9 on switch S1 have been configured with the channel-group 1 mode auto command. This command is used to configure the interfaces to negotiate an EtherChannel using Cisco's Port Aggregation Protocol (PAgP). PAgP is a Cisco-proprietary protocol used in the automatic creation of a fast EtherChannel link. The mode auto command enables PAgP only if the other side is interested in forming a PAgP EtherChannel. Since this is a Cisco-specific feature and the command explicitly refers to a channel group, which is associated with port channels, the correct answer is PAgP.
Refer to the exhibit. A network administrator is reviewing the configuration of switch S1. Which protocol has been implemented to group multiple physical ports into one logical link? -DTP -LACP -PAgP -STP
ipv6 route ::/0 serial 0/1/1 Explanation & Hint: To configure a default route to the Internet for IPv6 traffic on router HQ, you would use the command that specifies the default route for IPv6 and the correct interface that leads to the Internet. The correct command from the options provided would be: ipv6 route ::/0 serial 0/1/1 This command sets up a default route (represented by ::/0, which is the IPv6 equivalent of 0.0.0.0/0 in IPv4) that forwards all packets for unknown IPv6 destinations to the next hop interface of serial 0/1/1, which, according to the diagram, is the interface connected to the Internet. The other commands have either incorrect syntax or pertain to IPv4 routing, which is not applicable when configuring IPv6 routing.
Refer to the exhibit. A network engineer is configuring IPv6 routing on the network. Which command issued on router HQ will configure a default route to the Internet to forward packets to an IPv6 destination network that is not listed in the routing table? -ipv6 route ::/0 serial 0/1/1 -ipv6 route ::1/0 serial 0/1/1 -ipv6 route ::/0 serial 0/0/0 -ip route 0.0.0.0 0.0.0.0 serial 0/1/1
RTA is using the same subnet for VLAN 20 and VLAN 30. Explanation & Hint: The error users on VLAN 20 are experiencing in reaching users on VLAN 30 is likely due to the fact that RTA is using the same subnet for both VLAN 20 and VLAN 30. In the configuration provided in the exhibit, both subinterfaces for VLAN 20 and VLAN 30 are assigned IP addresses from the same subnet: VLAN 20 is assigned 192.168.3.49/27 VLAN 30 is assigned 192.168.3.62/27 With a subnet mask of 255.255.255.224 (/27), both of these IP addresses fall within the same subnet range (192.168.3.32 to 192.168.3.63), which means that the router cannot distinguish between the two separate VLANs as they do not have unique IP subnets. To resolve this issue, the administrator needs to assign a unique IP subnet to each VLAN to ensure proper routing between them.
Refer to the exhibit. After attempting to enter the configuration that is shown in router RTA, an administrator receives an error and users on VLAN 20 report that they are unable to reach users on VLAN 30. What is causing the problem? -The no shutdown command should have been issued on Fa0/0.20 and Fa0/0.30. -There is no address on Fa0/0 to use as a default gateway. -Dot1q does not support subinterfaces. -RTA is using the same subnet for VLAN 20 and VLAN 30.
-fa0/21 -fa0/10 -fa0/13 Explanation & Hint: fa0/21 (SW3): designated port, which implies that SW3 has a lower path cost to the root bridge for that segment, or it could be that SW3 has a lower bridge ID than SW2 for that particular network segment. fa0/10 (SW1): This port being designated suggests that SW1 is the root bridge for the segment it shares with SW2 since it has a lower bridge ID, which in this case is determined by the MAC address. fa0/13 (SW3): For this port to be designated, it would mean that for the segment between SW1 and SW3, SW3 has the superior bridge ID (lower MAC address in this context) or a lower path cost to the root bridge, assuming all else is equal. Given that all switches are said to have the same priority and bandwidth, the bridge ID (which consists of the priority and MAC address) would be the deciding factor here, assuming there are no other path cost differences.
Refer to the exhibit. All the displayed switches are Cisco 2960 switches with the same default priority and operating at the same bandwidth. Which three ports will be STP designated ports? (Choose three.) -fa0/21 -fa0/10 -fa0/13 -fa0/9 -fa0/20 -fa0/11
The interface is incorrect. Answers Explanation & Hints: In this example the interface in the static route is incorrect. The interface should be the exit interface on R1, which is s0/0/0.
Refer to the exhibit. An administrator is attempting to install an IPv6 static route on router R1 to reach the network attached to router R2. After the static route command is entered, connectivity to the network is still failing. What error has been made in the static route configuration? -The interface is incorrect. -The next hop address is incorrect. -The network prefix is incorrect. -The destination network is incorrect.
because VLAN 99 has not yet been created Explanation & Hint: Based on the configuration shown in the exhibit, VLAN 99 is missing from the VLAN brief output because it has not yet been created on the switch. The commands shown indicate that an interface for VLAN 99 has been configured with an IP address, and it has been brought up with the no shutdown command. However, if VLAN 99 does not exist in the switch's VLAN database, it will not appear in the VLAN brief output, even if an SVI (Switched Virtual Interface) for it has been configured. The correct action to resolve this issue would be to create VLAN 99 on the switch with the command vlan 99 in global configuration mode. After creating the VLAN, it should appear in the VLAN brief output and function as expected, assuming there are no other issues.
