CCNA 2 v7.0 Final Exam
What address and prefix length is used when configuring an IPv6 default static route?
::/0
An administrator is trying to remove configurations from a switch. After using the command erase startup-config and reloading the switch, the administrator finds that VLANs 10 and 100 still exist on the switch. Why were these VLANs not removed?
Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted.
A network administrator is adding a new WLAN on a Cisco 3500 series WLC. Which tab should the administrator use to create a new VLAN interface to be used for the new WLAN?
CONTROLLER
A junior technician was adding a route to a LAN router. A traceroute to a device on the new network revealed a wrong path and unreachable status. What should be done or checked?
Check the configuration of the exit interface on the new static route.
An administrator notices that large numbers of packets are being dropped on one of the branch routers. What should be done or checked?
Check the routing table for a missing static route.
Users are complaining of sporadic access to the internet every afternoon. What should be done or checked?
Check the statistics on the default route for oversaturation.
What is a secure configuration option for remote access to a network device?
Configure SSH.
A network administrator is using the router-on-a-stick model to configure a switch and a router for inter-VLAN routing. What configuration should be made on the switch port that connects to the router?
Configure the port as an 802.1q trunk port.
A technician is configuring a router for a small company with multiple WLANs and doesn't need the complexity of a dynamic routing protocol. What should be done or checked?
Create static routes to all internal networks and a default route to the internet.
What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?
DHCP starvation
What protocol or technology is a Cisco proprietary protocol that is automatically enabled on 2960 switches?
DTP
What protocol or technology manages trunk negotiations between switches?
DTP
What protocol should be disabled to help mitigate VLAN attacks?
DTP
Which Cisco solution helps prevent ARP spoofing and ARP poisoning attacks?
Dynamic ARP Inspection
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
Enable port security.
A company has just switched to a new ISP. The ISP has completed and checked the connection from its site to the company. However, employees at the company are not able to access the internet. What should be done or checked?
Ensure that the old default route has been removed from the company edge routers.
What protocol or technology allows data to transmit over redundant switch links?
EtherChannel
What protocol or technology uses source IP to destination IP as a load-balancing mechanism?
EtherChannel
How will a router handle static routing differently if Cisco Express Forwarding is disabled?
Ethernet multiaccess interfaces will require fully specified static routes to avoid routing inconsistencies.
What is the IPv6 prefix that is used for link-local addresses?
FE80::/10
Which statement is correct about how a Layer 2 switch determines how to forward frames?
Frame forwarding decisions are based on MAC address and port mappings in the CAM table.
What protocol or technology defines a group of routers, one of them defined as active and another one as standby?
HSRP
What protocol or technology uses a standby router to assume packet-forwarding responsibility if the active router fails?
HSRP
During the AAA process, when will authorization be implemented?
Immediately after successful authentication against an AAA data source
What is the effect of entering the ip arp inspection validate src-mac configuration command on a switch?
It checks the source L2 address in the Ethernet header against the sender L2 address in the ARP body.
What is the effect of entering the switchport mode access configuration command on a switch?
It disables DTP on a non-trunking interface.
What is the effect of entering the shutdown configuration command on a switch?
It disables an unused port.
What is the effect of entering the show ip dhcp snooping binding configuration command on a switch?
It displays the IP-to-MAC address associations for switch interfaces.
What is the effect of entering the ip arp inspection vlan 10 configuration command on a switch?
It enables DAI on specific switch interfaces previously configured with DHCP snooping.
What is the effect of entering the ip dhcp snooping configuration command on a switch?
It enables DHCP snooping globally on a switch.
What is the effect of entering the switchport port-security configuration command on a switch?
It enables port security on an interface.
What is the effect of entering the spanning-tree portfast configuration command on a switch?
It enables portfast on a specific switch interface.
What is the effect of entering the ip dhcp snooping limit rate 6 configuration command on a switch?
It restricts the number of discovery messages, per second, to be received on the interface.
What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?
It sends a DHCPREQUEST that identifies which lease offer the client is accepting.
Why is DHCP snooping required when using the Dynamic ARP Inspection feature?
It uses the MAC-address-to-IP-address binding database to validate an ARP packet.
A network administrator is preparing the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces?
Link types are determined automatically.
A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation?
MAC address table overflow
What is an advantage of PVST+?
PVST+ optimizes performance on the network through load sharing.
A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on a switch. However, BPDU guard is not activated on all access ports. What is the cause of the issue?
PortFast is not configured on all access ports.
A static route has been configured on a router. However, the destination network no longer exists. What should an administrator do to remove the static route from the routing table?
