Switching, Routing, and Wireless Essentials ( Version 7.

00) – Switching
Concepts, VLANs, and Inter-VLAN Routing Exam
1. Which tasks can be accomplished by using the command history feature?
(Choose two.)
 View a list of commands entered in a previous session.
 Recall up to 15 command lines by default.
 Set the command history buffer size.
 Recall previously entered commands.
 Save command lines in a log file for future reference.
Explanation: The history command allows you to view and reuse previously entered commands
stored in the buffer. It is also used to manage the of the buffer.
2. What is the first action in the boot sequence when a switch is powered on?
 load the default Cisco IOS software
 load boot loader software
 low-level CPU initialization
 load a power-on self-test program
Explanation: The first action to take place when a switch is powered on is the POST or power-on
self-test. POST performs tests on the CPU, memory, and flash in preparation for loading the boot
loader.
3. What must an administrator have in order to reset a lost password on a
router?
 a TFTP server
 a crossover cable
 access to another router
 physical access to the router
Explanation: Console access to the device through a terminal or terminal emulator software on a
PC is required for password recovery.
4. When configuring a switch for SSH access, what other command that is
associated with the login local command is required to be entered on the
switch?
 enable secret password
 password password
 username username secret secret
 login block-for seconds attempts number within*seconds*
Explanation: The login local command designates that the local username database is used to
authenticate interfaces such as console or vty.
5. Which command displays information about the auto-MDIX setting for a
specific interface?
 show interfaces
 show controllers
 show processes
 show running-config
Explanation: To examine the auto-MDIX setting for a specific interface, the show controllers
ethernet-controller command with the phy keyword should be used.
6. If one end of an Ethernet connection is configured for full duplex and the
other end of the connection is configured for half duplex, where would late
collisions be observed?
 on both ends of the connection
 on the full-duplex end of the connection
 only on serial interfaces
 on the half-duplex end of the connection
Explanation: Full-duplex communications do not produce collisions. However, collisions often
occur in half-duplex operations. When a connection has two different duplex configurations, the
half-duplex end will experience late collisions. Collisions are found on Ethernet networks. Serial
interfaces use technologies other than Ethernet.
7. Which command is used to set the BOOT environment variable that defines
where to find the IOS image file on a switch?
 config-register
 boot system
 boot loader
 confreg
Explanation: The boot system command is used to set the BOOT environment variable.
The config-register and confreg commands are used to set the configuration register.
The boot loader command supports commands to format the flash file system, reinstall the
operating system software, and recover from a lost or forgotten password.
8. What does a switch use to locate and load the IOS image?
 BOOT environment variable
 IOS image file
 POST
 startup-config
 NVRAM
Explanation: The BOOT environment variable contains the information about where to find the
IOS image file.
9. Which protocol adds security to remote connections?
 FTP
 HTTP
 NetBEUI
 POP
 SSH
Explanation: SSH allows a technician to securely connect to a remote network device for
monitoring and troubleshooting. HTTP establishes web page requests. FTP manages file transfer.
NetBEUI is not routed on the Internet. POP downloads email messages from email servers.
10. What is a characteristic of an IPv4 loopback interface on a Cisco IOS
router?
 The no shutdown command is required to place this interface in an UP state.
 It is a logical interface internal to the router.
 Only one loopback interface can be enabled on a router.
 It is assigned to a physical port and can be connected to other devices.
Explanation: The loopback interface is a logical interface internal to the router and is
automatically placed in an UP state, as long as the router is functioning. It is not assigned to a
physical port and can therefore never be connected to any other device. Multiple loopback
interfaces can be enabled on a router.
11. What is the minimum Ethernet frame size that will not be discarded by
the receiver as a runt frame?
 64 bytes
 512 bytes
 1024 bytes
 1500 bytes
Explanation: The minimum Ethernet frame size is 64 bytes. Frames smaller than 64 bytes are
considered collision fragments or runt frames and are discarded.
12. After which step of the switch bootup sequence is the boot loader
executed?
 after CPU initialization
 after IOS localization
 after flash file system initialization
 after POST execution
Explanation: The correct bootup sequence order is as follows:
1.- The switch loads and executes the POST.
2.- The switch loads the boot loader software.
3.- The boot loader performs low-level CPU initialization.
4.- The boot loader initializes the flash memory.
5.- The boot loader locates and loads the default IOS image.
13. Which impact does adding a Layer 2 switch have on a network?
  an increase in the number of dropped frames
 an increase in the size of the broadcast domain
 an increase in the number of network collisions
 an increase in the size of the collision domain
Explanation: Adding a Layer 2 switch to a network increases the number of collision domains
and increases the size of the broadcast domain. Layer 2 switches do not decrease the amount of
broadcast traffic, do not increase the amount of network collisions and do not increase the number
of dropped frames.
14. Which characteristic describes cut-through switching?
 Error-free fragments are forwarded, so switching occurs with lower latency.
 Frames are forwarded without any error checking.
 Only outgoing frames are checked for errors.
 Buffering is used to support different Ethernet speeds.
Explanation: Cut-through switching reduces latency by forwarding frames as soon as the
destination MAC address and the corresponding switch port are read from the MAC address table.
This switching method does not perform any error checking and does not use buffers to support
different Ethernet speeds. Error checking and buffers are characteristics of store-and-forward
switching.
15. What is the significant difference between a hub and a Layer 2 LAN
switch?
 A hub extends a collision domain, and a switch divides collision
domains.
 A hub divides collision domains, and a switch divides broadcast domains.
 Each port of a hub is a collision domain, and each port of a switch is a broadcast domain.
 A hub forwards frames, and a switch forwards only packets.
Explanation: Hubs operate only at the physical layer, forwarding bits as wire signals out all ports,
and extend the collision domain of a network. Switches forward frames at the data link layer and
each switch port is a separate collision domain which creates more, but smaller, collision domains.
Switches do not manage broadcast domains because broadcast frames are always forwarded out
all active ports.

16. Which statement is correct about Ethernet switch frame forwarding decisions?
 Frame forwarding decisions are based on MAC address and port
mappings in the CAM table.
 Cut-through frame forwarding ensures that invalid frames are always dropped.
 Only frames with a broadcast destination address are forwarded out all active switch
ports.
 Unicast frames are always forwarded regardless of the destination MAC address.
Explanation: Cut-through frame forwarding reads up to only the first 22 bytes of a frame, which
excludes the frame check sequence and thus invalid frames may be forwarded. In addition to
broadcast frames, frames with a destination MAC address that is not in the CAM are also flooded
out all active ports. Unicast frames are not always forwarded. Received frames with a destination
MAC address that is associated with the switch port on which it is received are not forwarded
because the destination exists on the network segment connected to that port.
17. How do switch buffers affect network performance?
 They provide error checking on the data received.
 They store frames received, thus preventing premature frame
discarding when network congestion occurs.
 They provide extra memory for a particular port if autonegotiation of speed or duplex fails.
 They hold data temporarily when a collision occurs until normal data transmission
resumes.
Explanation: Switches have large frame buffers that allow data waiting to be transmitted to be
stored so the data will not be dropped. This feature is beneficial especially if the incoming traffic is
from a faster port than the egress port used for transmitting.
18. Which switch characteristic helps keep traffic local and alleviates network
congestion?
 high port density
 fast port speed
 large frame buffers
  fast internal switching
Explanation: Switches that have a lot of ports (high port density) reduce the number of switches
required and keep some of the traffic locally on the switch, thus removing the need to send it
between switches.
19. Which switch component reduces the amount of packet handling time
inside the switch?
 ASIC
 dual processors
 large buffer size
 store-and-forward RAM
Explanation: Application-specific integrated circuits (ASICs) are used in Cisco switches to speed
up switch operations so that the switch can have an increased number of ports without degrading
switch performance.
20. Refer to the exhibit. A switch receives a Layer 2 frame that contains a
source MAC address of 000b.a023.c501 and a destination MAC address of
0050.0fae.75aa. Place the switch steps in the order they occur. (Not all
options are used.)

CCNA2 v7 SRWE – Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing

Exam Answers

CCNA 2 v7 Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 20
Explanation: The first step a switch does when processing a frame is to see if the source MAC
address is in the MAC address table. If the address is not there, the switch adds it. The switch then
examines the destination MAC address and compares it to the MAC address table. If the address is
in the table, the switch forwards the frame out the corresponding port. If the address is missing from
the table, the switch will forward the frame to all ports except the port through which the frame
arrived.

21. What information is added to the switch table from incoming frames?
 source MAC address and incoming port number
 destination MAC address and incoming port number
 source IP address and incoming port number
 destination IP address and incoming port number
Explanation: A switch “learns” or builds the MAC address table based on the source MAC
address as a frame comes into the switch. A switch forwards the frame onward based on the
destination MAC address.
22. Which switching method ensures that the incoming frame is error-free
before forwarding?
 cut-through
 FCS
 fragment free
 store-and-forward
Explanation: Two methods used by switches to transmit frames are store-and-forward and cut-
through switching. The store-and-forward method performs error checking on the frame using the
frame check sequence (FCS) value before sending the frame. In contrast, cut-through switching
sends the frame as soon as the destination MAC address part of the header has been read and
processed.
23. Refer to the exhibit. How many broadcast domains are displayed?

CCNA2 v7 SRWE – Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing

Exam Answers 23
 1
 4
 8
 16
 55
Explanation: A router defines a broadcast boundary, so every link between two routers is a
broadcast domain. In the exhibit, 4 links between routers make 4 broadcast domains. Also, each
LAN that is connected to a router is a broadcast domain. The 4 LANs in the exhibit result in 4 more
broadcast domains, so there are 8 broadcast domains in all.
24. Under which two occasions should an administrator disable DTP while
managing a local area network? (Choose two.)
 when connecting a Cisco switch to a non-Cisco switch
 when a neighbor switch uses a DTP mode of dynamic auto
  when a neighbor switch uses a DTP mode of dynamic desirable
 on links that should not be trunking
 on links that should dynamically attempt trunking
Explanation: Cisco best practice recommends disabling DTP on links where trunking is not
intended and when a Cisco switch is connected to a non-Cisco switch. DTP is required for dynamic
trunk negotiation.
25. Which two characteristics describe the native VLAN? (Choose two.)
 Designed to carry traffic that is generated by users, this type of VLAN is also known as
the default VLAN.
 The native VLAN traffic will be untagged across the trunk link.
 This VLAN is necessary for remote management of a switch.
 High priority traffic, such as voice traffic, uses the native VLAN.
 The native VLAN provides a common identifier to both ends of a
trunk.
Explanation: The native VLAN is assigned to 802.1Q trunks to provide a common identifier to
both ends of the trunk link. Whatever VLAN native number is assigned to a port, or if the port is the
default VLAN of 1, the port does not tag any frame in that VLAN as the traffic travels across the
trunk. At the other end of the link, the receiving device that sees no tag knows the specific VLAN
number because the receiving device must have the exact native VLAN number. The native VLAN
should be an unused VLAN that is distinct from VLAN1, the default VLAN, as well as other VLANs.
Data VLANs, also known as user VLANs, are configured to carry user-generated traffic, with the
exception of high priority traffic, such as VoIP. Voice VLANs are configured for VoIP traffic. The
management VLAN is configured to provide access to the management capabilities of a switch.
26. On a switch that is configured with multiple VLANs, which command will
remove only VLAN 100 from the switch?
 Switch# delete flash:vlan.dat
 Switch(config-if)# no switchport access vlan 100
 Switch(config-if)# no switchport trunk allowed vlan 100
 Switch(config)# no vlan 100
Explanation: To remove all VLANs from a switch, the delete flash:vlan.dat command would be
used. To change the assigned VLAN for an interface, the no switchport access vlan 100 interface
configuration command would be used. To remove VLAN 100 as an allowed VLAN on a trunk, the
no switchport trunk allowed vlan 100 would be used, but this would not remove the VLAN from the
switch. To delete a single VLAN, such as VLAN 100, the no vlan 100 global configuration command
would be used.

27. Refer to the exhibit. A network administrator is reviewing port and VLAN assignments on
switch S2 and notices that interfaces Gi0/1 and Gi0/2 are not included in the output. Why
would the interfaces be missing from the output?

CCNA 2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam 27

  There is a native VLAN mismatch between the switches.
 There is no media connected to the interfaces.
 They are administratively shut down.
 They are configured as trunk interfaces.
Explanation: Interfaces that are configured as trunks do not belong to a VLAN and therefore will
not show in the output of the show vlan brief commands.
28. A network contains multiple VLANs spanning multiple switches. What
happens when a device in VLAN 20 sends a broadcast Ethernet frame?
 All devices in all VLANs see the frame.
 Devices in VLAN 20 and the management VLAN see the frame.
 Only devices in VLAN 20 see the frame.
 Only devices that are connected to the local switch see the frame.
Explanation: VLANs create logical broadcast domains that can span multiple VLAN segments.
Ethernet frames that are sent by a device on a specific VLAN can only be seen by other devices in
the same VLAN.
29. Refer to the exhibit. All workstations are configured correctly in VLAN 20.
Workstations that are connected to switch SW1 are not able to send traffic to
workstations on SW2. What could be done to remedy the problem?

CCNA2 v7 SRWE – Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing

Exam Answers 29
 Allow VLAN 20 on the trunk link.
 Enable DTP on both ends of the trunk.
 Configure all workstations on SW1 to be part of the default VLAN.
 Configure all workstations on SW2 to be part of the native VLAN.
Explanation: Enabling DTP on both switches simply allows negotiation of trunking. The
“Negotiation of Trunking” line in the graphic shows that DTP is already enabled. The graphic also
shows how the native VLAN is 1, and the default VLAN for any Cisco switch is 1. The graphic
shows the PCs are to be in VLAN 20.
30. What happens to switch ports after the VLAN to which they are assigned
is deleted?
 The ports are disabled.
 The ports are placed in trunk mode.
 The ports are assigned to VLAN1, the default VLAN.
 The ports stop communicating with the attached devices.
Explanation: Any ports that are not moved to an active VLAN cannot communicate with other
hosts after the VLAN is deleted. They must be assigned to an active VLAN or their VLAN must be
created.
31. Match the IEEE 802.1Q standard VLAN tag field with the description. (Not
all options are used.)
 CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam
Answers 31
Explanation: The IEEE 802.1Q standard header includes a 4-byte VLAN tag:
 Type – A 2-byte value called the tag protocol ID (TPID) value.
 User priority – A 3-bit value that supports level or service implementation.
 Canonical Format Identifier (CFI) – A 1-bit identifier that enables Token Ring
frames to be carried across Ethernet links.
 VLAN ID (VID) – A 12-bit VLAN identification number that supports up to 4096 VLAN
IDs.

