SWRE Final Exam 6 Flashcards

1
Q

What protocol or technology uses source IP to destination IP as a load-balancing mechanism?

VTP
EtherChannel
DTP
STP

A

EtherChannel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What protocol should be disabled to help mitigate VLAN attacks?

CDP
ARP
STP
DTP

A

DTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

. What protocol or technology requires switches to be in server mode or client mode?

EtherChannel
STP
VTP
DTP

A

VTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are two reasons a network administrator would segment a network with a Layer 2 switch? (Choose two.)

to create fewer collision domains

to enhance user bandwidth

to create more broadcast domains

to eliminate virtual circuits

to isolate traffic between segments

to isolate ARP request messages from the rest of the network

A

to enhance user bandwidth

to isolate traffic between segments

Explanation: A switch has the ability of creating temporary point-to-point connections between the directly-attached transmitting and receiving network devices. The two devices have full-bandwidth full-duplex connectivity during the transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server?

a static route

the ipv6 route ::/0 command

the ipv6 unicast-routing command

the ip routing command

A

the ipv6 unicast-routing command

Explanation: To enable IPv6 on a router you must use the ipv6 unicast-routing global configuration command or use the ipv6 enable interface configuration command. This is equivalent to entering ip routing to enable IPv4 routing on a router when it has been turned off. Keep in mind that IPv4 is enabled on a router by default. IPv6 is not enabled by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A network administrator is using the router-on-a-stick model to configure a switch and a router for inter-VLAN routing. What configuration should be made on the switch port that connects to the router?

Configure it as a trunk port and allow only untagged traffic.

Configure the port as an access port and a member of VLAN1.

Configure the port as an 802.1q trunk port.

Configure the port as a trunk port and assign it to VLAN1.

A

Configure the port as an 802.1q trunk port.

Explanation: The port on the switch that connects to the router interface should be configured as a trunk port. Once it becomes a trunk port, it does not belong to any particular VLAN and will forward traffic from various VLANs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are three techniques for mitigating VLAN attacks? (Choose three.)

Use private VLANs.

Enable BPDU guard.

Enable trunking manually

Enable Source Guard.

Disable DTP.

Set the native VLAN to an unused VLAN.

A

Enable trunking manually
Disable DTP.
Set the native VLAN to an unused VLAN.

Explanation: Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)

A

The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the DHCPv4 server receives a DHCPDISCOVER message, it reserves an available IPv4 address to lease to the client and sends the unicast DHCPOFFER message to the requesting client. When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST. On receiving the DHCPREQUEST message the server replies with a unicast DHCPACK message. DHCPREPLY and DHCPINFORMATION-REQUEST are DHCPv6 messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In which situation would a technician use the show interfaces switch command?

to determine if remote access is enabled

when packets are being dropped from a particular directly attached host

when an end device can reach local devices, but not remote devices

to determine the MAC address of a directly attached network device on a particular interface

A

when packets are being dropped from a particular directly attached host

Explanation: The show interfaces command is useful to detect media errors, to see if packets are being sent and received, and to determine if any runts, giants, CRCs, interface resets, or other errors have occurred. Problems with reachability to a remote network would likely be caused by a misconfigured default gateway or other routing issue, not a switch issue. The show mac address-table command shows the MAC address of a directly attached device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?

There is no ability to provide accountability.

User accounts must be configured locally on each device, which is an unscalable authentication solution.

It is very susceptible to brute-force attacks because there is no username.

The passwords can only be stored in plain text in the running configuration.

A

User accounts must be configured locally on each device, which is an unscalable authentication solution.

Explanation: The local database method of securing device access utilizes usernames and passwords that are configured locally on the router. This allows administrators to keep track of who logged in to the device and when. The passwords can also be encrypted in the configuration. However, the account information must be configured on each device where that account should have access, making this solution very difficult to scale.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?

It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

It sends a DHCPNAK and begins the DHCP process over again.

It discards both offers and sends a new DHCPDISCOVER.

It accepts both DHCPOFFER messages and sends a DHCPACK.

A

It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Refer to the exhibit. The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.)

Three security violations have been detected on this interface.

This port is currently up.

The port is configured as a trunk link.

Security violations will cause this port to shut down immediately.

There is no device currently connected to this port.

The switch port mode for this interface is access mode.

A

This port is currently up.

Security violations will cause this port to shut down immediately.

The switch port mode for this interface is access mode.

Explanation: Because the security violation count is at 0, no violation has occurred. The system shows that 3 MAC addresses are allowed on port fa0/2, but only one has been configured and no sticky MAC addresses have been learned. The port is up because of the port status of secure-up. The violation mode is what happens when an unauthorized device is attached to the port. A port must be in access mode in order to activate and use port security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What method of wireless authentication is dependent on a RADIUS authentication server?

WEP

WPA Personal

WPA2 Personal

WPA2 Enterprise

A

WPA2 Enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A network administrator has found a user sending a double-tagged 802.1Q frame to a switch. What is the best solution to prevent this type of attack?

The native VLAN number used on any trunk should be one of the active data VLANs.

The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.

Trunk ports should be configured with port security.

Trunk ports should use the default VLAN as the native VLAN number.

A

The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Refer to the exhibit. Which two conclusions can be drawn from the output? (Choose two.)

The EtherChannel is down.

The port channel ID is 2.