Remove the route using the no ip route command.
Which method of IPv6 prefix assignment relies on the prefix contained in RA messages?
SLAAC
Which protocol adds security to remote connections?
SSH
What protocol or technology disables redundant paths to eliminate Layer 2 loops?
STP
A network administrator has found a user sending a double-tagged 802.1Q frame to a switch. What is the best solution to prevent this type of attack?
The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.
Which statement describes a result after multiple Cisco LAN switches are interconnected?
The broadcast domain expands to all switches.
What is a result of connecting two or more switches together?
The size of the broadcast domain is increased.
What action takes place when the source MAC address of a frame entering a switch is not in the MAC address table?
The switch adds the MAC address and incoming port number to the table.
What action takes place when a frame entering a switch has a unicast destination MAC address appearing in the MAC address table?
The switch forwards the frame out of the specified port.
What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port?
The switch replaces the old entry and uses the more current port.
What action takes place when a frame entering a switch has a multicast destination MAC address?
The switch will forward the frame out all ports except the incoming port.
What action takes place when a frame entering a switch has a unicast destination MAC address that is not in the MAC address table?
The switch will forward the frame out all ports except the incoming port.
Branch users were able to access a site in the morning but have had no connectivity with the site since lunch time. What should be done or checked?
Use the "show ip interface brief" command to see if an interface is down.
Employees are unable to connect to servers on one of the internal networks. What should be done or checked?
Use the "show ip interface brief" command to see if an interface is down.
What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?
User accounts must be configured locally on each device, which is an unscalable authentication solution.
What protocol or technology requires switches to be in server mode or client mode?
VTP
Users on a LAN are unable to get to a company web server but are able to get elsewhere. What should be done or checked?
Verify that the static route to the server is present in the routing table.
On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to configure a particular WLAN with a WPA2 policy?
WLANs
What method of wireless authentication is dependent on a RADIUS authentication server?
WPA2 Enterprise
Which wireless encryption method is the most secure?
WPA2 with AES
A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?
a key that matches the key on the AP
On what switch ports should BPDU guard be enabled to enhance STP stability?
all PortFast-enabled ports
Which term describes the role of a Cisco switch in the 802.1X port-based access control?
authenticator
Which DHCPv4 message will a client send to accept an IPv4 address that is offered by a DHCP server?
broadcast DHCPREQUEST
What IPv6 prefix is designed for link-local communication?
fe80::/10
Which type of static route is configured with a greater administrative distance to provide a backup route to a route learned from a dynamic routing protocol?
floating static route
Which command will start the process to bundle two physical interfaces to create an EtherChannel group via LACP?
interface range GigabitEthernet 0/4 - 5
What is a method to launch a VLAN hopping attack?
introducing a rogue switch and enabling trunking
Which option shows a correctly configured IPv4 default static route?
ip route 0.0.0.0 0.0.0.0 S0/0/0
Which network attack is mitigated by enabling BPDU guard?
rogue switches on a network
What would be the primary reason an attacker would launch a MAC address overflow attack?
so that the attacker can see frames that are destined for other hosts
A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this?
sticky secure MAC addresses
What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server?
the ipv6 unicast-routing command
Which information does a switch use to populate the MAC address table?
the source MAC address and the incoming port
A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID?
to eliminate outsiders scanning for available SSIDs in the area
A network administrator is configuring a WLAN. Why would the administrator use a WLAN controller?
to facilitate group configuration and management of multiple WLANs through a WLC
A network administrator is configuring a WLAN. Why would the administrator use multiple lightweight APs?
to facilitate group configuration and management of multiple WLANs through a WLC
A network administrator is configuring a WLAN. Why would the administrator apply WPA2 with AES to the WLAN?
to provide privacy and integrity to wireless traffic by using encryption
A network administrator is configuring a WLAN. Why would the administrator change the default DHCP IPv4 addresses on an AP?
to reduce outsiders intercepting data or accessing the wireless network by using a well-known address range
A network administrator is configuring a WLAN. Why would the administrator use RADIUS servers on the network?
to restrict access to the WLAN by authorized, authenticated users only
What is the common term given to SNMP log messages that are generated by network devices and sent to the SNMP server?
traps
Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients?
turning on DHCP snooping
In which situation would a technician use the show interfaces switch command?
when packets are being dropped from a particular directly attached host
After attaching four PCs to the switch ports, configuring the SSID and setting authentication properties for a small office network, a technician successfully tests the connectivity of all PCs that are connected to the switch and WLAN. A firewall is then configured on the device prior to connecting it to the Internet. What type of network device includes all of the described features?
wireless router
