Q:101-120

Question 1

102. What protocol should be disabled to help mitigate VLAN attacks?

CDP
ARP
STP
DTP

Answer 1

DTP

Question 2

103. What protocol or technology requires switches to be in server mode or client mode?

EtherChannel
STP
VTP
DTP

Answer 2

VTP

Question 3

104. What are two reasons a network administrator would segment a network with a Layer 2 switch? (Choose two.)

to create fewer collision domains
to enhance user bandwidth
to create more broadcast domains
to eliminate virtual circuits
to isolate traffic between segments
to isolate ARP request messages from the rest of the network

Answer 3

to enhance user bandwidth

to isolate traffic between segments

Question 4

105. What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server?

a static route
the ipv6 route ::/0 command
the ipv6 unicast-routing command
the ip routing command

Answer 4

the ipv6 unicast-routing command

Question 5

106. A network administrator is using the router-on-a-stick model to configure a switch and a router for inter-VLAN routing. What configuration should be made on the switch port that connects to the router?

Configure it as a trunk port and allow only untagged traffic.

Configure the port as an access port and a member of VLAN1.

Configure the port as an 802.1q trunk port.

Configure the port as a trunk port and assign it to VLAN1.

Answer 5

Configure the port as an 802.1q trunk port.

Question 6

107. What are three techniques for mitigating VLAN attacks? (Choose three.)

Use private VLANs.
Enable BPDU guard.
Enable trunking manually
Enable Source Guard.
Disable DTP.
Set the native VLAN to an unused VLAN.

Answer 6

Enable trunking manually

Disable DTP.

Set the native VLAN to an unused VLAN.

Question 7

108. Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)

Question 8

109. In which situation would a technician use the show interfaces switch command?

to determine if remote access is enabled

when packets are being dropped from a particular directly attached host

when an end device can reach local devices, but not remote devices

to determine the MAC address of a directly attached network device on a particular interface

Answer 8

when packets are being dropped from a particular directly attached host

Question 9

110. What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?

There is no ability to provide accountability.

User accounts must be configured locally on each device, which is an unscalable authentication solution.

It is very susceptible to brute-force attacks because there is no username.

The passwords can only be stored in plain text in the running configuration.

Answer 9

There is no ability to provide accountability.

User accounts must be configured locally on each device, which is an unscalable authentication solution.

Question 10

111. What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?

It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

It sends a DHCPNAK and begins the DHCP process over again.

It discards both offers and sends a new DHCPDISCOVER.

It accepts both DHCPOFFER messages and sends a DHCPACK.

Answer 10

It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

Question 11

112. Refer to the exhibit. The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.)

Three security violations have been detected on this interface.

This port is currently up.

The port is configured as a trunk link.

Security violations will cause this port to shut down immediately.

There is no device currently connected to this port.

The switch port mode for this interface is access mode.

Answer 11

The switch port mode for this interface is access mode.

Security violations will cause this port to shut down immediately.

This port is currently up.

Question 12

113. What method of wireless authentication is dependent on a RADIUS authentication server?

WEP
WPA Personal
WPA2 Personal
WPA2 Enterprise

Answer 12

WPA2 Enterprise

Question 13

114. A network administrator has found a user sending a double-tagged 802.1Q frame to a switch. What is the best solution to prevent this type of attack?

The native VLAN number used on any trunk should be one of the active data VLANs.

The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.

Trunk ports should be configured with port security.

Trunk ports should use the default VLAN as the native VLAN number.

Answer 13

The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.

Question 14

115. Refer to the exhibit. Which two conclusions can be drawn from the output? (Choose two.)

The EtherChannel is down.
The port channel ID is 2.
The port channel is a Layer 3 channel.
The bundle is fully operational.
The load-balancing method used is source port to destination port.

Answer 14

The EtherChannel is down.

The port channel ID is 2.

Question 15

117. On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to configure a particular WLAN with a WPA2 policy?

WLANs
SECURITY
WIRELESS
MANAGEMENT

Answer 15

WLANs

Question 16

118. Refer to the exhibit. A network engineer is configuring IPv6 routing on the network. Which command issued on router HQ will configure a default route to the Internet to forward packets to an IPv6 destination network that is not listed in the routing table?​

ipv6 route ::/0 serial 0/0/0
ip route 0.0.0.0 0.0.0.0 serial 0/1/1
ipv6 route ::1/0 serial 0/1/1
ipv6 route ::/0 serial 0/1/1

Answer 16

ipv6 route ::/0 serial 0/1/1

Question 17

119. Users are complaining of sporadic access to the internet every afternoon. What should be done or checked?

Create static routes to all internal networks and a default route to the internet.

Verify that there is not a default route in any of the edge router routing tables.

Create a floating static route to that network.

Check the statistics on the default route for oversaturation.

Answer 17

Check the statistics on the default route for oversaturation.

Question 18

120. What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port?

The switch purges the entire MAC address table.

The switch replaces the old entry and uses the more current port.

The switch updates the refresh timer for the entry.

The switch forwards the frame out of the specified port.

Answer 18

The switch replaces the old entry and uses the more current port.

Question 19

121. A network administrator is configuring a WLAN. Why would the administrator use a WLAN controller?

to centralize management of multiple WLANs

to provide privacy and integrity to wireless traffic by using encryption

to facilitate group configuration and management of multiple WLANs through a WLC

to provide prioritized service for time-sensitive applications

Answer 19

to facilitate group configuration and management of multiple WLANs through a WLC

Question 20

122. A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.)
Case 1:
modifying the default VLAN
installing a static route
adjusting the route metric
creating VLANs
assigning ports to VLANs
creating SVI interfaces
implementing a routing protocol

Case 2:
enabling IP routing
entering “no switchport” on the port connected to the router
adjusting the route metric
installing a static route
assigning the ports to the native VLAN
modifying the default VLAN
assigning ports to VLANs

Case 3:
enabling IP routing
modifying the default VLAN
entering “no switchport” on the port connected to the router
establishing adjacencies
assigning ports to VLANs
adjusting the route metric
assigning the ports to the native VLAN

Case 4:
assigning ports to VLANs
assigning the ports to the native VLAN
enabling IP routing
modifying the default VLAN
installing a static route
implementing a routing protocol
creating SVI interfaces

Answer 20

Case 1:
creating VLANs

assigning ports to VLANs

creating SVI interfaces

Case 2:
enabling IP routing

entering “no switchport” on the port connected to the router

assigning ports to VLANs

Case 3:
entering “no switchport” on the port connected to the router

establishing adjacencies

enabling IP routing

Case 4:
assigning ports to VLANs

enabling IP routing

creating SVI interfaces

Question 21

123. Which three statements accurately describe duplex and speed settings on Cisco 2960 switches? (Choose three.)

An autonegotiation failure can result in connectivity issues.

When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode.

The duplex and speed settings of each switch port can be manually configured.

Enabling autonegotiation on a hub will prevent mismatched port speeds when connecting the hub to the switch.

By default, the speed is set to 100 Mb/s and the duplex mode is set to autonegotiation.

By default, the autonegotiation feature is disabled.

Answer 21

An autonegotiation failure can result in connectivity issues.

When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode.

The duplex and speed settings of each switch port can be manually configured