Refer to the exhibit. Based on the exhibited configuration and output, why is VLAN 99 missing? -because there is a cabling problem on VLAN 99 -because VLAN 1 is up and there can only be one management VLAN on the switch -because VLAN 99 has not yet been created -because VLAN 99 is not a valid management VLAN
to Fa0/1, Fa0/2, and Fa0/3 only Explanation & Hint: Fa0/4 is the incoming port where PC3, which issued the DHCP request, is connected, then the switch will forward the broadcast DHCP request out of all its other active ports except for Fa0/4. This ensures that the request can reach the DHCP server and any other device that needs to hear the broadcast within the VLAN.
Refer to the exhibit. Consider that the main power has just been restored. PC3 issues a broadcast IPv4 DHCP request. To which port will SW1 forward this request? -to Fa0/1 only -to Fa0/1, Fa0/2, and Fa0/4 only -to Fa0/1, Fa0/2, Fa0/3, and Fa0/4 -to Fa0/1, Fa0/2, and Fa0/3 only -to Fa0/1 and Fa0/2 only
ip route 10.10.0.0 255.255.0.0 209.165.200.225 100 Explanation: A floating static route needs to have an administrative distance that is greater than the administrative distance of the active route in the routing table. Router R1 is using an EIGRP route which has an administrative distance of 90 to reach the 10.10.0.0/16 network. To be a backup route the floating static route must have an administrative distance greater than 90 and have a next hop address corresponding to the serial interface IP address of Branch1.
Refer to the exhibit. Currently router R1 uses an EIGRP route learned from Branch2 to reach the 10.10.0.0/16 network. Which floating static route would create a backup route to the 10.10.0.0/16 network in the event that the link between R1 and Branch2 goes down? -ip route 10.10.0.0 255.255.0.0 Serial 0/0/0 100 -ip route 10.10.0.0 255.255.0.0 209.165.200.226 100 -ip route 10.10.0.0 255.255.0.0 209.165.200.225 100 -ip route 10.10.0.0 255.255.0.0 209.165.200.225 50
Source MAC: 00E0.FE91.7799Source IP: 10.1.1.10 Explanation: As a packet traverses the network, the Layer 2 addresses will change at every hop as the packet is de-encapsulated and re-encapsulated, but the Layer 3 addresses will remain the same.
Refer to the exhibit. Host A has sent a packet to host B. What will be the source MAC and IP addresses on the packet when it arrives at host B? -Source MAC: 00E0.FE91.7799Source IP: 10.1.1.10 -Source MAC: 00E0.FE91.7799Source IP: 10.1.1.1 -Source MAC: 00E0.FE10.17A3Source IP: 10.1.1.10 -Source MAC: 00E0.FE10.17A3Source IP: 192.168.1.1 -Source MAC: 00E0.FE91.7799Source IP: 192.168.1.1
SW1 floods the frame on all ports on SW1, excluding the port through which the frame entered the switch.Answers Explanation & Hints: When a switch powers on, the MAC address table is empty. The switch builds the MAC address table by examining the source MAC address of incoming frames. The switch forwards based on the destination MAC address found in the frame header. If a switch has no entries in the MAC address table or if the destination MAC address is not in the switch table, the switch will forward the frame out all ports except the port that brought the frame into the switch.
Refer to the exhibit. How is a frame sent from PCA forwarded to PCC if the MAC address table on switch SW1 is empty? -SW1 forwards the frame directly to SW2. SW2 floods the frame to all ports connected to SW2, excluding the port through which the frame entered the switch. -SW1 floods the frame on all ports on the switch, excluding the interconnected port to switch SW2 and the port through which the frame entered the switch. -SW1 drops the frame because it does not know the destination MAC address. -SW1 floods the frame on all ports on SW1, excluding the port through which the frame entered the switch.
The IP address of the default gateway router is not contained in the excluded address list. Explanation: In this configuration, the excluded address list should include the address that is assigned to the default gateway router. So the command should be ip dhcp excluded-address 192.168.10.1 192.168.10.9.
Refer to the exhibit. If the IP addresses of the default gateway router and the DNS server are correct, what is the configuration problem? -The default-router and dns-server commands need to be configured with subnet masks. -The DNS server and the default gateway router should be in the same subnet. -The IP address of the DNS server is not contained in the excluded address list. -The IP address of the default gateway router is not contained in the excluded address list.
Packets with a destination network that is not 10.10.0.0/16 or is not 10.20.0.0/16 or is not a directly connected network will be forwarded to the Internet. Explanation & Hint: The command ip route 0.0.0.0 0.0.0.0 serial 0/1/1 configured on Router HQ in the network diagram is used to set a default route. This default route is often referred to as the "gateway of last resort." The purpose of this command is to specify that any packets with a destination network that is not found in the routing table should be forwarded to the next-hop address associated with the Serial 0/1/1 interface. Packets with a destination network that is not 10.10.0.0/16 or is not 10.20.0.0/16 or is not a directly connected network will be forwarded to the Internet.This option is correct. Any packet that does not match a more specific route in the routing table of HQ, which includes the two LAN networks and any directly connected networks,
Refer to the exhibit. In addition to static routes directing traffic to networks 10.10.0.0/16 and 10.20.0.0/16, Router HQ is also configured with the following command: ip route 0.0.0.0 0.0.0.0 serial 0/1/1 What is the purpose of this command? -Packets from the 10.10.0.0/16 network will be forwarded to network 10.20.0.0/16, and packets from the 10.20.0.0/16 network will be forwarded to network 10.10.0.0/16. -Packets that are received from the Internet will be forwarded to one of the LANs connected to R1 or R2. -Packets with a destination network that is not 10.10.0.0/16 or is not 10.20.0.0/16 or is not a directly connected network will be forwarded to the Internet. -Packets that are destined for networks that are not in the routing table of HQ will be dropped.