32. Refer to the exhibit. In what switch mode should port G0/1 be assigned if Cisco best
practices are being used?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 32
 access
 trunk
 native
 auto
Explanation: The router is used to route between the two VLANs, thus switch port G0/1 needs to
be configured in trunk mode.
33. Match the DTP mode with its function. (Not all options are used.)
 CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam
Answers 33
Explanation: The dynamic auto mode makes the interface become a trunk interface if the
neighboring interface is set to trunk or desirable mode. The dynamic desirable mode makes the
interface actively attempt to convert the link to a trunk link. The trunk mode puts the interface into
permanent trunking mode and negotiates to convert the neighboring link into a trunk link. The
nonegotiate mode prevents the interface from generating DTP frames.
34. Port Fa0/11 on a switch is assigned to VLAN 30. If the command no
switchport access vlan 30 is entered on the Fa0/11 interface, what will
happen?
 Port Fa0/11 will be shutdown.
 An error message would be displayed.
 Port Fa0/11 will be returned to VLAN 1.
 VLAN 30 will be deleted.
Explanation: When the no switchport access vlan command is entered, the port is
returned to the default VLAN 1. The port will remain active as a member of VLAN 1, and VLAN 30
will still be intact, even if no other ports are associated with it.
35. Which command displays the encapsulation type, the voice VLAN ID, and
the access mode VLAN for the Fa0/1 interface?
 show vlan brief
 show interfaces Fa0/1 switchport
 show mac address-table interface Fa0/1
 show interfaces trunk
Explanation: The show interfaces switchport command displays the following
information for a given port:
Switchport
Administrative Mode
Operational Mode
Administrative Trunking Encapsulation
Operational Trunking Encapsulation
Negotiation of Trunking
Access Mode VLAN
Trunking Native Mode VLAN
Administrative Native VLAN tagging
Voice VLAN
36. Refer to the exhibit. A technician is programming switch SW3 to manage voice and data
traffic through port Fa0/20. What, if anything, is wrong with the configuration?

 There is nothing wrong with the configuration.

 Interface Fa0/20 can only have one VLAN assigned.
 The mls qos trust cos command should reference VLAN 35.
 The command used to assign the voice VLAN to the switch port is
incorrect.
Explanation: The voice VLAN should be configured with the switchport voice vlan
150 command. A switch interface can be configured to support one data VLAN and one voice
VLAN. The mls qos trust cos associates with the interface. Voice traffic must be trusted so that
fields within the voice packet can be used to classify it for QoS.
37. Which four steps are needed to configure a voice VLAN on a switch port?
(Choose four).
 Configure the interface as an IEEE 802.1Q trunk.
 Assign the voice VLAN to the switch port.
 Activate spanning-tree PortFast on the interface.
 Ensure that voice traffic is trusted and tagged with a CoS priority
value.
 Add a voice VLAN.
 Configure the switch port interface with subinterfaces.
 Assign a data VLAN to the switch port.
 Configure the switch port in access mode.
Explanation: To add an IP phone, the following commands should be added to the switch port:
SW3(config-vlan)# vlan 150
SW3(config-vlan)# name voice
SW3(config-vlan)# int fa0/20
SW3(config-if)# switchport mode access
SW3(config-if)# mls qos trust cos
SW3(config-if)# switchport access vlan 150
38. Refer to the exhibit. PC1 is unable to communicate with server 1. The
network administrator issues the show interfaces trunk command to begin
troubleshooting. What conclusion can be made based on the output of this
command?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 38
  Interface G0/2 is not configured as a trunk.
 VLAN 20 has not been created.
 The encapsulation on interface G0/1 is incorrect.
 The DTP mode is incorrectly set to dynamic auto on interface G0/1.
Explanation: In the show interfaces trunk output, the G0/2 interface of DLS1 is not listed.
This indicates the interface has probably not been configured as a trunk link. In the show
interfaces trunk output, the G0/2 interface of DLS1 is not listed. This indicates the interface has
probably not been configured as a trunk link.
39. Refer to the exhibit. What is the cause of the error that is displayed in the
configuration of inter-VLAN routing on router CiscoVille?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 39
 The gig0/0 interface does not support inter-VLAN routing.
 The no shutdown command has not been configured.
 The IP address on CiscoVille is incorrect.
 The encapsulation dot1Q 20 command has not been configured.
40. Refer to the exhibit. A network administrator has configured router
CiscoVille with the above commands to provide inter-VLAN routing. What
command will be required on a switch that is connected to the Gi0/0 interface
on router CiscoVille to allow inter-VLAN routing?

 switchport mode access

 no switchport
 switchport mode trunk
 switchport mode dynamic desirable
Explanation: When they are configured for inter-VLAN routing, routers do not support the
dynamic trunking protocol that is used by switches. For router-on-a-stick configurations to function,
a connected switch must use the command switchport mode trunk.
41. A high school uses VLAN15 for the laboratory network and VLAN30 for the
faculty network. What is required to enable communication between these
two VLANs while using the router-on-a-stick approach?
 A multilayer switch is needed.
 A router with at least two LAN interfaces is needed.
 Two groups of switches are needed, each with ports that are configured for one VLAN.
 A switch with a port that is configured as a trunk is needed when
connecting to the router.
Explanation: With router-on-a-stick, inter-VLAN routing is performed by a router with a single
router interface that is connected to a switch port configured with trunk mode. Multiple
subinterfaces, each configured for a VLAN, can be configured under the single physical router
interface. Switches can have ports that are assigned to different VLANs, but communication
between those VLANs requires routing function from the router. A multilayer switch is not used in a
router-on-a-stick approach to inter-VLAN routing.
42. When routing a large number of VLANs, what are two disadvantages of
using the router-on-a-stick inter-VLAN routing method rather than the
multilayer switch inter-VLAN routing method? (Choose two.)
 Multiple SVIs are needed.
 A dedicated router is required.
 Router-on-a-stick requires subinterfaces to be configured on the same subnets.
 Router-on-a-stick requires multiple physical interfaces on a router.
 Multiple subinterfaces may impact the traffic flow speed.
Explanation: With the router-on-a-stick inter-VLAN routing method, a dedicated router is
required. It only needs one physical interface on the router to route traffic among multiple VLANs, by
using subinterfaces on one physical interface. On the other hand, since traffic of all VLANs will have
to go through the same physical interfaces, the throughput will be impacted. Also, a multilayer
switch can use multiple SVIs to perform inter-VLAN routing.
43. Refer to the exhibit. A network administrator is verifying the
configuration of inter-VLAN routing. Users complain that PCs on different
VLANs cannot communicate. Based on the output, what are two configuration
errors on switch interface Gi1/1? (Choose two.)

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 43
 Gi1/1 is in the default VLAN.
 Voice VLAN is not assigned to Gi1/1.
 Gi1/1 is configured as trunk mode.
 Negotiation of trunking is turned on on Gi1/1.
 The trunking encapsulation protocol is configured wrong.
Explanation: With legacy inter-VLAN routing methods, the switch ports that connect to the router
should be configured as access mode and be assigned appropriate VLANs. In this scenario, the
Gi1/1 interface should be in access mode with VLAN 10 assigned. The other options are default
settings on the switch and have no effect on legacy inter-VLAN routing.
44. Refer to the exhibit. A network administrator is verifying the
configuration of inter-VLAN routing. Users complain that PC2 cannot
communicate with PC1. Based on the output, what is the possible cause of
the problem?
 CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam
Answers 44
 Gi0/0 is not configured as a trunk port.
 The command interface GigabitEthernet0/0.5 was entered incorrectly.
 There is no IP address configured on the interface Gi0/0.
 The no shutdown command is not entered on subinterfaces.
 The encapsulation dot1Q 5 command contains the wrong VLAN.
Explanation: In router-on-a-stick, the subinterface configuration should match the VLAN number
in the encapsulation command, in this case, the command encapsulation dot1Q 10 should be
used for VLAN 10. Since subinterfaces are used, there is no need to configure IP on the physical
interface Gi0/0. The trunk mode is configured on the switch port that connects to the router. The
subinterfaces are turned on when they are added.
45. Refer to the exhibit. A network administrator has configured router
CiscoVille with the above commands to provide inter-VLAN routing. What
type of port will be required on a switch that is connected to Gi0/0 on router
CiscoVille to allow inter-VLAN routing?

 routed port
 access port
 trunk port
 SVI
Explanation: To allow a router-on-a-stick configuration to function, a switch must be connected
to the router via a trunk port to carry the VLANs to be routed. An SVI would be used on a multilayer
switch where the switch is performing inter-VLAN routing.
46. Refer to the exhibit. A network administrator is configuring RT1 for inter-
VLAN routing. The switch is configured correctly and is functional. Host1,
Host2, and Host3 cannot communicate with each other. Based on the router
configuration, what is causing the problem?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 46
 Interface Fa0/0 is missing IP address configuration information.
 IP addresses on the subinterfaces are incorrectly matched to the
VLANs.
 Each subinterface of Fa0/0 needs separate no shutdown commands.
 Routers do not support 802.1Q encapsulation on subinterfaces.
Explanation: Since Host 1 (in VLAN 20) has the IP 172.18.1.10/27, the subinterface Fa0/0.1
should be configured with an IP address in the network 172.168.1.0/27. Similarly, Fa0/0.2 should be
with an IP address in the network 172.168.1.64/27 and Fa0/0.3 should be with an IP address in the
network 172.168.1.96/27.
47. Refer to the exhibit. A router-on-a-stick configuration was implemented
for VLANs 15, 30, and 45, according to the show running-config command
output. PCs on VLAN 45 that are using the 172.16.45.0 /24 network are
having trouble connecting to PCs on VLAN 30 in the 172.16.30.0 /24 network.
Which error is most likely causing this problem?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 47
 The wrong VLAN has been configured on GigabitEthernet 0/0.45.
 The command no shutdown is missing on GigabitEthernet 0/0.30.
  The GigabitEthernet 0/0 interface is missing an IP address.
 There is an incorrect IP address configured on GigabitEthernet
0/0.30.
Explanation: he subinterface GigabitEthernet 0/0.30 has an IP address that does not correspond
to the VLAN addressing scheme. The physical interface GigabitEthernet 0/0 does not need an IP
address for the subinterfaces to function. Subinterfaces do not require the no
shutdown command.
48. What is a characteristic of a routed port on a Layer 3 switch?
 It supports trunking.
 It is not assigned to a VLAN.
 It is commonly used as a WAN link.
 It cannot have an IP address assigned to it.
Explanation: A routed port on a Layer 3 switch is commonly used for connecting between
distribution and core layer switches or between a Layer 3 switch and a router. This port does not get
VLAN or trunking commands assigned to it. Instead, the port is programmed with an IP address.
This is commonly used when static routing is configured on the switch or when a routing protocol is
being run between the Layer 3 switch and the router or another Layer 3 switch.
49. Refer to the exhibit. A network administrator needs to configure router-
on-a-stick for the networks that are shown. How many subinterfaces will have
to be created on the router if each VLAN that is shown is to be routed and
each VLAN has its own subinterface?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 49
 1
 2
 3
 4
 5
Explanation: Based on the IP addresses and masks given, the PC, printer, IP phone, and switch
management VLAN are all on different VLANs. This situation will require four subinterfaces on the
router.
50. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw(config-if)# mdix auto command?
 It automatically adjusts the port to allow device connections to use
either a straight-through or a crossover cable.
 It applies an IPv4 address to the virtual interface.
 It applies an IPv6 address to the virtual interface.
 It permits an IPv6 address to be configured on a switch physical interface.
 It updates the MAC address table for the associated port.
51. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw(config-if)# ip address 172.18.33.88 255.255.255.0
command?
 It applies an IPv4 address to the virtual interface.
  It applies an IPv6 address to the virtual interface.
 It activates a virtual or physical switch interface.
 It permits an IPv6 address to be configured on a switch physical interface.
 It updates the MAC address table for the associated port.
52. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw# configure terminal command?
 It enters the global configuration mode.
 It enters configuration mode for a switch virtual interface.
 It applies an IPv4 address to the virtual interface.
 It updates the MAC address table for the associated port.
 It permits an IPv6 address to be configured on a switch physical interface.
53. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw# configure terminal command?
 It enters the global configuration mode.
 It saves the running configuration to NVRAM.
 It disables a virtual or physical switch interface.
 It updates the MAC address table for the associated port.
 It saves the startup configuration to the running configuration.
54. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw(config-if)# shutdown command?
 It disables a virtual or physical switch interface.
 It saves the running configuration to NVRAM.
 It activates a virtual or physical switch interface.
 It updates the MAC address table for the associated port.
 It saves the startup configuration to the running configuration.
55. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw(config-if)# shutdown command?
 It disables a virtual or physical switch interface.
 It applies an IPv6 address to the virtual interface.
 It applies an IPv4 address to the virtual interface.
 It permits an IPv6 address to be configured on a switch physical interface.
 It updates the MAC address table for the associated port.
56. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw(config-if)# ipv6 address 2001:db8:a2b4:88::1/64
command?
 It applies an IPv6 address to the virtual interface.
 It activates a virtual or physical switch interface.
 It applies an IPv4 address to the virtual interface.
 It permits an IPv6 address to be configured on a switch physical interface.
 It updates the MAC address table for the associated port.
57. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw(config-if)# exit command?
 It returns to global configuration mode.
 It returns to privileged mode.
 It configures the default gateway for the switch.
 It enters user mode.
 It saves the startup configuration to the running configuration.
58. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw> enable command?
 It enters privileged mode.
 It enters the global configuration mode.
 It enters configuration mode for a switch virtual interface.
 It updates the MAC address table for the associated port.
 It permits an IPv6 address to be configured on a switch physical interface.
58. A technician is configuring a new Cisco 2960 switch. What is the effect of
issuing the BranchSw(config-if)# duplex full command?
 It allows data to flow in both directions at the same time on the
interface.
 It allows data to flow in only one direction at a time on the interface
 It automatically adjusts the port to allow device connections to use either a straight-
through or a crossover cable.
 It configures the switch as the default gateway.
  It encrypts user-mode passwords when users connect remotely.
60. What type of VLAN should not carry voice and network management
traffic?
 data VLAN
 voice VLAN
 management VLAN
 security VLAN
62. What type of VLAN is designed to reserve bandwidth to ensure IP Phone
quality?
 voice VLAN
 trunk VLAN
 security VLAN
 management VLAN
63. What type of VLAN is initially the management VLAN?
 default VLAN
 native VLAN
 data VLAN
 management VLAN
64. What type of VLAN is designed to have a delay of less than 150 ms across
the network?
 voice VLAN
 desirable VLAN
 trunk VLAN
 security VLAN
65. What type of VLAN is used to separate the network into groups of users
or devices?
 data VLAN
 management VLAN
 voice VLAN
 native VLAN
66. What type of VLAN is configured specifically for network traffic such as
SSH, Telnet, HTTPS, HTTP, and SNMP?
 management VLAN
 security VLAN
 trunk VLAN
 voice VLAN
68. What type of VLAN supports untagged traffic?
 native VLAN
 voice VLAN
 security VLAN
 management VLAN
69. What type of VLAN supports untagged traffic?
 native VLAN
 desirable VLAN
 trunk VLAN
 security VLAN
70. Refer to the exhibit. A network administrator has configured R1 as shown.
When the administrator checks the status of the serial interface, the
interface is shown as being administratively down. What additional command
must be entered on the serial interface of R1 to bring the interface up?
 CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam
Answers 70
 IPv6 enable
 clockrate 128000
 end
 no shutdown
Explanation: By default all router interfaces are shut down. To bring the interfaces up, an
administrator must issue the no shutdown command in interface mode.
71. Refer to the exhibit. The network administrator wants to configure
Switch1 to allow SSH connections and prohibit Telnet connections. How
should the network administrator change the displayed configuration to
satisfy the requirement?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 71
 Use SSH version 1.
 Reconfigure the RSA key.
 Configure SSH on a different line.
 Modify the transport input command.
72. Which solution would help a college alleviate network congestion due to
collisions?
 a firewall that connects to two Internet providers
 a high port density switch
 a router with two Ethernet ports
 a router with three Ethernet ports
Explanation: Switches provide microsegmentation so that one device does not compete for the
same Ethernet network bandwidth with another network device, thus practically eliminating
collisions. A high port density switch provides very fast connectivity for many devices.
73. Which two statements are correct with respect to SVI inter-VLAN routing?
(Choose two.)
 Switching packets is faster with SVI.
 There is no need for a connection to a router.
 Virtual interfaces support subinterfaces.
 SVIs can be bundled into EtherChannels.
 SVIs eliminate the need for a default gateway in the hosts.
Explanation: The SVI inter-VLAN routing method is faster than other methods. The switch can
route the existing VLANs without the need for a router.
74. Refer to the exhibit. A network administrator is configuring inter-VLAN
routing on a network. For now, only one VLAN is being used, but more will be
added soon. What is the missing parameter that is shown as the highlighted
question mark in the graphic?