The port channel is a Layer 3 channel.

The bundle is fully operational.

The load-balancing method used is source port to destination port.

A

The EtherChannel is down.

The port channel ID is 2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Match the step number to the sequence of stages that occur during the HSRP failover process. (Not all options are used.)

A

Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow for transparent failover of a first-hop IPv4 device

17
Q

On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to configure a particular WLAN with a WPA2 policy?

WLANs

SECURITY

WIRELESS

MANAGEMENT

A

WLANs

The WLANs tab in the Cisco 3504 WLC advanced Summary page allows a user to access the configuration of WLANs including security, QoS, and policy-mapping.

18
Q

Refer to the exhibit. A network engineer is configuring IPv6 routing on the network. Which command issued on router HQ will configure a default route to the Internet to forward packets to an IPv6 destination network that is not listed in the routing table?​

ipv6 route ::/0 serial 0/0/0

ip route 0.0.0.0 0.0.0.0 serial 0/1/1

ipv6 route ::1/0 serial 0/1/1

ipv6 route ::/0 serial 0/1/1

A

ipv6 route ::/0 serial 0/1/1

19
Q

Users are complaining of sporadic access to the internet every afternoon. What should be done or checked?

Create static routes to all internal networks and a default route to the internet.

Verify that there is not a default route in any of the edge router routing tables.

Create a floating static route to that network.

Check the statistics on the default route for oversaturation.

A

Check the statistics on the default route for oversaturation.

20
Q

What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port?

The switch purges the entire MAC address table.

The switch replaces the old entry and uses the more current port.

The switch updates the refresh timer for the entry.

The switch forwards the frame out of the specified port.

A

The switch replaces the old entry and uses the more current port.

21
Q

A network administrator is configuring a WLAN. Why would the administrator use a WLAN controller?

to centralize management of multiple WLANs

to provide privacy and integrity to wireless traffic by using encryption

to facilitate group configuration and management of multiple WLANs through a WLC

to provide prioritized service for time-sensitive applications

A

to facilitate group configuration and management of multiple WLANs through a WLC

22
Q

A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.)
Case 1:

installing a static route

assigning the ports to the native VLAN

entering “no switchport” on the port connected to the router

modifying the default VLAN

assigning ports to VLANs

enabling IP routing

adjusting the route metric

case 2:
establishing adjacencies
adjusting the route metric
assigning ports to VLANs
implementing a routing protocol
creating SVI interfaces
installing a static route
creating VLANs

Case 3:
assigning ports to VLANs
assigning the ports to the native VLAN
modifying the default VLAN
deleting the default VLAN
enabling IP routing
installing a static route
entering “no switchport” on the port connected to the router

Case 4:
installing a static route
enabling IP routing
modifying the default VLAN
implementing a routing protocol
assigning ports to VLANs
assigning the ports to the native VLAN
creating SVI interfaces

Case 5:
assigning ports to VLANs
assigning the ports to the native VLAN
enabling IP routing
modifying the default VLAN
installing a static route
implementing a routing protocol
creating SVI interfaces

Case 6:
establishing adjacencies
enabling IP routing
assigning the ports to the native VLAN
adjusting the route metric
modifying the default VLAN
entering “no switchport” on the port connected to the router
assigning ports to VLANs

A

case1
entering “no switchport” on the port connected to the router
assigning ports to VLANs
enabling IP routing

case 2
assigning ports to VLANs
enabling IP routing
creating VLANs

case 3
assigning ports to VLANs
enabling IP routing
entering “no switchport” on the port connected to the router

case 4
enabling IP routing
assigning ports to VLANs
creating SVI interfaces

Explanation: Steps to configure Layer 3 switch to route with a router:
Step 1. Configure the routed port.
Step 2. Enable routing.
Step 3. Configure routing.
Step 4. Verify routing.
Step 5. Verify connectivity.

23
Q

Which three statements accurately describe duplex and speed settings on Cisco 2960 switches? (Choose three.)

An autonegotiation failure can result in connectivity issues.

When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode.

The duplex and speed settings of each switch port can be manually configured.

Enabling autonegotiation on a hub will prevent mismatched port speeds when connecting the hub to the switch.

By default, the speed is set to 100 Mb/s and the duplex mode is set to autonegotiation.

By default, the autonegotiation feature is disabled.

A

An autonegotiation failure can result in connectivity issues.

When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode.

The duplex and speed settings of each switch port can be manually configured.

24
Q

Refer to the exhibit. A network administrator configures R1 for inter-VLAN routing between VLAN 10 and VLAN 20. However, the devices in VLAN 10 and VLAN 20 cannot communicate. Based on the configuration in the exhibit, what is a possible cause for the problem?

A. The port Gi0/0 should be configured as trunk port.

B. The encapsulation is misconfigured on a
subinterface.

C. A no shutdown command should be added in each subinterface configuration.

D. The command interface gigabitEthernet 0/0.1 is wrong.

A

B. The encapsulation is misconfigured on a
subinterface.

25
Q

A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on a switch. However, BPDU guard is not activated on all access ports. What is the cause of the issue?

BPDU guard needs to be activated in the interface configuration command mode.

Access ports configured with root guard cannot be configured with BPDU guard.

Access ports belong to different VLANs.

PortFast is not configured on all access ports.

A

PortFast is not configured on all access ports.