The ip helper-address command was applied on the wrong interface. Explanation: The ip helper-address command has to be applied on interface Gi0/0. This command must be present on the interface of the LAN that contains the DHCPv4 client PC1 and must be directed to the correct DHCPv4 server.
Refer to the exhibit. R1 has been configured as shown. However, PC1 is not able to receive an IPv4 address. What is the problem? -R1 is not configured as a DHCPv4 server. -A DHCP server must be installed on the same LAN as the host that is receiving the IP address. -The ip helper-address command was applied on the wrong interface. -The ip address dhcp command was not issued on the interface Gi0/1.
Change the destination network and mask to 0.0.0.0 0.0.0.0. Explanation: The static route on R1 has been incorrectly configured with the wrong destination network and mask. The correct destination network and mask is 0.0.0.0 0.0.0.0.
Refer to the exhibit. R1 was configured with the static route command ip route 209.165.200.224 255.255.255.224 S0/0/0 and consequently users on network 172.16.0.0/16 are unable to reach resources on the Internet. How should this static route be changed to allow user traffic from the LAN to reach the Internet? -Add the next-hop neighbor address of 209.165.200.226. -Change the destination network and mask to 0.0.0.0 0.0.0.0. -Change the exit interface to S0/0/1. -Add an administrative distance of 254.
Change the administrative distance to 120. Answers Explanation & Hints: The problem with the current floating static route is that the administrative distance is set too low. The administrative distance will need to be higher than that of OSPF, which is 110, so that the router will only use the OSPF link when it is up.
Refer to the exhibit. Router R1 has an OSPF neighbor relationship with the ISP router over the 192.168.0.32 network. The 192.168.0.36 network link should serve as a backup when the OSPF link goes down. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/0/1 100 was issued on R1 and now traffic is using the backup link even when the OSPF link is up and functioning. Which change should be made to the static route command so that traffic will only use the OSPF link when it is up? -Change the administrative distance to 120. -Change the administrative distance to 1. -Add the next hop neighbor address of 192.168.0.36. -Change the destination network to 192.168.0.34
Configure either trunk port in the dynamic desirable mode. Explanation & Hint: The exhibit shows the configuration of the trunk links between two switches, SW1 and SW2. Both switches have their trunk ports set to "dynamic auto" mode and are using VLAN 666 as the native VLAN. Hosts C and D are on VLAN 10, while Hosts E and F are on VLAN 30. Since Host C is unable to ping Host D and Host E is unable to ping Host F, there appears to be an issue with VLANs communication across the trunk link.
Refer to the exhibit. The network administrator configures both switches as displayed. However, host C is unable to ping host D and host E is unable to ping host F. What action should the administrator take to enable this communication? -Associate hosts A and B with VLAN 10 instead of VLAN 1. -Configure either trunk port in the dynamic desirable mode. -Add the switchport nonegotiate command to the configuration of SW2. -Include a router in the topology. -Remove the native VLAN from the trunk.
alternate, designated, root, root Answers Explanation & Hints: Because S1 is the root bridge, B is a designated port, and C and D root ports. RSTP supports a new port type, alternate port in discarding state, that can be port A in this scenario.
Refer to the exhibit. What are the possible port roles for ports A, B, C, and D in this RSTP-enabled network? -designated, alternate, root, root -designated, root, alternate, root -alternate, root, designated, root -alternate, designated, root, root
R1 is configured as a DHCPv4 relay agent. Explanation & Hint: The configuration shown on R1 includes the ip helper-address 10.10.10.8 command on the GigabitEthernet0/0 interface. This configuration indicates that R1 is set up as a DHCPv4 relay agent. The role of a DHCP relay agent is to forward DHCP requests received on one interface to a DHCP server located on a different network. In this case, DHCP requests received on the GigabitEthernet0/0 interface will be forwarded to the DHCP server at the IP address 10.10.10.8.
Refer to the exhibit. What can be concluded about the configuration shown on R1? -R1 is configured as a DHCPv4 relay agent. -R1 will send a message to a local DHCPv4 client to contact a DHCPv4 server at 10.10.10.8. -R1 will broadcast DHCPv4 requests on behalf of local DHCPv4 clients. -R1 is operating as a DHCPv4 server.
2682112 Explanation: The IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2 belongs to the network of 2001:DB8:ACAD:E::/64. In the routing table, the route to forward the packet has Serial 0/0/1 as an exit interface and 2682112 as the cost.
Refer to the exhibit. What is the metric to forward a data packet with the IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2? -90 -128 -2170112 -2681856 -2682112 -3193856
MAC address of the virtual router Answers Explanation & Hints: The IP address of the virtual router acts as the default gateway for all the workstations. Therefore, the MAC address that is returned by the Address Resolution Protocol to the workstation will be the MAC address of the virtual router.
Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to the default gateway? -MAC address of the virtual router -MAC addresses of both the forwarding and standby routers -MAC address of the standby router -MAC address of the forwarding router
S 10.17.2.0/24 [1/0] via 10.16.2.2 Explanation: The C in a routing table indicates an interface that is up and has an IP address assigned. The S in a routing table signifies that a route was installed using the ip route command. Two of the routing table entries shown are static routes to a specific destination (the 10.17.2.0 network). The entry that has the S denoting a static route and [1/0] was configured using the next-hop address. The other entry (S 10.17.2.0/24 is directly connected, Serial 0/0/0) is a static route configured using the exit interface. The entry with the 0.0.0.0 route is a default static route which is used to send packets to any destination network that is not specifically listed in the routing table.