CCNA2 v7 Modules 1 – 4 Switching Concepts, VLANs, and InterVLAN Routing Exam

Answers 74
 It identifies the subinterface.
 It identifies the VLAN number.
 It identifies the native VLAN number.
 It identifies the type of encapsulation that is used.
 It identifies the number of hosts that are allowed on the interface.
Explanation: The completed command would be encapsulation dot1q 7.
The encapsulation dot1q part of the command enables trunking and identifies the type of
trunking to use. The 7 identifies the VLAN number.
75. Which type of VLAN is used to designate which traffic is untagged when
crossing a trunk port?
 data
 default
 native
 management
Explanation: A native VLAN is the VLAN that does not receive a VLAN tag in the IEEE 802.1Q
frame header. Cisco best practices recommend the use of an unused VLAN (not a data VLAN, the
default VLAN of VLAN 1, or the management VLAN) as the native VLAN whenever possible.
76. A network administrator issues the show vlan brief command while
troubleshooting a user support ticket. What output will be displayed?
 the VLAN assignment and membership for device MAC addresses
 the VLAN assignment and membership for all switch ports
 the VLAN assignment and trunking encapsulation
 the VLAN assignment and native VLAN
Explanation: The show vlan brief command will provide information displaying the VLAN
assignment and membership for all switch ports on a switch.
77. Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.
Which message is displayed when 10.10.10.1 is entered into the PC1 Web
Browser address bar?
 Local Server
 Test Server
 File Server
 Cisco Server
Explanation: Examining the configuration of switch SW1 shows that interface Gi0/1 is not
configured as a trunk. Issuing the interface configuration command switchport mode trunk on
this interface will enable communications between PC1 and Server1.
78. Match each DHCP message type with its description. (Not all options are
used.)
 CCNA 2 v7 Modules 1 – 4: Switching Concepts, VLANs, and InterVLAN Routing Exam
Answers
Explanation:Place the options in the following order:
 a client initiating a message to find a DHCP server – DHCPDISCOVER
 a DHCP server responding to the initial request by a client – DHCPOFFER
 the client accepting the IP address provided by the DHCP server – DHCPREQUEST
 the DHCP server confirming that the lease has been accepted – DHCPACK

79. What type of VLAN is configured specifically for network traffic such as
SSH, Telnet, HTTPS, HHTP, and SNMP?
 voice VLAN
 management VLAN
 native VLAN
 security VLAN

Switching, Routing, and Wireless Essentials ( Version 7.00) – Redundant

Networks Exam
1. What additional information is contained in the 12-bit extended system ID
of a BPDU?
 MAC address
 VLAN ID
 IP address
 port ID
2. During the implementation of Spanning Tree Protocol, all switches are
rebooted by the network administrator. What is the first step of the
spanning-tree election process?
 Each switch with a lower root ID than its neighbor will not send BPDUs.
 All the switches send out BPDUs advertising themselves as the root
bridge.
 Each switch determines the best path to forward traffic.
  Each switch determines what port to block to prevent a loop from occurring.
3. Which STP port role is adopted by a switch port if there is no other port
with a lower cost to the root bridge?
 designated port
 root port
 alternate
 disabled port
Explanation: The root port is the port with the lowest cost to reach the root bridge.
4. Which two concepts relate to a switch port that is intended to have only
end devices attached and intended never to be used to connect to another
switch? (Choose two.)
 bridge ID
 edge port
 extended system ID
 PortFast
 PVST+
5. Which three components are combined to form a bridge ID?
 extended system ID
 cost
 IP address
 bridge priority
 MAC address
 port ID
Explanation: The three components that are combined to form a bridge ID are bridge priority,
extended system ID, and MAC address.
6. Match the STP protocol with the correct description. (Not all options are
used.)

7. In which two port states does a switch learn MAC addresses and process
BPDUs in a PVST network? (Choose two.)
 disabled
 forwarding
 listening
 blocking
 learning
Explanation: Switches learn MAC addresses at the learning and forwarding port states. They
receive and process BPDUs at the blocking, listening, learning, and forwarding port states.
8. If no bridge priority is configured in PVST, which criteria is considered
when electing the root bridge?
 lowest MAC address
 lowest IP address
 highest IP address
 highest MAC address
Explanation: Only one switch can be the root bridge for a VLAN. The root bridge is the switch
with the lowest BID. The BID is determined by priority and the MAC address. If no priority is
configured then all switches use the default priority and the election of the root bridge will be based
on the lowest MAC address.
9. Match the spanning-tree feature with the protocol type. (Not all options
are used.)

Explanation: MST is the Cisco implementation of MSTP (IEEE 802.1s).

10. When the show spanning-tree vlan 33 command is issued on a switch,
three ports are shown in the forwarding state. In which two port roles could
these interfaces function while in the forwarding state? (Choose two.)
 alternate
 designated
 disabled
 blocked
 root
Explanation: The role of each of the three ports will be either designated port or root port. Ports
in the disabled state are administratively disabled. Ports in the blocking state are alternate ports.
11. What is the function of STP in a scalable network?
 It decreases the size of the failure domain to contain the impact of failures.
 It protects the edge of the enterprise network from malicious activity.
 It combines multiple switch trunk links to act as one logical link for increased bandwidth.
 It disables redundant paths to eliminate Layer 2 loops.
Explanation: STP is an important component in a scalable network because it allows redundant
physical connections between Layer 2 devices to be implemented without creating Layer 2 loops.
STP prevents Layer 2 loops from forming by disabling interfaces on Layer 2 devices when they
would create a loop.
12. What is a characteristic of spanning tree?
  It is enabled by default on Cisco switches.
 It is used to discover information about an adjacent Cisco device.
 It has a TTL mechanism that works at Layer 2.
 It prevents propagation of Layer 2 broadcast frames.
Explanation: Spanning tree does work at Layer 2 on Ethernet-based networks and is enabled by
default, but it does not have a TTL mechanism. Spanning tree exists because Layer 2 frames do not
have a TTL mechanism. Layer 2 frames are still broadcast when spanning tree is enabled, but the
frames can only be transmitted through a single path through the Layer 2 network that was created
by spanning tree. Cisco Discovery Protocol (CDP) is used to discover information about an adjacent
Cisco device.
13. Which spanning tree standard supports only one root bridge so that
traffic from all VLANs flows over the same path?
 PVST+
 802.1D
 MST
 Rapid PVST
Explanation: MST is the Cisco implementation of MSTP, an IEEE standard protocol that
provides up to 16 instances of RSTP. PVST+ provides a separate 802.1D spanning-tree instance
for each VLAN that is configured in the network. 802.1D is the original STP standard defined by the
IEEE and allows for only one root bridge for all VLANs. 802.1w, or RSTP, provides faster
convergence but still uses only one STP instance for all VLANs.
14. What is the purpose of the Spanning Tree Protocol (STP)?
 creates smaller collision domains
 prevents routing loops on a router
 prevents Layer 2 loops
 allows Cisco devices to exchange routing table updates
 creates smaller broadcast domains
Explanation: The Spanning-Tree Protocol (STP) creates one path through a switch network in
order to prevent Layer 2 loops.
15. What is the value used to determine which port on a non-root bridge will
become a root port in a STP network?
 the path cost
 the highest MAC address of all the ports in the switch
 the lowest MAC address of all the ports in the switch
 the VTP revision number
Explanation: STP establishes one root port on each non-root bridge. The root port is the lowest-
cost path from the non-root bridge to the root bridge, indicating the direction of the best path to the
root bridge. This is primarily based on the path cost to the root bridge.
16. Refer to the exhibit. Which switch will be the root bridge after the
election process is complete?
  S1
 S2
 S3
 S4
Explanation: The root bridge is determined by the lowest bridge ID, which consists of the priority
value and the MAC address. Because the priority values of all of the switches are identical, the
MAC address is used to determine the root bridge. Because S2 has the lowest MAC address, S2
becomes the root bridge.
17. What are two drawbacks to turning spanning tree off and having multiple
paths through the Layer 2 switch network? (Choose two.)
 The MAC address table becomes unstable.
 The switch acts like a hub.
 Port security becomes unstable.
 Broadcast frames are transmitted indefinitely.
 Port security shuts down all of the ports that have attached devices.
Explanation: Spanning tree should never be disabled. Without it, the MAC address table
becomes unstable, broadcast storms can render network clients and the switches unusable, and
multiple copies of unicast frames can be delivered to the end devices.
18. A small company network has six interconnected Layer 2 switches.
Currently all switches are using the default bridge priority value. Which value
can be used to configure the bridge priority of one of the switches to ensure
that it becomes the root bridge in this design?
 1
 28672
 32768
 34816
 61440
Explanation: The default bridge priority value for all Cisco switches is 32768. The range is 0 to
61440 in increments of 4096. Thus, the values 1 and 34816 are invalid. Configuring one switch with
the lower value of 28672 (and leaving the bridge priority value of all other switches unchanged) will
make the switch become the root bridge.
19. Refer to the exhibit. The administrator tried to create an EtherChannel
between S1 and the other two switches via the commands that are shown,
but was unsuccessful. What is the problem?