Refer to the exhibit. Which route was configured as a static route to a specific network using the next-hop address? -S 0.0.0.0/0 [1/0] via 10.16.2.2 -S 10.17.2.0/24 is directly connected, Serial 0/0/0 -C 10.16.2.0/24 is directly connected, Serial0/0/0 -S 10.17.2.0/24 [1/0] via 10.16.2.2
ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2 Explanation & Hint: You need to specify the destination network and the next-hop address. The next-hop address should be the link-local address of the interface on R2 that is directly reachable by R1. According to the exhibit, the correct command should include the destination network 2001:db8:12:10::/64 and the next-hop link-local address fe80::2 of R2's interface that is directly connected to R1. However, you also need to specify the correct outgoing interface on R1 that faces R2. Based on the exhibit, the Serial interface S0/0/1 on R1 is connected to R2. Therefore, the correct static route command to enter on R1 would be: ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2 This command tells R1 to send packets destined for the 2001:db8:12:10::/64 network to the next hop with the link-local address fe80::2 via its S0/0/1 interface.
Refer to the exhibit. Which static route command can be entered on R1 to forward traffic to the LAN connected to R2? -ipv6 route 2001:db8:12:10::/64 S0/0/0 fe80::2 -ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2 -ipv6 route 2001:db8:12:10::/64 S0/0/1 2001:db8:12:10::1 -ipv6 route 2001:db8:12:10::/64 S0/0/0
ip route 172.16.1.0 255.255.255.0 s0/0/0 121 Answers Explanation & Hints: A backup static route is called a floating static route. A floating static route has an administrative distance greater than the administrative distance of another static route or dynamic route.
Refer to the exhibit. Which static route would an IT technician enter to create a backup route to the 172.16.1.0 network that is only used if the primary RIP learned route fails? -ip route 172.16.1.0 255.255.255.0 s0/0/0 -ip route 172.16.1.0 255.255.255.0 s0/0/0 91 -ip route 172.16.1.0 255.255.255.0 s0/0/0 111 -ip route 172.16.1.0 255.255.255.0 s0/0/0 121
-host F -host D -host C Explanation: ARP requests are sent out as broadcasts. That means the ARP request is sent only throughout a specific VLAN. VLAN 1 hosts will only hear ARP requests from hosts on VLAN 1. VLAN 2 hosts will only hear ARP requests from hosts on VLAN 2.
Refer to the exhibit. Which three hosts will receive ARP requests from host A, assuming that port Fa0/4 on both switches is configured to carry traffic for multiple VLANs? (Choose three.) -host F -host B -host D -host G -host C -host E
Trunk2 Explanation & Hint: Because the path cost between S1 and S2 is 4, and we assume the path costs on the network are the default costs based on Ethernet link speeds (which is typically higher for slower links), then S3 will compare the path cost to the root bridge through Trunk2 directly to S1 and the path cost going through S4 and then S2 to S1 (Trunk4 to Trunk1). The path cost for S3 to reach S1 via Trunk2 is higher than reaching S1 via S4 and S2 (Trunk4 to Trunk3 to Trunk1). Given that S1 to S2 is 4, and assuming all links have the same cost, the total cost for S3 to reach S1 via S4 and S2 would be 12 (4 for Trunk4, 4 for Trunk3, and 4 for Trunk1). For Trunk2 to be blocked, its path cost would have to be higher than 12, making the path through S4 and S2 more favorable despite being longer in hop count.
Refer to the exhibit. Which trunk link will not forward any traffic after the root bridge election process is complete? -Trunk1 -Trunk2 -Trunk3 -Trunk4
-The port channel ID is 2. -The EtherChannel is down. Explanation & Hint: Based on the output from the show etherchannel summary command in the exhibit, the following two conclusions can be drawn: The port channel ID is 2.The output shows "Group 1" and "Po2" which indicates the port-channel interface ID is 2. The number after "Po" typically represents the port-channel ID. The EtherChannel is down.Both ports Fa0/1 and Fa0/2 have the flag "(D)" next to them, which, according to the flag legend in the output, stands for "down". Additionally, the port-channel Po2 also has an "(SD)" flag, with "S" meaning "layer2" (which by itself doesn't indicate a down state), but "D" meaning "down". The combination indicates that the EtherChannel is not currently operational.
Refer to the exhibit. Which two conclusions can be drawn from the output? (Choose two.) -The port channel ID is 2. -The bundle is fully operational. -The port channel is a Layer 3 channel. -The load-balancing method used is source port to destination port. -The EtherChannel is down.
-desirable -on -auto Explanation & Hint: PAgP (Port Aggregation Protocol) is a Cisco-proprietary protocol used to automatically aggregate multiple physical ports into a single logical link. There are three modes that can be configured on a Cisco switch port for the establishment of a PAgP EtherChannel: Desirable: In this mode, the interface actively attempts to negotiate a PAgP EtherChannel. It initiates negotiations with other ports by sending PAgP packets. Auto: This mode places an interface in a passive negotiating state. In this state, the interface responds to PAgP packets it receives but does not initiate PAgP negotiation. On: This mode forces the channel to be up without any PAgP negotiation. In essence, this is a manual configuration, and both ends of the EtherChannel must be set to 'on' for the link to be part of the EtherChannel.
Select the three PAgP channel establishment modes. (Choose three.) -active -passive -desirable -on -auto -blocking
The protected edge port function on the backup trunk interfaces has been disabled. Explanation & Hint: this suggests a specific design in the network where the edge port protection plays a critical role in the accessibility of network resources. Protected ports in a network are configured to isolate traffic between hosts on the same switch to prevent direct host-to-host communication. This is often used for security purposes. If these ports are part of the inter-VLAN routing process and they are disabled, it could potentially lead to a scenario where certain traffic types or flows expected to be isolated are now being transmitted or received unexpectedly, leading to the reported access issues.
Successful inter-VLAN routing has been operating on a network with multiple VLANs across multiple switches for some time. When an inter-switch trunk link fails and Spanning Tree Protocol brings up a backup trunk link, it is reported that hosts on two VLANs can access some, but not all the network resources that could be accessed previously. Hosts on all other VLANS do not have this problem. What is the most likely cause of this problem? -The allowed VLANs on the backup link were not configured correctly. -The protected edge port function on the backup trunk interfaces has been disabled. -Dynamic Trunking Protocol on the link has failed. -Inter-VLAN routing also failed when the trunk link failed.
-The role of the ports in all VLANs. -The root bridge BID. Explanation & Hint: The show spanning-tree command on a Cisco switch provides detailed information about the Spanning Tree Protocol (STP) status for all VLANs that are present and active on the switch. This includes: The role of the ports in all VLANs.This command will display the role of each port, such as whether it is a root port (RP), designated port (DP), alternate port (Altn), or a blocked port (Blk) in the STP topology. The root bridge BID (Bridge ID).The output will show the Bridge ID of the root bridge for each VLAN, which includes the priority and the MAC address. It also shows the switch's own Bridge ID and how it compares to the root.
To obtain an overview of the spanning tree status of a switched network, a network engineer issues the show spanning-tree command on a switch. Which two items of information will this command display? (Choose two.) -The role of the ports in all VLANs. -The root bridge BID. -The number of broadcasts received on each root port. -The IP address of the management VLAN interface. -The status of native VLAN ports.
It sends a DHCPREQUEST that identifies which lease offer the client is accepting. Explanation & Hint: When a DHCPv4 client receives more than one DHCPOFFER from multiple DHCP servers, it will choose one offer based on its own selection criteria (which could be the first offer received or the best offer based on certain metrics such as lease time or server preference). The client then sends a DHCPREQUEST message back to the network to identify which lease offer it is accepting. This request is broadcast to all DHCP servers to let any other servers that might have made offers know that their offer is not being accepted. The server whose offer was accepted will respond with a DHCPACK, completing the process.
What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers? -It sends a DHCPREQUEST that identifies which lease offer the client is accepting. -It sends a DHCPNAK and begins the DHCP process over again. -It accepts both DHCPOFFER messages and sends a DHCPACK. -It discards both offers and sends a new DHCPDISCOVER.
The switch will forward the frame out all ports except the incoming port. Explanation & Hint: The switch will forward the frame out all ports except the incoming port. This behavior is known as "flooding." The switch does this because it does not have any information on which port the destination device is located. By flooding the frame to all ports (except the one it received the frame on), the switch ensures that the frame reaches its intended destination. Once the destination device responds and the switch receives a frame with the source MAC address of that device, the switch will then add the MAC address and corresponding port to the MAC address table for future reference.
What action takes place when a frame entering a switch has a unicast destination MAC address that is not in the MAC address table? -The switch resets the refresh timer on all MAC address table entries. -The switch updates the refresh timer for the entry. -The switch replaces the old entry and uses the more current port. -The switch will forward the frame out all ports except the incoming port.
The switch replaces the old entry and uses the more current port. Explanation & Hint: When a switch receives a frame and the source MAC address of that frame is already in the MAC address table but associated with a different port, the switch will replace the old entry and use the more current port. In other words, the switch updates its MAC address table to reflect the new port information. This process ensures that the switch's MAC address table remains accurate and up to date with the current network topology and device connections.
What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port? -The switch purges the entire MAC address table. -The switch replaces the old entry and uses the more current port. -The switch updates the refresh timer for the entry. -The switch forwards the frame out of the specified port.
The switch adds the MAC address and incoming port number to the table. Explanation & Hint: When a switch receives a frame and the source MAC address of that frame is not in the MAC address table, the switch will: The switch adds the MAC address and incoming port number to the table. This is how a switch learns the locations of devices within the network. Each time a frame is received, the switch records the source MAC address and the port on which the frame arrived. If a frame arrives with a destination MAC address that is not known, the switch will broadcast the frame out of all ports except the one on which it was received. However, it does not add the destination MAC address to the table until it receives a frame originating from that MAC address.
What action takes place when the source MAC address of a frame entering a switch is not in the MAC address table? -The switch replaces the old entry and uses the more current port. -The switch adds a MAC address table entry for the destination MAC address and the egress port. -The switch updates the refresh timer for the entry. -The switch adds the MAC address and incoming port number to the table.
Enable trunking manually. Disable DTP. Set the native VLAN to an unused VLAN. Answers Explanation & Hints: Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use.
What are three techniques for mitigating VLAN attacks? (Choose three.) -Enable BPDU guard. -Set the native VLAN to an unused VLAN. -Use private VLANs. -Disable DTP. -Enable Source Guard. -Enable trunking manually.
introducing a rogue switch and enabling trunking Explanation & Hint: An attacker configures a system to mimic a trunking interface by tagging Ethernet frames with the VLAN ID of the target VLAN. Because switches by default send traffic from the native VLAN untagged, the attacker sends frames with no VLAN tag. The switch receives these untagged frames and assumes they belong to the native VLAN. If the native VLAN of the attacker's port matches the target VLAN, the switch forwards the frames to the target VLAN. The attacker's system essentially pretends to be a switch expecting untagged frames from the native VLAN, which the switch obligingly sends. This is a form of VLAN hopping because the traffic "hops" from the native VLAN to another without passing through a router.