 Traffic cannot be sent to two different switches through the same

EtherChannel link.
 Traffic cannot be sent to two different switches, but only to two different devices like an
EtherChannel-enabled server and a switch.
 Traffic can only be sent to two different switches if EtherChannel is implemented on
Gigabit Ethernet interfaces.
 Traffic can only be sent to two different switches if EtherChannel is implemented on Layer
3 switches.
Explanation: An EtherChannel link can only be created between two switches or between an
EtherChannel-enabled server and a switch. Traffic cannot be sent to two different switches through
the same EtherChannel link.
20. Which statement is true regarding the use of PAgP to create
EtherChannels?
  It requires full duplex.
 It increases the number of ports that are participating in spanning tree.
 It requires more physical links than LACP does.
 It mandates that an even number of ports (2, 4, 6, etc.) be used for aggregation.
 It is Cisco proprietary.
Explanation: PAgP is used to automatically aggregate multiple ports into an EtherChannel
bundle, but it only works between Cisco devices. LACP can be used for the same purpose between
Cisco and non-Cisco devices. PAgP must have the same duplex mode at both ends and can use
two ports or more. The number of ports depends on the switch platform or module. An
EtherChannel aggregated link is seen as one port by the spanning-tree algorithm.
21. What are two requirements to be able to configure an EtherChannel
between two switches? (Choose two.)
 All the interfaces need to work at the same speed.
 All interfaces need to be assigned to different VLANs.
 Different allowed ranges of VLANs must exist on each end.
 All the interfaces need to be working in the same duplex mode.
 The interfaces that are involved need to be contiguous on the switch.
Explanation: All interfaces in the EtherChannel bundle must be assigned to the same VLAN or
be configured as a trunk. If the allowed range of VLANs is not the same, the interfaces do not form
an EtherChannel even when set to auto or desirable mode.
22. Refer to the exhibit. On the basis of the output that is shown, what can
be determined about the EtherChannel bundle?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 22

 The EtherChannel bundle is down.
 Two Gigabit Ethernet ports are used to form the EtherChannel.
 A Cisco proprietary protocol was used to negotiate the EtherChannel
link.
 The EtherChannel bundle is operating at both Layer 2 and Layer 3.
Explanation: Two protocols can be used to send negotiation frames that are used to try to
establish an EtherChannel link: PAgP and LACP. PAgP is Cisco proprietary, and LACP adheres to
the industry standard.
23. Which two parameters must match on the ports of two switches to create
a PAgP EtherChannel between the switches? (Choose two.)
 port ID
 PAgP mode
 MAC address
 speed
 VLAN information
Explanation: For an EtherChannel to be created, the ports that are concerned on the two
switches must match in terms of the speed, duplex, and VLAN information. The PAgP mode must
be compatible but not necessarily equal. The port ID and the MAC addresses do not have to match.
24. Refer to the exhibit. A network administrator is configuring an
EtherChannel link between two switches, SW1 and SW2. Which statement
describes the effect after the commands are issued on SW1 and SW2?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 24

 The EtherChannel is established after SW2 initiates the link request.
 The EtherChannel is established after SW1 initiates the link request.
 The EtherChannel is established without negotiation.
 The EtherChannel fails to establish.
Explanation: The interfaces GigabitEthernet 0/1 and GigabitEthernet 0/2 are configured “on” for
the EtherChannel link. This mode forces the interface to channel without PAgP or LACP. The
EtherChannel will be established only if the other side is also set to “on”. However, the mode on
SW2 side is set to PAgP desirable. Thus the EtherChannel link will not be established.
25. Refer to the exhibit. A network administrator is configuring an
EtherChannel link between two switches, SW1 and SW2. However, the
EtherChannel link fails to establish. What change in configuration would
correct the problem?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 25

 Configure SW2 EtherChannel mode to desirable.
 Configure SW2 EtherChannel mode to on.
 Configure SW1 EtherChannel mode to on.
 Configure SW2 EtherChannel mode to auto.
Explanation: The EtherChannel mode must be compatible on each side for the link to work. The
three modes from PAgP protocol are on, desirable, and auto. The three modes from LACP protocol
are on, active, and passive. The compatible modes include on-on, auto-desirable, desirable-
desirable, active-passive, and active-active. Any other combinations will not form an EtherChannel
link.
26. A network administrator configured an EtherChannel link with three
interfaces between two switches. What is the result if one of the three
interfaces is down?
 The remaining two interfaces continue to load balance traffic.
 The remaining two interfaces become separate links between the two switches.
 One interface becomes an active link for data traffic and the other becomes a backup
link.
 The EtherChannel fails.
Explanation: EtherChannel creates an aggregation that is seen as one logical link. It provides
redundancy because the overall link is one logical connection. The loss of one physical link within
the channel does not create a change in the topology; the EtherChannel remains functional.
27. A network administrator is configuring an EtherChannel link between
switches SW1 and SW2 by using the command SW1(config-if-range)#
channel-group 1 mode auto . Which command must be used on SW2 to enable
this EtherChannel?
 SW2(config-if-range)# channel-group 1 mode passive
 SW2(config-if-range)# channel-group 1 mode desirable
 SW2(config-if-range)# channel-group 1 mode on
 SW2(config-if-range)# channel-group 1 mode active
Explanation: The possible combinations to establish an EtherChannel between SW1 and SW2
using LACP or PAgP are as follows:
PAgP
on on
auto desirable
desirable desirable
LACP
on on
active active
passive active
The EtherChannel mode chosen on each side of the EtherChannel must be compatible in order to
enable it.
28. Which technology is an open protocol standard that allows switches to
automatically bundle physical ports into a single logical link?
 PAgP
 LACP
 Multilink PPP
 DTP
Explanation: LACP, or Link Aggregation Control Protocol, is defined by IEEE 802.3ad and is an
open standard protocol. LACP allows switches to automatically bundle switch ports into a single
logical link to increase bandwidth. PAgP, or Port Aggregation Protocol, performs a similar function,
but it is a Cisco proprietary protocol. DTP is Dynamic Trunking Protocol and is used to automatically
and dynamically build trunks between switches. Multilink PPP is used to load-balance PPP traffic
across multiple serial interfaces.
29. What is a requirement to configure a trunking EtherChannel between two
switches?
 The allowed range of VLANs must be the same on both switches.
 The participating interfaces must be assigned the same VLAN number on both switches.
 The participating interfaces must be physically contiguous on a switch.
 The participating interfaces must be on the same module on a switch.
Explanation: To enable a trunking EtherChannel successfully, the range of VLANs allowed on all
the interfaces must match; otherwise, the EtherChannel cannot be formed. The interfaces involved
in an EtherChannel do not have to be physically contiguous, or on the same module. Because the
EtherChannel is a trunking one, participating interfaces are configured as trunk mode, not access
mode.
30. What are two advantages of using LACP? (Choose two.)
 It allows directly connected switches to negotiate an EtherChannel
link.
 It eliminates the need for configuring trunk interfaces when deploying VLANs on multiple
switches.
  It decreases the amount of configuration that is needed on a switch.
 It provides a simulated environment for testing link aggregation.
 It allows the use of multivendor devices.
 LACP allows Fast Ethernet and Gigabit Ethernet interfaces to be mixed within a single
EtherChannel.
Explanation: The Link Aggregation Control Protocol (LACP) allows directly connected
multivendor switches to negotiate an EtherChannel link. LACP helps create the EtherChannel link
by detecting the configuration of each side and making sure that they are compatible so that the
EtherChannel link can be enabled when needed.
31. A switch is configured to run STP. What term describes a non-root port
that is permitted to forward traffic on the network?
 root port
 designated port
 alternate port
 disabled
32. What are two advantages of EtherChannel? (Choose two.)
 Spanning Tree Protocol views the physical links in an EtherChannel
as one logical connection.
 Load balancing occurs between links configured as different EtherChannels.
 Configuring the EtherChannel interface provides consistency in the
configuration of the physical links.
 Spanning Tree Protocol ensures redundancy by transitioning failed interfaces in an
EtherChannel to a forwarding state.
 EtherChannel uses upgraded physical links to provide increased bandwidth.
Explanation: EtherChannel configuration of one logical interface ensures configuration
consistency across the physical links in the EtherChannel. The EtherChannel provides increased
bandwidth using existing switch ports without requiring any upgrades to the physical interfaces.
Load balancing methods are implemented between links that are part of the same Etherchannel.
Because EtherChannel views the bundled physical links as one logical connection, spanning tree
recalculation is not required if one of the bundled physical links fail. If a physical interface fails, STP
cannot transition the failed interface into a forwarding state.
33. Refer to the exhibit. What are the possible port roles for ports A, B, C,
and D in this RSTP-enabled network?

Modules 5 – 6: Redundant Networks Exam 33

 alternate, designated, root, root
 designated, alternate, root, root
 alternate, root, designated, root
 designated, root, alternate, root
Explanation: Because S1 is the root bridge, B is a designated port, and C and D root ports.
RSTP supports a new port type, alternate port in discarding state, that can be port A in this
scenario.
34. Refer to the exhibit. Which switching technology would allow each access
layer switch link to be aggregated to provide more bandwidth between each
Layer 2 switch and the Layer 3 switch?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 02

 trunking
 HSRP
 PortFast
 EtherChannel
Explanation: PortFast is used to reduce the amount of time that a port spends going through the
spanning-tree algorithm, so that devices can start sending data sooner. Trunking can be
implemented in conjunction with EtherChannel, but trunking alone does not aggregate switch links.
HSRP is used to load-balance traffic across two different connections to Layer 3 devices for default
gateway redundancy. HSRP does not aggregate links at either Layer 2 or Layer 3 as EtherChannel
does.
35. Refer to the exhibit. An administrator wants to form an EtherChannel
between the two switches by using the Port Aggregation Protocol. If switch
S1 is configured to be in auto mode, which mode should be configured on S2
to form the EtherChannel?

CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 06

 auto
 on
 off
 desirable
Explanation: An EtherChannel will be formed via PAgP when both switches are in on mode or
when one of them is in auto or desirable mode and the other is in desirable mode.
36. Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.
Which set of configuration commands issued on SW1 will successfully
complete the EtherChannel link between SW1 and SW2?
 CCNA-2-v7-Modules 5 – 6 Redundant Networks Exam 36
 interface GigabitEthernet0/1
no shutdown
 interface Port-channel 1
no shutdown
 interface GigabitEthernet0/2
channel-group 2 mode desirable
 interface GigabitEthernet0/1
channel-group 1 mode desirable
Explanation: Issuing the show running-configuration command on SW1 shows that interface
GigabitEthernet0/1 is missing the channel-group 1 mode desirable command which will compete the
EtherChannel configuration for interface GigabitEthernet0/1 and interface GigabitEthernet0/2.
37. A set of switches is being connected in a LAN topology. Which STP bridge
priority value will make it least likely for the switch to be selected as the
root?
 65535
 4096
 32768
 61440
Explanation: The STP bridge priority is a two byte number, but it can only be customized in
increments of 4096. The smaller number is preferred, but the largest usable priority value is 61440.
38. In which two PVST+ port states are MAC addresses learned? (Choose
two.)
 learning
 forwarding
 disabled
 listening
 blocking
Explanation: The two PVST+ port states during which MAC addresses are learned and populate
the MAC address table are the learning and the forwarding states.
39. Which port role is assigned to the switch port that has the lowest cost to
reach the root bridge?
 designated port
 disabled port
 root port
 non-designated port
Explanation: The root port on a switch is the port with the lowest cost to reach the root bridge.
40. A switch is configured to run STP. What term describes the switch port
closest, in terms of overall cost, to the root bridge?
 root port
 designated port
 alternate port
 disabled
42. A switch is configured to run STP. What term describes a field used to
specify a VLAN ID?
 extended system ID
 port ID
 bridge priority
 bridge ID
43. A switch is configured to run STP. What term describes the reference
point for all path calculations?
 root bridge
 root port
 designated port
 alternate port
44. A switch is configured to run STP. What term describes a field that has a
default value of 32,768 and is the initial deciding factor when electing a root
bridge?
 bridge priority
 MAC Address
 extended system ID
 bridge ID
45. Which statement describes an EtherChannel implementation?
 EtherChannel operates only at Layer 2.
 PAgP cannot be used in conjunction with EtherChannel.
 A trunked port can be part of an EtherChannel bundle.
 EtherChannel can support up to a maximum of ten separate links.
Explanation: Up to 16 links can be grouped in an EtherChannel by using the the PAgP or LACP
protocol. EtherChannel can be configured as a Layer 2 bundle or a Layer 3 bundle. Configuring a
Layer 3 bundle is beyond the scope of this course. If a trunked port is a part of the EtherChannel
bundle, all ports in the bundle need to be trunk ports and the native VLAN must be the same on all
of these ports. A best practice is to apply the configuration to the port channel interface. The
configuration is then automatically applied to the individual ports.
46. Refer to the exhibit. A network administrator issued the show
etherchannel summary command on the switch S1. What conclusion can be
drawn?