What is a method to launch a VLAN hopping attack? -introducing a rogue switch and enabling trunking -flooding the switch with MAC addresses -sending spoofed IP addresses from the attacking host -sending spoofed native VLAN information
Configure SSH. Answers Explanation & Hints: Why It's Secure: SSH is a protocol that ensures secure network management and communications. It encrypts data, including passwords, to protect against interception and provides secure channel establishment. This makes it highly effective in safeguarding remote access. Best Practice: Use SSH version 2 for enhanced security features. Implement strong authentication methods like public key authentication and disable root login where possible.
What is a secure configuration option for remote access to a network device? -Configure SSH. -Configure 802.1x. -Configure an ACL and apply it to the VTY lines. -Configure Telnet.
FE80::/10 Explanation & Hint: The IPv6 prefix used for link-local addresses is FE80::/10. These addresses are automatically configured on all IPv6-enabled interfaces and can be used for communication on the local link only. They are not routable beyond the link (subnet) that a host is connected to.
What is the IPv6 prefix that is used for link-local addresses? -FE80::/10 -FF01::/8 -FC00::/7 -2001::/3
traps Explanation & Hint: The common term given to SNMP log messages that are generated by network devices and sent to the SNMP server is "traps". In the context of SNMP (Simple Network Management Protocol), traps are automated notifications sent from an SNMP-enabled device to a management station or server, indicating a significant event or change in the device's status.
What is the common term given to SNMP log messages that are generated by network devices and sent to the SNMP server? -traps -auditing -acknowledgments -warnings
It enables DAI on specific switch interfaces previously configured with DHCP snooping. Explanation & Hint: The ip arp inspection vlan 10 command enables Dynamic ARP Inspection (DAI) for VLAN 10 on a switch. DAI is a security feature that checks ARP packets on the interfaces of a switch. It ensures that only valid ARP requests and responses are relayed. The switch checks the ARP packet against a trusted database of IP-to-MAC address bindings, which is usually built by DHCP snooping. DAI relies on DHCP snooping to build this database, so while DAI itself is not DHCP snooping, it works in conjunction with it.
What is the effect of entering the ip arp inspection vlan 10 configuration command on a switch? -It enables DHCP snooping globally on a switch. -It specifies the maximum number of L2 addresses allowed on a port. -It enables DAI on specific switch interfaces previously configured with DHCP snooping. -It globally enables BPDU guard on all PortFast-enabled ports.
WPA2 Enterprise Explanation & Hint: The method of wireless authentication that is dependent on a RADIUS (Remote Authentication Dial-In User Service) authentication server is WPA2 Enterprise. WPA2 Enterprise (also known as 802.1X/EAP) provides enterprise-grade security by requiring each user to have unique credentials for network access, and these credentials are managed by a RADIUS server, which handles the authentication of users and devices.
What method of wireless authentication is dependent on a RADIUS authentication server? -WEP -WPA2 Enterprise -WPA Personal -WPA2 Personal
DHCP starvation Explanation: DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages in order to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.
What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease? -CAM table attack -IP address spoofing -DHCP spoofing -DHCP starvation
HSRP Explanation & Hint: The protocol that uses a standby router to assume packet-forwarding responsibility if the active router fails is HSRP (Hot Standby Router Protocol). HSRP is a Cisco-proprietary redundancy protocol for establishing a fault-tolerant default gateway. It allows multiple routers to work together to present the appearance of a single virtual router or gateway to the hosts on the local network. If the currently active router fails, the standby router takes over the IP address and continues forwarding packets.
What protocol or technology uses a standby router to assume packet-forwarding responsibility if the active router fails? -HSRP -EtherChannel -VTP -DTP
EtherChannel Explanation & Hint: The protocol or technology that uses source IP to destination IP as a load-balancing mechanism is EtherChannel. EtherChannel can use various load-balancing methods, and one common method involves hashing the source and destination IP addresses to determine which physical link within the EtherChannel to use for a particular packet. This way, the traffic between specific source and destination IP pairs can be consistently forwarded over the same physical link, which helps prevent out-of-order packet delivery. EtherChannel is a link aggregation technology that combines several physical links to create a single logical link for increased bandwidth and redundancy.
What protocol or technology uses source IP to destination IP as a load-balancing mechanism? -EtherChannel -VTP -STP -DTP
DTP Explanation & Hint: To help mitigate VLAN attacks, you should disable DTP (Dynamic Trunking Protocol). DTP can be used by an attacker to negotiate a trunk link with a switch, which can allow them to access all VLANs across that trunk. Disabling DTP on switch ports that do not need to form trunks is a best practice for VLAN security.
What protocol should be disabled to help mitigate VLAN attacks? -STP -CDP -DTP -ARP
so that the attacker can see frames that are destined for other hosts Explanation & Hint: The primary reason an attacker would launch a MAC address overflow attack is so that the attacker can see frames that are destined for other hosts. When the switch's MAC address table becomes full, it can no longer associate new frames with specific ports. As a result, the switch behaves like a hub, broadcasting incoming frames to all ports, rather than forwarding them only to the correct destination port. This behavior allows an attacker to see traffic that is not intended for their host, effectively enabling the attacker to eavesdrop on the traffic traversing the switch. This type of attack is often used to capture sensitive data from other hosts on the network.