CCNA2 v7 SRWE – Modules 5 – 6 Redundant Networks Exam Answers

 The EtherChannel is suspended.
 The EtherChannel is not functional.
 The port aggregation protocol PAgP is misconfigured.
 FastEthernet ports Fa0/1, Fa0/2, and Fa0/3 do not join the EtherChannel.
Explanation: The EtherChannel status shows as (SD), which means it is a Layer 2 EtherChannel
with a status of D or down. Because the EtherChannel is down, the status of the interfaces in the
channel group is stand-alone. PAgP is configured on S1, but there is no indication whether it is
configured correctly on S1. The problem might also be the adjacent switch EtherChannel
configuration.
47. Which statement describes a characteristic of EtherChannel?
 It can combine up to a maximum of 4 physical links.
 It can bundle mixed types of 100 Mb/s and 1Gb/s Ethernet links.
 It consists of multiple parallel links between a switch and a router.
 It is made by combining multiple physical links that are seen as one
link between two switches.
Explanation: An EtherChannel is formed by combining multiple (same type) Ethernet physical
links so they are seen and configured as one logical link. It provides an aggregated link between
two switches. Currently each EtherChannel can consist of up to eight compatibly configured
Ethernet ports.
48. Which two channel group modes would place an interface in a negotiating
state using PAgP? (Choose two.)
 on
 desirable
 active
 auto
 passive
Explanation: There are three modes available when configuring an interface for PAgP: on,
desirable, and auto. Only desirable and auto place the interface in a negotiating state. The active
and passive states are used to configure LACP and not PAgP.
49. Which mode configuration setting would allow formation of an
EtherChannel link between switches SW1 and SW2 without sending
negotiation traffic?
SW1: on
SW2: on
SW1: desirable
SW2: desirable
SW1: auto
SW2: auto
trunking enabled on both switches
SW1: auto
SW2: auto
PortFast enabled on both switches
SW1: passive
SW2: active
Explanation: The auto channel-group keyword enables PAgP only if a PAgP device is detected
on the opposite side of the link. If the auto keyword is used, the only way to form an EtherChannel
link is if the opposite connected device is configured with the desirable keyword. PortFast and
trunking technologies are irrelevant to forming an EtherChannel link. Even though an EtherChannel
can be formed if both sides are configured in desirable mode, PAgP is active and PAgP messages
are being sent constantly across the link, decreasing the amount of bandwidth available for user
traffic.
50. Refer to the exhibit. An EtherChannel was configured between switches
S1 and S2, but the interfaces do not form an EtherChannel. What is the
problem?
 CCNA2 v7 SRWE – Modules 5 – 6 Redundant Networks Exam Answers 50
 The interface port-channel number has to be different on each switch.
 The switch ports were not configured with speed and duplex mode.
 The switch ports have to be configured as access ports with each port having a VLAN
assigned.
 The EtherChannel was not configured with the same allowed range of
VLANs on each interface.
51. When EtherChannel is configured, which mode will force an interface into
a port channel without exchanging aggregation protocol packets?
 active
 auto
 on
 desirable
Explanation: For both LACP and PAgP, the “on” mode will force an interface into an
EtherChannel without exchanging protocol packets.
52. What are two load-balancing methods in the EtherChannel technology?
(Choose two.)
 combination of source port and IP to destination port and IP
 source IP to destination IP
 source port to destination port
 combination of source MAC and IP to destination MAC and IP
 source MAC to destination MAC
Explanation: Depending on the hardware platform, one or more load-balancing methods can be
implemented. These methods include source MAC to destination MAC load balancing or source IP
to destination IP load balancing, across the physical links.
53. Which protocol provides up to 16 instances of RSTP, combines many
VLANs with the same physical and logical topology into a common RSTP
instance, and provides support for PortFast, BPDU guard, BPDU filter, root
guard, and loop guard?
 STP
 Rapid PVST+
 PVST+
 MST
Explanation: MST is the Cisco implementation of MSTP, an IEEE standard protocol that
provides up to 16 instances of RSTP and combines many VLANs with the same physical and logical
topology into a common RSTP instance. Each instance supports PortFast, BPDU guard, BPDU
filter, root guard, and loop guard. STP and RSTP assume only one spanning-tree instance for the
entire bridged network, regardless of the number of VLANs. PVST+ provides a separate 802.1D
spanning-tree instance for each VLAN that is configured in the network.
54. What is the outcome of a Layer 2 broadcast storm?
 Routers will take over the forwarding of frames as switches become congested.
 New traffic is discarded by the switch because it is unable to be
processed.
 CSMA/CD will cause each host to continue transmitting frames.
 ARP broadcast requests are returned to the transmitting host.
Explanation: When the network is saturated with broadcast traffic that is looping between
switches, new traffic is discarded by each switch because it is unable to be processed.
55. Which two network design features require Spanning Tree Protocol (STP)
to ensure correct network operation? (Choose two.)
 static default routes
 implementing VLANs to contain broadcasts
 redundant links between Layer 2 switches
 link-state dynamic routing that provides redundant routes
 removing single points of failure with multiple Layer 2 switches
Explanation: Spanning Tree Protocol (STP) is required to ensure correct network operation
when designing a network with multiple interconnected Layer 2 switches or using redundant links to
eliminate single points of failure between Layer 2 switches. Routing is a Layer 3 function and does
not relate to STP. VLANs do reduce the number of broadcast domains but relate to Layer 3
subnets, not STP.
56. A network administrator has configured an EtherChannel between two
switches that are connected via four trunk links. If the physical interface for
one of the trunk links changes to a down state, what happens to the
EtherChannel?
 Spanning Tree Protocol will transition the failed physical interface into forwarding mode.
 Spanning Tree Protocol will recalculate the remaining trunk links.
 The EtherChannel will transition to a down state.
 The EtherChannel will remain functional.

Switching, Routing, and Wireless Essentials (Version 7.00) – Available and

Reliable Networks Exam
1. A DHCP-enabled client PC has just booted. During which two steps will the
client PC use broadcast messages when communicating with a DHCP server?
(Choose two.)
 DHCPDISCOVER
 DHCPACK
 DHCPOFFER
 DHCPREQUEST
 DHCPNAK
Explanation: All DHCP messages between a DHCP-enabled client and a DHCP server are
using broadcast messages until after the DHCPACK message. The DHCPDISCOVER and
DHCPREQUEST messages are the only messages that are sent by a DHCP-enabled client. All
DHCP messages between a DHCP-enabled client and a DHCP server use broadcast messages
when the client is obtaining a lease for the first time.
2. An administrator issues the commands:

Router(config)# interface g0/1

Router(config-if)# ip address dhcp

What is the administrator trying to achieve?

 configuring the router to act as a DHCPv4 server
 configuring the router to obtain IP parameters from a DHCPv4 server
 configuring the router to act as a relay agent
 configuring the router to resolve IP address conflicts
3. When a client is requesting an initial address lease from a DHCP server,
why is the DHCPREQUEST message sent as a broadcast?
 The client does not yet know the IP address of the DHCP server that sent the offer.
 The DHCP server may be on a different subnet, so the request must be sent as a
broadcast.
 The client does not have a MAC address assigned yet, so it cannot send a unicast
message at Layer 2.
 The client may have received offers from multiple servers, and the
broadcast serves to implicitly decline those other offers.
Explanation: During the initial DHCP exchange between a client and server, the client
broadcasts a DHCPDISCOVER message looking for DHCP servers. Multiple servers may be
configured to respond to this request with DHCPOFFER messages. The client will choose the lease
from one of the servers by sending a DHCPREQUEST message. It sends this message as a
broadcast so that the other DHCP servers that sent offers will know that their offers were declined
and the corresponding address can go back into the pool.
4. Which DHCP IPv4 message contains the following information?
Destination address: 255.255.255.255
Client IPv4 address: 0.0.0.0
Default gateway address: 0.0.0.0
Subnet mask: 0.0.0.0
 DHCPACK
 DHCPDISCOVER
 DHCPOFFER
 DHCPREQUEST
5. Place the options in the following order:
 a client initiating a message to find a DHCP server – DHCPDISCOVER
 a DHCP server responding to the initial request by a client – DHCPOFFER
 the client accepting the IP address provided by the DHCP server – DHCPREQUEST
 the DHCP server confirming that the lease has been accepted – DHCPACK
6. Which protocol automates assignment of IP addresses on a network, and
which port number does it use? (Choose two.)
 DHCP
 DNS
 SMB
 53
 67
 80
Explanation: DNS uses port 53 and translates URLs to IP addresses. SMB provides shared
access to files and printers and uses port 445. Port 80 is used by HTTP. HTTP is a protocol used to
communicate between a web browser and a server.
7. Refer to the exhibit. PC1 is configured to obtain a dynamic IP address from
the DHCP server. PC1 has been shut down for two weeks. When PC1 boots
and tries to request an available IP address, which destination IP address will
PC1 place in the IP header?

 192.168.1.1
 192.168.1.255
 255.255.255.255
 192.168.1.8
Explanation: When a host boots and has been configured for dynamic IP addressing, the device
tries to obtain a valid IP address. It sends a DHCPDISCOVER message. This is a broadcast
message because the DHCP server address is unknown (by design). The destination IP address in
the IP header is 255.255.255.255 and the destination MAC address is FF:FF:FF:FF:FF:FF.
8. Which message does an IPv4 host use to reply when it receives a
DHCPOFFER message from a DHCP server?
 DHCPOFFER
 DHCPDISCOVER
 DHCPREQUEST
 DHCPACK
Explanation: When the client receives the DHCPOFFER from the server, it sends back a
DHCPREQUEST broadcast message. On receiving the DHCPREQUEST message, the server
replies with a unicast DHCPACK message.
9. Which command, when issued in the interface configuration mode of a
router, enables the interface to acquire an IPv4 address automatically from
an ISP, when that link to the ISP is enabled?
 service dhcp
 ip address dhcp
 ip helper-address
 ip dhcp pool
Explanation: The ip address dhcp interface configuration command configures an Ethernet
interface as a DHCP client. The service dhcp global configuration command enables the
DHCPv4 server process on the router. The ip helper-address command is issued to enable
DHCP relay on the router. The ip dhcp pool command creates the name of a pool of addresses
that the server can assign to hosts.
10. Which kind of message is sent by a DHCP client when its IP address lease
has expired?
 a DHCPDISCOVER unicast message
 a DHCPREQUEST broadcast message
 a DHCPREQUEST unicast message
 a DHCPDISCOVER broadcast message
Explanation: When the IP address lease time of the DHCP client expires, it sends a
DHCPREQUEST unicast message directly to the DHCPv4 server that originally offered the IPv4
address.
11. A host PC is attempting to lease an address through DHCP. What message
is sent by the server to let the client know it is able to use the provided IP
information?
 DHCPDISCOVER
 DHCPOFFER
 DHCPREQUEST
 DHCPACK
 DHCPNACK
Explanation: When a host uses DHCP to automatically configure an IP address, the typically
sends two messages: the DHCPDISCOVER message and the DHCPREQUEST message. These
two messages are usually sent as broadcasts to ensure that all DHCP servers receive them. The
servers respond to these messages using DHCPOFFER, DHCPACK, and DHCPNACK messages,
depending on the circumstance.
12. What is one indication that a Windows computer did not receive an IPv4
address from a DHCP server?
 The computer cannot ping 127.0.0.1.
 The computer receives an IP address that starts with 169.254.
 Windows displays a DHCP timeout message.
 The computer cannot ping other devices on the same network with IP addresses in the
169.254.0.0/16 range.
Explanation: When a Windows PC cannot communicate with an IPv4 DHCP server, the
computer automatically assigns an IP address in the 169.254.0.0/16 range. Any other device on the
same network that receives an address in the same range is reachable.
13. Which DHCPv4 message will a client send to accept an IPv4 address that
is offered by a DHCP server?
 broadcast DHCPACK
 broadcast DHCPREQUEST
 unicast DHCPACK
 unicast DHCPREQUEST
Explanation: When a DHCP client receives DHCPOFFER messages, it will send a broadcast
DHCPREQUEST message for two purposes. First, it indicates to the offering DHCP server that it
would like to accept the offer and bind the IP address. Second, it notifies any other responding
DHCP servers that their offers are declined.
14. A small coffee shop is offering free Wi-Fi to customers. The network
includes a wireless router and a DSL modem that is connected to the local
phone company. What method is typically used to configure the connection to
the phone company?
  Set the WAN connection in the wireless router as a DHCP client.
 Set the connection between the wireless router and the DSL modem as a private IP
network.
 Set the DSL modem as a DHCP client to get a public IP address from the wireless router.
 Set the DSL modem as a DHCP client to the phone company and a DHCP server for the
internal connection.
Explanation: In a SOHO environment, a wireless router connects to an ISP via a DSL or cable
modem. The IP address between the wireless router and ISP site is typically assigned by the ISP
through DHCP. The DSL modem does not manage IP address allocation.
15. A company uses DHCP to manage IP address deployment for employee
workstations. The IT department deploys multiple DHCP servers in the data
center and uses DHCP relay agents to facilitate the DHCP requests from
workstations. Which two UDP ports are used to forward DHCP traffic? (Choose
two.)
 23
 53
 67
 68
 80
Explanation: The DHCP protocol operates with 2 UDP ports. UDP port 67 is the destination port
for DHCP servers, and DHCP clients use UDP port 68.
16. A client device on an Ethernet segment needs an IP address in order to
communicate on the network. A DHCP server with IP address 192.168.1.1 has
been configured and enabled on the network. How will a client device obtain
a usable IP address for this network?
 Send a DHCPACK packet to the default gateway address.
 Use a statically configured IP address from the pool of IP addresses that is offered by the
DHCP server.
 Send a DHCPDISCOVER message to physical address FF-FF-FF-FF-FF-
FF.
 Send a DHCPREQUEST packet to IP address 255.255.255.255.
Explanation: Like IP addressing, there is also a special MAC address for broadcast purposes:
FF-FF-FF-FF-FF-FF. When a DHCP client needs to send a DHCP Discover message in order to
seek DHCP servers, the client will use this MAC address as the destination MAC address in the
Ethernet frame. It does this because it has no knowledge of the IP and MAC addresses of DHCP
servers.
17. What is an advantage of configuring a Cisco router as a relay agent?
 It can provide relay services for multiple UDP services.
 It reduces the response time from a DHCP server.
 It can forward both broadcast and multicast messages on behalf of clients.
 It will allow DHCPDISCOVER messages to pass without alteration.
Explanation: By default, the ip helper-address command forwards the following eight UDP
services:
Port 37: Time
Port 49: TACACS
Port 53: DNS
Port 67: DHCP/BOOTP client
Port 68: DHCP/BOOTP server
Port 69: TFTP
Port 137: NetBIOS name service
Port 138: NetBIOS datagram service
18. Which statement is true about DHCP operation?
 When a device that is configured to use DHCP boots, the client
broadcasts a DHCPDISCOVER message to identify any available DHCP
servers on the network.
 A client must wait for lease expiration before it sends another DHCPREQUEST message.
 If the client receives several DHCPOFFER messages from different servers, it sends a
unicast DHCPREQUEST message to the server from which it chooses to obtain the IP
information.
 The DHCPDISCOVER message contains the IP address and subnet mask to be
assigned, the IP address of the DNS server, and the IP address of the default gateway.
Explanation: The client broadcasts a DHCPDISCOVER message to identify any available DHCP
servers on the network. A DHCP server replies with a DHCPOFFER message. This message offers
to the client a lease that contains such information as the IP address and subnet mask to be
assigned, the IP address of the DNS server, and the IP address of the default gateway. After the
client receives the lease, the received information must be renewed through another
DHCPREQUEST message prior to the lease expiration.
19. Order the DHCP message types as they would occur between a DHCP
client and a DHCP server.