What would be the primary reason an attacker would launch a MAC address overflow attack? -so that the attacker can execute arbitrary code on the switch -so that the switch stops forwarding traffic -so that the attacker can see frames that are destined for other hosts -so that legitimate hosts cannot obtain a MAC address
interface range GigabitEthernet 0/4 - 5 Answers Explanation & Hints: To specify the interfaces in an EtherChannel group, use the interface range interface global configuration command for the range of interfaces used. The interface range GigabitEthernet 0/4 - 5 command is the correct option because it specifies two interfaces for the EtherChannel group.
Which command will start the process to bundle two physical interfaces to create an EtherChannel group via LACP? -channel-group 2 mode auto -channel-group 1 mode desirable -interface port-channel 2 -interface range GigabitEthernet 0/4 - 5
the source MAC address and the incoming port Explanation: To maintain the MAC address table, the switch uses the source MAC address of the incoming packets and the port that the packets enter. The destination address is used to select the outgoing port.
Which information does a switch use to populate the MAC address table? -the source MAC address and the incoming port -the destination MAC address and the incoming port -the source MAC address and the outgoing port -the source and destination MAC addresses and the outgoing port -the source and destination MAC addresses and the incoming port -the destination MAC address and the outgoing port
SLAAC Explanation & Hint: The method of IPv6 prefix assignment that relies on the prefix contained in Router Advertisement (RA) messages is Stateless Address Autoconfiguration (SLAAC). When a host receives an RA message, it can automatically configure its own IPv6 address using the prefix advertised in the RA message along with its own interface identifier, which can be generated using the EUI-64 process or a random generator, depending on the host's operating system and privacy settings. SLAAC allows a device to create a globally unique address without the need for a DHCP server, although it can be used in conjunction with stateless DHCPv6 to obtain other configuration information like DNS servers.
Which method of IPv6 prefix assignment relies on the prefix contained in RA messages? -EUI-64 -stateful DHCPv6 -static -SLAAC
rogue switches on a network Explanation: There are several recommended STP stability mechanisms to help mitigate STP manipulation attacks: PortFast - used to immediately bring an interface configured as an access or trunk port to the forwarding state from a blocking state. Applied to all end-user ports. BPDU guard - immediately error-disables a port that receives a BPDU. Applied to all end-user ports.The receipt of BPDUs may be part of an unauthorized attempt to add a switch to the network. Root guard - prevents a switch from becoming the root switch. Applied to all ports where the root switch should not be located. Loop guard - detects unidirectional links to prevent alternate or root ports from becoming designated ports. Applied to all ports that are or can become nondesignated.
Which network attack is mitigated by enabling BPDU guard? -rogue switches on a network -rogue DHCP servers on a network -MAC address spoofing -CAM table overflow attacks
ip route 0.0.0.0 0.0.0.0 S0/0/0 Explanation: The static route ip route 0.0.0.0 0.0.0.0 S0/0/0 is considered a default static route and will match all destination networks.
Which option shows a correctly configured IPv4 default static route? -ip route 0.0.0.0 0.0.0.0 S0/0/0 -ip route 0.0.0.0 255.0.0.0 S0/0/0 -ip route 0.0.0.0 255.255.255.0 S0/0/0 -ip route 0.0.0.0 255.255.255.255 S0/0/0
The broadcast domain expands to all switches. Explanation: In Cisco LAN switches, the microsegmentation makes it possible for each port to represent a separate segment and thus each switch port represents a separate collision domain. This fact will not change when multiple switches are interconnected. However, LAN switches do not filter broadcast frames. A broadcast frame is flooded to all ports. Interconnected switches form one big broadcast domain.
Which statement describes a result after multiple Cisco LAN switches are interconnected? -There is one broadcast domain and one collision domain per switch. -The broadcast domain expands to all switches. -One collision domain exists per switch. -Frame collisions increase on the segments connecting the switches.
-dynamic desirable - dynamic desirable -dynamic desirable - dynamic auto -dynamic desirable - trunk Explanation & Hint: The ports on both ends must be compatible and correctly negotiate the trunking status to establish a functional trunk link between two Cisco switches. Dynamic Desirable - Dynamic Desirable: Both sides actively attempt to negotiate a trunk link using DTP (Dynamic Trunking Protocol). Dynamic Desirable - Dynamic Auto: One side actively attempts to negotiate a trunk link, and the other side is willing to convert to a trunk link if the other side initiates negotiation. Dynamic Desirable - Trunk: One side actively attempts to negotiate, while the other side is set to trunk mode and will form a trunk link.
Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.) -access - trunk -dynamic auto - dynamic auto -dynamic desirable - dynamic desirable -dynamic desirable - dynamic auto -dynamic desirable - trunk -access - dynamic auto
-An autonegotiation failure can result in connectivity issues. -The duplex and speed settings of each switch port can be manually configured. -When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode. By default, the autonegotiation feature is disabled. Explanation & Hint: An autonegotiation failure can result in connectivity issues.When autonegotiation fails, devices may end up with mismatched speed or duplex settings, which can lead to performance issues, such as slow throughput or a large number of collisions. The duplex and speed settings of each switch port can be manually configured. When speed is set to 1000 Mb/s, switch ports will operate in full-duplex mode.Gigabit Ethernet standards only support full-duplex, so when a switch port is set to 1000 Mb/s (1 Gb/s), it will operate in full-duplex mode.