Explanation: The DHCPDISCOVER message is used to identify any DHCP servers on a

network.
The DHCPOFFER message is used by a server to offer a lease to a client. The DHCPREQUEST
message is used to identify both the specific DHCP server and the lease that the client is accepting.
The DHCPACK message is used by a server to finalize a successful lease with a client.
The DHCPNAK message is used when an offered lease is no longer valid.
20. A network administrator configures a router to send RA messages with M
flag as 0 and O flag as 1. Which statement describes the effect of this
configuration when a PC tries to configure its IPv6 address?
 It should contact a DHCPv6 server for the prefix, the prefix-length information, and an
interface ID that is both random and unique.
 It should use the information that is contained in the RA message
and contact a DHCPv6 server for additional information.
 It should use the information that is contained in the RA message exclusively.
 It should contact a DHCPv6 server for all the information that it needs.
Explanation: ICMPv6 RA messages contain two flags to indicate whether a workstation should
use SLAAC, a DHCPv6 server, or a combination to configure its IPv6 address. These two flags are
M flag and O flag. When both flags are 0 (by default), a client must only use the information in the
RA message. When M flag is 0 and O flag is 1, a client should use the information in the RA
message and look for the other configuration parameters (such as DNS server addresses) on
DHCPv6 servers.
21. Refer to the exhibit. What should be done to allow PC-A to receive an IPv6
address from the DHCPv6 server?

 Add the ipv6 dhcp relay command to interface Fa0/0.

 Change the ipv6 nd managed-config-flag command to ipv6 nd other-config-flag.
 Configure the ipv6 nd managed-config-flag command on interface Fa0/1.
 Add the IPv6 address 2001:DB8:1234:5678::10/64 to the interface configuration of the
DHCPv6 server.
Explanation: Client DHCPv6 messages are sent to a multicast address with link-local scope,
which means that the messages will not be forwarded by routers. Because the client and server are
on different subnets on different interfaces, the message will not reach the server. The router can be
configured to relay the DHCPv6 messages from the client to the server by configuring the ipv6 dhcp
relay command on the interface that is connected to the client.
22. Refer to the exhibit. A network administrator is implementing the
stateless DHCPv6 operation for the company. Clients are configuring IPv6
addresses as expected. However, the clients are not getting the DNS server
address and the domain name information configured in the DHCP pool. What
could be the cause of the problem?

 The DNS server address is not on the same network as the clients are on.
 The router is configured for SLAAC operation.
 The GigabitEthernet interface is not activated.
 The clients cannot communicate with the DHCPv6 server, evidenced by the number of
active clients being 0.
Explanation: The router is configured for SLAAC operation because there is no configuration
command to change the RA M and O flag value. By default, both M and O flags are set to 0. In
order to permint stateless DHCPv6 operation, the interface command ipv6 nd other-config-
flag should be issued. The GigabitEthernet interface is in working condition because clients can
get RA messages and configure their IPv6 addresses as expected. Also, the fact that R1 is the
DHCPv6 server and clients are getting RA messages indicates that clients can communicate with
the DHCP server. The number of active clients is 0 because the DHCPv6 server does not maintain
the state of clients IPv6 addresses (it is not configured for stateful DHCPv6 operation). The DNS
server address issue is not relevant to the problem.
23. Question as presented:
A stateless DHCPv6 client would send a DHCPv6 INFORMATION-REQUEST message as step 3 in
the process.
24. A company uses the SLAAC method to configure IPv6 addresses for the
employee workstations. Which address will a client use as its default
gateway?
 the global unicast address of the router interface that is attached to the network
 the unique local address of the router interface that is attached to the network
 the all-routers multicast address
 the link-local address of the router interface that is attached to the
network
Explanation: When a PC is configured to use the SLAAC method for configuring IPv6
addresses, it will use the prefix and prefix-length information that is contained in the RA message,
combined with a 64-bit interface ID (obtained by using the EUI-64 process or by using a random
number that is generated by the client operating system), to form an IPv6 address. It uses the link-
local address of the router interface that is attached to the LAN segment as its IPv6 default gateway
address.
25. Refer to the exhibit. A network administrator is configuring a router for
DHCPv6 operation. Which conclusion can be drawn based on the commands?
  The router is configured for stateful DHCPv6 operation, but the DHCP pool configuration
is incomplete.
 The DHCPv6 server name is ACAD_CLASS.
 Clients would configure the interface IDs above 0010.
 The router is configured for stateless DHCPv6 operation.
Explanation: The DHCPv6 is for the stateless DHCPv6 operation that is indicated by changing
the O flag to 1 and leaving the M flag as default, which is 0. Therefore, it is not configured for
stateful DHCPv6 operation. Although the DNS server has the interface ID 0010, clients in stateless
DHCPv6 operation will configure their interface IDs either by EUI-64 or a random number. The
ACAD_CLASS is the name of the DHCP pool, not the DHCP server name.
26. A network administrator is analyzing the features that are supported by
different first-hop router redundancy protocols. Which statement describes a
feature that is associated with HSRP?
 HSRP uses active and standby routers.
 HSRP is nonproprietary.
 It allows load balancing between a group of redundant routers.
 It uses ICMP messages in order to assign the default gateway to hosts.
Explanation: The HSRP first-hop router redundancy protocol is Cisco proprietary and supports
standby and active devices. VRRPv2 and VRRPv3 are nonproprietary. GLBP is Cisco proprietary
and supports load balancing between a group of redundant routers.
27. Refer to the exhibit. What protocol can be configured on gateway routers
R1 and R2 that will allow traffic from the internal LAN to be load balanced
across the two gateways to the Internet?

 GLBP
 PVST+
 PVST
 STP
Explanation: GLBP, or Group Load Balancing Protocol, allows multiple routers to act as a single
default gateway for hosts. GLBP load balances the traffic across the individual routers on a per host
basis.
28. Refer to the exhibit. A network engineer is troubleshooting host
connectivity on a LAN that uses a first hop redundancy protocol. Which IPv4
gateway address should be configured on the host?
  192.168.2.0
 192.168.2.1
 192.168.2.2
 192.168.2.100
Explanation: The host default gateway address should be the FHRP (in this case GLBP) virtual
IP address.
29. Refer to the exhibit. Which destination MAC address is used when frames
are sent from the workstation to the default gateway?

 MAC address of the virtual router

 MAC address of the standby router
 MAC addresses of both the forwarding and standby routers
 MAC address of the forwarding router
Explanation: The IP address of the virtual router acts as the default gateway for all the
workstations. Therefore, the MAC address that is returned by the Address Resolution Protocol to
the workstation will be the MAC address of the virtual router.
30. Question as presented:
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow for
transparent failover of a first-hop IPv4 device.
31. Which FHRP implementation is a Cisco-proprietary protocol that
suppports IPv4 load sharing?
 IRDP
 GLBP
 VRRPv3
  GLBP for IPv6
32. The address pool of a DHCP server is configured with 10.92.71.0/25. The
network administrator reserves 8 IP addresses for servers. How many IP
addresses are left in the pool to be assigned to other hosts?
 122
 118
 119
 108
 116
Explanation: Calculate the maximum number of hosts available for the slash value and subtract
the required static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts
33. Question as presented:
The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the
DHCPv4 server receives a DHCPDISCOVER message, it reserves an available IPv4 address to
lease to the client and sends the unicast DHCPOFFER message to the requesting client. When the
client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST. On receiving
the DHCPREQUEST message the server replies with a unicast DHCPACK message. DHCPREPLY
and DHCPINFORMATION-REQUEST are DHCPv6 messages.
34. After a host has generated an IPv6 address by using the DHCPv6 or
SLAAC process, how does the host verify that the address is unique and
therefore usable?
 The host sends an ICMPv6 echo request message to the DHCPv6 or SLAAC-learned
address and if no reply is returned, the address is considered unique.
 The host sends an ICMPv6 neighbor solicitation message to the DHCP
or SLAAC-learned address and if no neighbor advertisement is
returned, the address is considered unique.
 The host checks the local neighbor cache for the learned address and if the address is
not cached, it it considered unique.
 The host sends an ARP broadcast to the local link and if no hosts send a reply, the
address is considered unique.
Explanation: Before a host can actually configure and use an IPv6 address learned through
SLAAC or DHCP, the host must verify that no other host is already using that address. To verify that
the address is indeed unique, the host sends an ICMPv6 neighbor solicitation to the address. If no
neighbor advertisement is returned, the host considers the address to be unique and configures it
on the interface.
35. Which statement describes HSRP?
 It is used within a group of routers for selecting an active device and
a standby device to provide gateway services to a LAN.
 It uses ICMP to allow IPv4 hosts to locate routers that provide IPv4 connectivity to remote
IP networks.
 If the virtual router master fails, one router is elected as the virtual router master with the
other routers acting as backups.
 It is an open standard protocol.
Explanation: It is VRRP that elects one router as the virtual router master, with the other routers
acting as backups in case the virtual router master fails. HSRP is a Cisco-proprietary protocol. IRDP
uses ICMP messages to allow IPv4 hosts to locate routers that provide IPv4 connectivity to other
(nonlocal) IP networks. HSRP selects active and standby routers to provide gateway services to
hosts on a LAN.
36.Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.
What is the keyword that is displayed on www.netacad.com?
 DHCP
 switch
 Router
 networking
 Cisco
 IPv6
Explanation: In order for the host to receive the address of the DNS server, the host must use
stateless DHCPv6. The router is configured with the correct DHCPv6 pool, but is missing the
command ipv6 nd other-config-flag that signals to the host that it should use DHCPv6 to get
additional address information. This command should be added to the interface Gigabit0/0
configuration on the router.
37. Match each DHCP message type with its description. (Not all options are
used.)

Explanation: Place the options in the following order:

 a client initiating a message to find a DHCP server – DHCPDISCOVER
 a DHCP server responding to the initial request by a client – DHCPOFFER
 the client accepting the IP address provided by the DHCP server – DHCPREQUEST
 the DHCP server confirming that the lease has been accepted – DHCPACK
38. Match the purpose with its DHCP message type. (Not all options are
used.)

Explanation: The DHCPDISCOVER message is used to identify any DHCP servers on a

network. The DHCPOFFER message is used by a server to offer a lease to a client. The
DHCPREQUEST message is used to identify both the specific DHCP server and the lease that the
client is accepting.
The DHCPACK message is used by a server to finalize a successful lease with a client.
The DHCPNAK message is used when an offered lease is no longer valid.
39. Match the DHCP message types to the order of the stateful DHCPv6
process when a client first connects to an IPv6 network. (Not all options are
used.)

40. Match the step number to the sequence of stages that occur during the
HSRP failover process. (Not all options are used.)

Explanation: Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is

designed to allow for transparent failover of a first-hop IPv4 device.
41. Match the FHRP protocols to the appropriate description. (Not all options
are used.)

42. Match the DHCP message types to the order of the DHCPv4 process. (Not
all options are used.)

Explanation: The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network.
When the DHCPv4 server receives a DHCPDISCOVER message, it reserves an available IPv4
address to lease to the client and sends the unicast DHCPOFFER message to the requesting client.
When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST. On
receiving the DHCPREQUEST message the server replies with a unicast DHCPACK message.
DHCPREPLY and DHCPINFORMATION-REQUEST are DHCPv6 messages.
43. The address pool of a DHCP server is configured with 192.168.234.0/27.
The network administrator reserves 22 IP addresses for IP phones. How many
IP addresses are left in the pool to be assigned to other hosts?
 10
 0
 8
 21
 18
Explanation: Calculate the maximum number of hosts available for the slash value and subtract
the required static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts
44. A company uses DHCP servers to dynamically assign IPv4 addresses to
employee workstations. The address lease duration is set as 5 days. An
employee returns to the office after an absence of one week. When the
employee boots the workstation, it sends a message to obtain an IP address.
Which Layer 2 and Layer 3 destination addresses will the message contain?
 both MAC and IPv4 addresses of the DHCP server
 FF-FF-FF-FF-FF-FF and IPv4 address of the DHCP server
 FF-FF-FF-FF-FF-FF and 255.255.255.255
 MAC address of the DHCP server and 255.255.255.255
Explanation:When the lease of a dynamically assigned IPv4 address has expired, a workstation
will send a DHCPDISCOVER message to start the process of obtaining a valid IP address. Because
the workstation does not know the addresses of DHCP servers, it sends the message via
broadcast, with destination addresses of FF-FF-FF-FF-FF-FF and 255.255.255.255.
45. Which command will allow a network administrator to check the IP
address that is assigned to a particular MAC address?
 Router# show running-config I section_dhcp
 Router# show ip dhcp server statistics
 Router# show ip dhcp binding
 Router# show ip dhcp pool
Explanation: The show ip dhcp binding command will show the leases, including IP addresses,
MAC addresses, lease expiration, type of lease, client ID, and user name.
46. What is the reason that an ISP commonly assigns a DHCP address to a
wireless router in a SOHO environment?
 better network performance
 better connectivity
 easy IP address management
 easy configuration on ISP firewall
Explanation:In a SOHO environment, a wireless router connects to the ISP via a DSL or cable
modem. The IP address between the wireless router and ISP site is typically assigned by the ISP
through DHCP. This method facilitates the IP addressing management in that IP addresses for
clients are dynamically assigned so that if a client is dropped, the assigned IP address can be easily
reassigned to another client.
47. What information can be verified through the show ip dhcp binding
command?
 the IPv4 addresses that are assigned to hosts by the DHCP server
 that DHCPv4 discover messages are still being received by the DHCP server
 the IPv4 addresses that have been excluded from the DHCPv4 pool
 the number of IP addresses remaining in the DHCP pool
Explanation:The show ip dhcp binding command shows a list of IPv4 addresses and the MAC
addresses of the hosts to which they are assigned. Using this information an administrator can
determine which host interfaces have been assigned to specific hosts.
48. What is the result of a network technician issuing the command ip dhcp
excluded-address 10.0.15.1 10.0.15.15 on a Cisco router?
 The Cisco router will exclude only the 10.0.15.1 and 10.0.15.15 IP addresses from being
leased to DHCP clients.
 The Cisco router will exclude 15 IP addresses from being leased to
DHCP clients.
 The Cisco router will automatically create a DHCP pool using a /28 mask.
 The Cisco router will allow only the specified IP addresses to be leased to clients.
Explanation: The ip dhcp excluded-address command is followed by the first and the last
addresses to be excluded from being leased to DHCP clients.
49. Match the descriptions to the corresponding DHCPv6 server type. (Not all
options are used.)

50. Refer to the exhibit. Based on the output that is shown, what kind of IPv6
addressing is being configured?

CCNA 2 v7 Modules 7 – 9: Available and Reliable Networks Exam Answers

 stateless DHCPv6
 SLAAC
  static link-local
 stateful DHCPv6
Explanation: Stateful DHCPv6 pools are configured with address prefixes for hosts via
the address command, whereas stateless DHCPv6 pools typically only contain information such as
DNS server addresses and the domain name. RA messages that are sent from routers that are
configured as stateful DHCPv6 servers have the M flag set to 1 with the command ipv6 nd managed-
config-flag, whereas stateless DHCPv6 servers are indicated by setting the O flag to 1 with
the ipv6 nd other-config-flag command.
51. Which FHRP implementation is a Cisco-proprietary protocol that
suppports IPv6 load balancing?
 GLBP
 GLBP for IPv6
 VRRPv3
 VRRPv2
52. Which set of commands will configure a router as a DHCP server that will
assign IPv4 addresses to the 192.168.100.0/23 LAN while reserving the first
10 and the last addresses for static assignment?
ip dhcp excluded-address 192.168.100.1 192.168.100.9
ip dhcp excluded-address 192.168.101.254
ip dhcp pool LAN-POOL-100
ip network 192.168.100.0 255.255.254.0
ip default-gateway 192.168.100.1
dhcp pool LAN-POOL-100
ip dhcp excluded-address 192.168.100.1 192.168.100.9
ip dhcp excluded-address 192.168.100.254
network 192.168.100.0 255.255.254.0
default-router 192.168.101.1
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.100.254
ip dhcp pool LAN-POOL-100
network 192.168.100.0 255.255.255.0
ip default-gateway 192.168.100.1
ip dhcp excluded-address 192.168.100.1 192.168.100.10
ip dhcp excluded-address 192.168.101.254
ip dhcp pool LAN-POOL-100
network 192.168.100.0 255.255.254.0
default-router 192.168.100.1
Explanation: The /23 prefix is equivalent to a network mask of 255.255.254.0. The network
usable IPv4 address range is 192.168.100.1 to 192.168.101.254 inclusive. The commands dhcp
pool, ip default-gateway, and ip network are not valid DHCP configuration commands.
53. What is a result when the DHCP servers are not operational in a network?
 Workstations are assigned with the IP address 127.0.0.1.
 Workstations are assigned with IP addresses in the 10.0.0.0/8 network.
 Workstations are assigned with IP addresses in the 169.254.0.0/16
network.
 Workstations are assigned with the IP address 0.0.0.0.
Explanation: When workstations are configured with obtaining IP address automatically but
DHCP servers are not available to respond to the requests, a workstation can assign itself an IP
addresses from the 169.254.0.0/16 network.
54. A company uses the method SLAAC to configure IPv6 addresses for the
workstations of the employees. A network administrator configured the IPv6
address on the LAN interface of the router. The interface status is UP.
However, the workstations on the LAN segment did not obtain the correct
prefix and prefix length. What else should be configured on the router that is
attached to the LAN segment for the workstations to obtain the information?
R1(config)# ipv6 dhcp pool
R1(config-if)# ipv6 enable
R1(config)# ipv6 unicast-routing
R1(config-if)# ipv6 nd other-config-flag
Explanation: A PC that is configured to use the SLAAC method obtains the IPv6 prefix and
prefix length from a router. When the PC boots, it sends an RS message to inform the routers that it
needs the information. A router sends an RA message that includes the required information. For a
router to be able to send RA messages, it must be enabled as an IPv6 router by the unicast ipv6-
routing command in global configuration mode. The other options are not used to enable IPv6
routing on a router.
55. Which FHRP implementation is a nonproprietary protocol which relies on
ICMP to provide IPv4 redundancy?
 VRRPv3
 GLBP for IPv6
 IRDP
 GLBP
56. Refer to the exhibit. PC-A is unable to receive an IPv6 address from the
stateful DHCPv6 server. What is the problem?

 The ipv6 dhcp relay command should be applied to interface Gig0/0.

 The ipv6 nd managed-config-flag should be applied to interface Gig0/1.
 The ipv6 dhcp relay command should use the link-local address of the DHCP server.
 The ipv6 nd managed-config-flag command should be ipv6 nd other-config-flag .
Explanation: The ipv6 dhcp relay command must be applied to the interface where the
clients are located. The ipv6 dhcp relay command can use either the link-local or global unicast
address of the DHCPv6 server, or even a multicast address. The ipv6 nd managed-config-
flag indicates to the clients that they should use stateful DHCPv6 and is also applied to the
interface where the clients are located.
57. Refer to the exhibit. A network administrator is configuring a router as a
DHCPv6 server. The administrator issues a show ipv6 dhcp pool command to
verify the configuration. Which statement explains the reason that the
number of active clients is 0?

 The default gateway address is not provided in the pool.

 No clients have communicated with the DHCPv6 server yet.
 The IPv6 DHCP pool configuration has no IPv6 address range specified.
  The state is not maintained by the DHCPv6 server under stateless
DHCPv6 operation.
Explain:
Under the stateless DHCPv6 configuration, indicated by the command ipv6 nd other-config-flag, the
DHCPv6 server does not maintain the state information, because client IPv6 addresses are not
managed by the DHCP server. Because the clients will configure their IPv6 addresses by combining
the prefix/prefix-length and a self-generated interface ID, the ipv6 dhcp pool configuration does not
need to specify the valid IPv6 address range. And because clients will use the link-local address of
the router interface as the default gateway address, the default gateway address is not necessary.
58. Which FHRP implementation is Cisco-proprietary and permits only one
router in a group to forward IPv6 packets?
 VRRPv3
 HSRP
 HSRP for IPv6
 VRRPv2
59. Which FHRP implementation is a nonproprietary IPv4-only election
protocol which has one master router per group?
 HSRP for IPv6
 GLBP
 VRRPv2
 VRRPv3
60. The address pool of a DHCP server is configured with 172.18.93.0/25. The
network administrator reserves 10 IP addresses for web servers. How many
IP addresses are left in the pool to be assigned to other hosts?
 106
 117
 114
 120
 116
Explain:
Calculate the maximum number of hosts available for the slash value and subtract the required
static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts
61. The address pool of a DHCP server is configured with 10.3.2.0/24. The
network administrator reserves 3 IP addresses for printers. How many IP
addresses are left in the pool to be assigned to other hosts?
 252
 241
 255
 249
 251
Explain: CIDR Subnet Calculator Online
62. The address pool of a DHCP server is configured with 172.23.143.0/26.
The network administrator reserves 14 IP addresses for file servers. How
many IP addresses are left in the pool to be assigned to other hosts?
 58
 48
 50
 61
 40
63. The address pool of a DHCP server is configured with 10.7.30.0/24. The
network administrator reserves 5 IP addresses for printers. How many IP
addresses are left in the pool to be assigned to other hosts?
 253
 239
 249
 250
  247
Explain: Calculate the maximum number of hosts available for the slash value and subtract the
required static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts
64. Which FHRP implementation is a nonproprietary IPv4-only election
protocol with limited scalability?
 VRRPv2
 GLBP
 GLBP for IPv6
 IRDP
65. The address pool of a DHCP server is configured with 192.168.184.0/26.
The network administrator reserves 18 IP addresses for access points. How
many IP addresses are left in the pool to be assigned to other hosts?
 57
 44
 54
 36
 46
66. The address pool of a DHCP server is configured with 10.19.44.0/24. The
network administrator reserves 3 IP addresses for servers. How many IP
addresses are left in the pool to be assigned to other hosts?
 255
 252
 241
 251
 249
67. The address pool of a DHCP server is configured with 10.19.44.0/24. The
network administrator reserves 6 IP addresses for servers. How many IP
addresses are left in the pool to be assigned to other hosts?
 246
 252
 249
 248
 238
68. The address pool of a DHCP server is configured with 172.21.121.0/25.
The network administrator reserves 12 IP addresses for web servers. How
many IP addresses are left in the pool to be assigned to other hosts?
 115
 114
 118
 104
 112
Explanation: Calculate the maximum number of hosts available for the slash value and subtract
the required static IP addresses required for the devices.
/24 = 254 hosts
/25 = 126 hosts
/26 = 62 hosts
/27 = 30 hosts
/28 = 14 hosts

Switching, Routing, and Wireless Essentials ( Version 7.00) – L2 Security and

WLANs Exam
1. Which Layer 2 attack will result in legitimate users not getting valid IP
addresses?
 ARP spoofing
 DHCP starvation
  IP address spoofing
 MAC address flooding
Explanation: The DHCP starvation attack causes the exhaustion of the IP address pool of a
DHCP server before legitimate users can obtain valid IP addresses.
2. What mitigation plan is best for thwarting a DoS attack that is creating a
MAC address table overflow?
 Disable DTP.
 Disable STP.
 Enable port security.
 Place unused ports in an unused VLAN.
Explanation: A MAC address (CAM) table overflow attack, buffer overflow, and MAC address
spoofing can all be mitigated by configuring port security. A network administrator would typically
not want to disable STP because it prevents Layer 2 loops. DTP is disabled to prevent VLAN
hopping. Placing unused ports in an unused VLAN prevents unauthorized wired connectivity.
3. Which three Cisco products focus on endpoint security solutions? (Choose
three.)
 IPS Sensor Appliance
 Web Security Appliance
 Email Security Appliance
 SSL/IPsec VPN Appliance
 Adaptive Security Appliance
 NAC Appliance
Explanation: The primary components of endpoint security solutions are Cisco Email and Web
Security appliances, and Cisco NAC appliance. ASA, SSL/IPsec VPN, and IPS sensor appliances
all provide security solutions that focus on the enterprise network, not on endpoint devices.
4. True or False?
In the 802.1X standard, the client attempting to access the network is
referred to as the supplicant.
 true
 false
5. Which authentication method stores usernames and passwords in the
router and is ideal for small networks?
 server-based AAA over TACACS+
 local AAA over RADIUS
 server-based AAA
 local AAA over TACACS+
 local AAA
 server-based AAA over RADIUS
Explanation: In a small network with a few network devices, AAA authentication can be
implemented with the local database and with usernames and passwords stored on the network
devices. Authentication using the TACACS+ or RADIUS protocol will require dedicated ACS servers
although this authentication solution scales well in a large network.
6. What represents a best practice concerning discovery protocols such as
CDP and LLDP on network devices?
 Enable CDP on edge devices, and enable LLDP on interior devices.
 Use the open standard LLDP rather than CDP.
 Use the default router settings for CDP and LLDP.
 Disable both protocols on all interfaces where they are not required.
Explanation: Both discovery protocols can provide hackers with sensitive network information.
They should not be enabled on edge devices, and should be disabled globally or on a per-interface
basis if not required. CDP is enabled by default.
7. Which protocol should be used to mitigate the vulnerability of using Telnet
to remotely manage network devices?
 SNMP
 TFTP
 SSH
 SCP
Explanation: Telnet uses plain text to communicate in a network. The username and password
can be captured if the data transmission is intercepted. SSH encrypts data communications
between two network devices. TFTP and SCP are used for file transfer over the network. SNMP is
used in network management solutions.
8. Which statement describes the behavior of a switch when the MAC address
table is full?
 It treats frames as unknown unicast and floods all incoming frames to all ports on the
switch.
 It treats frames as unknown unicast and floods all incoming frames to all ports across
multiple switches.
 It treats frames as unknown unicast and floods all incoming frames to
all ports within the local VLAN.
 It treats frames as unknown unicast and floods all incoming frames to all ports within the
collision domain.
Explanation: When the MAC address table is full, the switch treats the frame as an unknown
unicast and begins to flood all incoming traffic to all ports only within the local VLAN.
9. What device is considered a supplicant during the 802.1X authentication
process?
 the router that is serving as the default gateway
 the authentication server that is performing client authentication
 the client that is requesting authentication
 the switch that is controlling network access
Explanation: The devices involved in the 802.1X authentication process are as follows:
 The supplicant, which is the client that is requesting network access
 The authenticator, which is the switch that the client is connecting to and that is actually
controlling physical network access
 The authentication server, which performs the actual authentication
10. Refer to the exhibit. Port Fa0/2 has already been configured
appropriately. The IP phone and PC work properly. Which switch
configuration would be most appropriate for port Fa0/2 if the network
administrator has the following goals?