Which three statements accurately describe duplex and speed settings on Cisco 2960 switches? (Choose three.) -By default, the speed is set to 100 Mb/s and the duplex mode is set to autonegotiation. -An autonegotiation failure can result in connectivity issues. -The duplex and speed settings of each switch port can be manually configured. -When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode. By default, the autonegotiation feature is disabled. -Enabling autonegotiation on a hub will prevent mismatched port speeds when connecting the hub to the switch.
-Select the correct VTP mode and version. -Reboot the switch. -Configure the switch with the name of the new management domain. Explanation: When adding a new switch to a VTP domain, it is critical to configure the switch with a new domain name, the correct VTP mode, VTP version number, and password. A switch with a higher revision number can propagate invalid VLANs and erase valid VLANs thus preventing connectivity for multiple devices on the valid VLANs.
Which three steps should be taken before moving a Cisco switch to a new VTP management domain? (Choose three.) -Reset the VTP counters to allow the switch to synchronize with the other switches in the domain. -Download the VTP database from the VTP server in the new domain. -Select the correct VTP mode and version. -Reboot the switch. -Configure the VTP server in the domain to recognize the BID of the new switch. -Configure the switch with the name of the new management domain.
-association and re-association of roaming clients -frame queuing and packet prioritization Explanation & Hint: Association and Re-association of Roaming Clients:The WLC manages client associations and re-associations, especially when clients roam between different APs. The WLC ensures that clients have a seamless roaming experience by managing their credentials and maintaining their session as they move. Frame Queuing and Packet Prioritization:The WLC is responsible for managing queues for handling data frames and prioritizing packets. This includes implementing Quality of Service (QoS) policies to prioritize traffic, such as voice over IP (VoIP) over regular data traffic.
Which two functions are performed by a WLC when using split media access control (MAC)? (Choose two.) -packet acknowledgments and retransmissions -frame translation to other protocols -association and re-association of roaming clients -beacons and probe responses -frame queuing and packet prioritization
-They are not associated with a particular VLAN. -They support subinterfaces, like interfaces on the Cisco IOS routers. Explanation & Hint: They are not associated with a particular VLAN: Routed ports on a multilayer switch operate at Layer 3 (the network layer) and are used to route traffic between different networks. Unlike switch ports, which are associated with a specific VLAN (Layer 2), routed ports do not belong to a VLAN. They support subinterfaces, like interfaces on the Cisco IOS routers: Routed ports on a multilayer switch can be configured with subinterfaces, similar to how router interfaces are configured. This allows for more complex routing scenarios, such as inter-VLAN routing and encapsulation methods like 802.1Q VLAN tagging.
Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.) -In a switched network, they are mostly configured between switches at the core and distribution layers. -They are used for point-to-multipoint links. -They are not associated with a particular VLAN. -They support subinterfaces, like interfaces on the Cisco IOS routers. -The interface vlan <vlan number> command has to be entered to create a VLAN on routed ports.
-STP -RSTP Explanation & Hint: STP (Standard Spanning Tree Protocol): The original Spanning Tree Protocol, as defined in IEEE 802.1D, creates a single spanning-tree instance for the entire network, regardless of the number of VLANs. This can lead to suboptimal paths in networks where multiple VLANs are configured, as it doesn't allow for load balancing across different VLANs. RSTP (Rapid Spanning Tree Protocol): Although RSTP (IEEE 802.1w) is an evolution of STP that provides faster convergence, it still operates a single instance of spanning-tree for the entire network. Like STP, RSTP does not create separate spanning-trees for each VLAN, which can lead to suboptimal traffic flows in networks with multiple VLANs.
Which two types of spanning tree protocols can cause suboptimal traffic flows because they assume only one spanning-tree instance for the entire bridged network? (Choose two.) -STP -Rapid PVST+ -MSTP -PVST+ -RSTP
floating static route Explanation: There are four basic types of static routes. Floating static routes are backup routes that are placed into the routing table if a primary route is lost. A summary static route aggregates several routes into one, reducing the of the routing table. Standard static routes are manually entered routes into the routing table. Default static routes create a gateway of last resort.
Which type of static route is configured with a greater administrative distance to provide a backup route to a route learned from a dynamic routing protocol? -standard static route -default static route -floating static route -summary static route
WPA2 with AES Explanation & Hint: WPA2 with AES:Security Level: Highest among the listed options. AES is a more advanced and secure encryption algorithm. WPA2 with AES is currently considered the industry standard for wireless network security.Usage Recommendation: Strongly recommended for securing wireless networks. Provides robust security and is widely supported by modern wireless devices.
Which wireless encryption method is the most secure? -WPA2 with AES -WPA2 with TKIP -WEP -WPA
It uses the MAC-address-to-IP-address binding database to validate an ARP packet. Explanation: DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a bindings database of valid tuples (MAC address, IP address, VLAN interface). When DAI is enabled, the switch drops ARP packet if the sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. However, it can be overcome through static mappings. Static mappings are useful when hosts configure static IP addresses, DHCP snooping cannot be run, or other switches in the network do not run dynamic ARP inspection. A static mapping associates an IP address to a MAC address on a VLAN.
Why is DHCP snooping required when using the Dynamic ARP Inspection feature? -It uses the MAC address table to verify the default gateway IP address. -It redirects ARP requests to the DHCP server for verification. -It relies on the settings of trusted and untrusted ports set by DHCP snooping. -It uses the MAC-address-to-IP-address binding database to validate an ARP packet.