No one is allowed to disconnect the IP phone or the PC and connect some other wired device.
If a different device is connected, port Fa0/2 is shut down.
The switch should automatically detect the MAC address of the IP phone and the PC and add those
addresses to the running configuration.
 SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security mac-address sticky
 SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security violation restrict
 SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security maximum 2
 SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
Explanation: The default mode for a port security violation is to shut down the port so
the switchport port-security violation command is not necessary. The switchport
port-security command must be entered with no additional options to enable port security for the
port. Then, additional port security options can be added.
11. Refer to the exhibit. Port security has been configured on the Fa 0/12
interface of switch S1. What action will occur when PC1 is attached to switch
S1 with the applied configuration?
  Frames from PC1 will be forwarded since the switchport port-security violation command
is missing.
 Frames from PC1 will be forwarded to its destination, and a log entry will be created.
 Frames from PC1 will be forwarded to its destination, but a log entry will not be created.
 Frames from PC1 will cause the interface to shut down immediately,
and a log entry will be made.
 Frames from PC1 will be dropped, and there will be no log of the violation.
 Frames from PC1 will be dropped, and a log message will be created.
Explanation: Manual configuration of the single allowed MAC address has been entered for port
fa0/12. PC1 has a different MAC address and when attached will cause the port to shut down (the
default action), a log message to be automatically created, and the violation counter to increment.
The default action of shutdown is recommended because the restrict option might fail if an attack is
underway.
12. Which type of VLAN-hopping attack may be prevented by designating an
unused VLAN as the native VLAN?
 DHCP spoofing
 DHCP starvation
 VLAN double-tagging
 DTP spoofing
Explanation: Spoofing DTP messages forces a switch into trunking mode as part of a VLAN-
hopping attack, but VLAN double tagging works even if trunk ports are disabled. Changing the
native VLAN from the default to an unused VLAN reduces the possibility of this type of attack.
DHCP spoofing and DHCP starvation exploit vulnerabilities in the DHCP message exchange.
13. A network administrator is configuring DAI on a switch with the command
ip arp inspection validate src-mac. What is the purpose of this configuration
command?
 It checks the source MAC address in the Ethernet header against the user-configured
ARP ACLs.
 It checks the source MAC address in the Ethernet header against the MAC address table.
 It checks the source MAC address in the Ethernet header against the
sender MAC address in the ARP body.
 It checks the source MAC address in the Ethernet header against the target MAC
address in the ARP body.
Explanation: DAI can be configured to check for both destination or source MAC and IP
addresses:
 Destination MAC – Checks the destination MAC address in the Ethernet header
against the target MAC address in the ARP body.
 Source MAC – Checks the source MAC address in the Ethernet header against the
sender MAC address in the ARP body.
 IP address – Checks the ARP body for invalid and unexpected IP addresses including
addresses 0.0.0.0, 255.255.255.255, and all IP multicast addresses.
14. Which two commands can be used to enable BPDU guard on a switch?
(Choose two.)
 S1(config)# spanning-tree bpduguard default
 S1(config-if)# spanning-tree portfast bpduguard
 S1(config)# spanning-tree portfast bpduguard default
 S1(config-if)# enable spanning-tree bpduguard
 S1(config-if)# spanning-tree bpduguard enable
Explanation: BPDU guard can be enabled on all PortFast-enabled ports by using
the spanning-tree portfast bpduguard default global configuration command.
Alternatively, BPDU guard can be enabled on a PortFast-enabled port through the use of
the spanning-tree bpduguard enable interface configuration command.
15. As part of the new security policy, all switches on the network are
configured to automatically learn MAC addresses for each port. All running
configurations are saved at the start and close of every business day. A
severe thunderstorm causes an extended power outage several hours after
the close of business. When the switches are brought back online, the
dynamically learned MAC addresses are retained. Which port security
configuration enabled this?
 auto secure MAC addresses
 dynamic secure MAC addresses
 static secure MAC addresses
 sticky secure MAC addresses
Explanation: With sticky secure MAC addressing, the MAC addresses can be either dynamically
learned or manually configured and then stored in the address table and added to the running
configuration file. In contrast, dynamic secure MAC addressing provides for dynamically learned
MAC addressing that is stored only in the address table.
16. Which type of management frame may regularly be broadcast by an AP?
 authentication
 probe request
 probe response
 beacon
Explanation: Beacons are the only management frame that may regularly be broadcast by an
AP. Probing, authentication, and association frames are used only during the association (or
reassociation) process.
17. What are the two methods that are used by a wireless NIC to discover an
AP? (Choose two.)
 delivering a broadcast frame
 receiving a broadcast beacon frame
 initiating a three-way handshake
 sending an ARP request
 transmitting a probe request
Explanation: Two methods can be used by a wireless device to discover and register with an
access point: passive mode and active mode. In passive mode, the AP sends a broadcast beacon
frame that contains the SSID and other wireless settings. In active mode, the wireless device must
be manually configured for the SSID, and then the device broadcasts a probe request.
18. A technician is configuring the channel on a wireless router to either 1, 6,
or 11. What is the purpose of adjusting the channel?
 to enable different 802.11 standards
 to avoid interference from nearby wireless devices
 to disable broadcasting of the SSID
 to provide stronger security modes
Explanation: Channels 1, 6, and 11 are selected because they are 5 channels apart. thus
minimizing the interference with adjacent channels. A channel frequency can interfere with channels
on either side of the main frequency. All wireless devices need to be used on nonadjacent
channels.
19. While attending a conference, participants are using laptops for network
connectivity. When a guest speaker attempts to connect to the network, the
laptop fails to display any available wireless networks. The access point must
be operating in which mode?
 mixed
 passive
 active
 open
Explanation: Active is a mode used to configure an access point so that clients must know the
SSID to connect to the access point. APs and wireless routers can operate in a mixed mode
meaning that that multiple wireless standards are supported. Open is an authentication mode for an
access point that has no impact on the listing of available wireless networks for a client. When an
access point is configured in passive mode, the SSID is broadcast so that the name of wireless
network will appear in the listing of available networks for clients.
20. A network administrator is required to upgrade wireless access to end
users in a building. To provide data rates up to 1.3 Gb/s and still be backward
compatible with older devices, which wireless standard should be
implemented?
 802.11n
 802.11ac
 802.11g
 802.11b
Explanation: 802.11ac provides data rates up to 1.3 Gb/s and is still backward compatible with
802.11a/b/g/n devices. 802.11g and 802.11n are older standards that cannot reach speeds over
1Gb/s. 802.11ad is a newer standard that can offer theoretical speeds of up to 7 Gb/s.
21. A technician is about to install and configure a wireless network at a
small branch office. What is the first security measure the technician should
apply immediately upon powering up the wireless router?
 Enable MAC address filtering on the wireless router.
 Configure encryption on the wireless router and the connected wireless devices.
 Change the default user-name and password of the wireless router.
 Disable the wireless network SSID broadcast.
Explanation: The first action a technician should do to secure a new wireless network is to
change the default user-name and password of the wireless router. The next action would usually
be to configure encryption. Then once the initial group of wireless hosts have connected to the
network, MAC address filtering would be enabled and SSID broadcast disabled. This will prevent
new unauthorized hosts from finding and connecting to the wireless network.
22. On a Cisco 3504 WLC dashboard, which option provides access to the full
menu of features?
 Access Points
 Network Summary
 Advanced
 Rogues
Explanation: The Cisco 3504 WLC dashboard displays when a user logs into the WLC. It
provides some basic settings and menus that users can quickly access to implement a variety of
common configurations. By clicking the Advanced button, the user will access the
advanced Summary page and access all the features of the WLC.
23. Which step is required before creating a new WLAN on a Cisco 3500 series
WLC?
 Create a new SSID.
 Build or have an SNMP server available.
 Build or have a RADIUS server available.
 Create a new VLAN interface.
Explanation: Each new WLAN configured on a Cisco 3500 series WLC needs its own VLAN
interface. Thus it is required that a new VLAN interface to be created first before a new WLAN can
be created.
24. A network engineer is troubleshooting a newly deployed wireless network
that is using the latest 802.11 standards. When users access high bandwidth
services such as streaming video, the wireless network performance is poor.
To improve performance the network engineer decides to configure a 5 Ghz
frequency band SSID and train users to use that SSID for streaming media
services. Why might this solution improve the wireless network performance
for that type of service?
 Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and
will result in fewer users accessing these services.
 The 5 GHz band has more channels and is less crowded than the 2.4
GHz band, which makes it more suited to streaming multimedia.
 The 5 GHz band has a greater range and is therefore likely to be interference-free.
 The only users that can switch to the 5 GHz band will be those with the latest wireless
NICs, which will reduce usage.
Explanation: Wireless range is determined by the access point antenna and output power, not
the frequency band that is used. In this scenario it is stated that all users have wireless NICs that
comply with the latest standard, and so all can access the 5 GHz band. Although some users may
find it inconvenient to switch to the 5 Ghz band to access streaming services, it is the greater
number of channels, not just fewer users, that will improve network performance.
25. A network administrator is configuring a RADIUS server connection on a
Cisco 3500 series WLC. The configuration requires a shared secret password.
What is the purpose for the shared secret password?
 It is used by the RADIUS server to authenticate WLAN users.
 It is used to authenticate and encrypt user data on the WLAN.
 It is used to encrypt the messages between the WLC and the RADIUS
server.
 It allows users to authenticate and access the WLAN.
Explanation: The RADIUS protocol uses security features to protect communications between
the RADIUS server and clients. A shared secret is the password used between the WLC and the
RADIUS server. It is not for end users.
26. Which three parameters would need to be changed if best practices are
being implemented for a home wireless AP? (Choose three.)
 wireless client operating system password
 antenna frequency
 wireless network password
 wireless beacon time
 AP password
 SSID
Explanation: As soon as an AP is taken out of a box, the default device password, SSID, and
security parameters (wireless network password) should be set. The frequency of a wireless
antenna can be adjusted, but doing so is not required. The beacon time is not normally configured.
The wireless client operating system password is not affected by the configuration of a home
wireless network.
27. Which access control component, implementation, or protocol is based
upon usernames and passwords?
 802.1X
 accounting
 authentication
 authorization
28. Which type of wireless network is based on the 802.11 standard and a
2.4-GHz or 5-GHz radio frequency?
 wireless metropolitan-area network
 wireless wide-area network
 wireless local-area network
 wireless personal-area network
29. Which two Cisco solutions help prevent DHCP starvation attacks? (Choose
two.)
 DHCP Snooping
 IP Source Guard
 Dynamic ARP Inspection
 Port Security
 Web Security Appliance
Explanation: Cisco provides solutions to help mitigate Layer 2 attacks including these:
 IP Source Guard (IPSG) – prevents MAC and IP address spoofing attacks
 Dynamic ARP Inspection (DAI) – prevents ARP spoofing and ARP poisoning
attacks
 DHCP Snooping – prevents DHCP starvation and SHCP spoofing attacks
 Port Security – prevents many types of attacks including MAC table overflow attacks
and DHCP starvation attacks
Web Security Appliance (WSA) is a mitigation technology for web-based threats.
30. What are three techniques for mitigating VLAN attacks? (Choose three.)
 Enable trunking manually.
 Disable DTP.
 Enable Source Guard.
 Set the native VLAN to an unused VLAN.
 Use private VLANs.
 Enable BPDU guard.
Explanation: Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol
(DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to
VLANs not in use.
31. Refer to the exhibit. What can be determined about port security from
the information that is shown?

 The port has the maximum number of MAC addresses that is supported by a Layer 2
switch port which is configured for port security.
 The port has been shut down.
 The port violation mode is the default for any port that has port
security enabled.
 The port has two attached devices.
Explanation: The Port Security line simply shows a state of Enabled if the switchport
port-security command (with no options) has been entered for a particular switch port. If a port
security violation had occurred, a different error message appears such as Secure-shutdown. The
maximum number of MAC addresses supported is 50. The Maximum MAC Addresses line is
used to show how many MAC addresses can be learned (2 in this case). The Sticky MAC
Addresses line shows that only one device has been attached and learned automatically by the
switch. This configuration could be used when a port is shared by two cubicle-sharing personnel
who bring in separate laptops.
32. A network administrator of a college is configuring the WLAN user
authentication process. Wireless users are required to enter username and
password credentials that will be verified by a server. Which server would
provide such service?
 AAA
 NAT
 RADIUS
 SNMP
Explanation: Remote Authentication Dial-In User Service (RADIUS) is a protocol and server
software that provides user-based authentication for an organization. When a WLAN is configured
to use a RADIUS server, users will enter username and password credentials that are verified by
the RADIUS server before allowing to the WLAN.
33. A technician is troubleshooting a slow WLAN that consists of 802.11b and
802.11g devices . A new 802.11n/ac dual-band router has been deployed on
the network to replace the old 802.11g router. What can the technician do to
address the slow wireless speed?
 Split the wireless traffic between the 802.11n 2.4 GHz band and the 5
GHz band.
 Update the firmware on the new router.
 Configure devices to use a different channel.
 Change the SSID.
Explanation: Splitting the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz
band will allow for the 802.11n to use the two bands as two separate wireless networks to help
manage the traffic, thus improving wireless performance.
34. The company handbook states that employees cannot have microwave
ovens in their offices. Instead, all employees must use the microwave ovens
located in the employee cafeteria. What wireless security risk is the company
trying to avoid?
 improperly configured devices
 rogue access points
 accidental interference
 interception of data
Explanation: Denial of service attacks can be the result of improperly configured devices which
can disable the WLAN. Accidental interference from devices such as microwave ovens and cordless
phones can impact both the security and performance of a WLAN. Man-in-the-middle attacks can
allow an attacker to intercept data. Rogue access points can allow unauthorized users to access the
wireless network.
35. What is the function provided by CAPWAP protocol in a corporate wireless
network?
 CAPWAP creates a tunnel on Transmission Control Protocol (TCP) ports in order to allow
a WLC to configure an autonomous access point.
 CAPWAP provides the encapsulation and forwarding of wireless user
traffic between an access point and a wireless LAN controller.
 CAPWAP provides connectivity between an access point using IPv6 addressing and a
wireless client using IPv4 addressing.
 CAPWAP provides the encryption of wireless user traffic between an access point and a
wireless client.
Explanation: CAPWAP is an IEEE standard protocol that enables a WLC to manage multiple
APs and WLANs. CAPWAP is also responsible for the encapsulation and forwarding of WLAN client
traffic between an AP and a WLC.
36. Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.

Modules 10 – 13: L2 Security and WLANs Exam Answers

Which event will take place if there is a port security violation on switch S1
interface Fa0/1?
 A syslog message is logged.
 The interface will go into error-disabled state.
 Packets with unknown source addresses will be dropped.
 A notification is sent.
Explanation: The violation mode can be viewed by issuing the show port-security
interface <int>command. Interface FastEthernet 0/1 is configured with the violation mode of
protect. If there is a violation, interface FastEthernet 0/1 will drop packets with unknown MAC
addresses.
37. Match each functional component of AAA with its description. (Not all
options are used.)

38. What are two protocols that are used by AAA to authenticate users
against a central database of usernames and password? (Choose two.)
 SSH
 HTTPS
 TACACS+
 RADIUS
 CHAP
 NTP
Explanation: By using TACACS+ or RADIUS, AAA can authenticate users from a database of
usernames and passwords stored centrally on a server such as a Cisco ACS server.
39. What is the result of a DHCP starvation attack?
 The attacker provides incorrect DNS and default gateway information to clients.
 The IP addresses assigned to legitimate clients are hijacked.
 Clients receive IP address assignments from a rogue DHCP server.
 Legitimate clients are unable to lease IP addresses.
Explanation: DCHP starvation attacks are launched by an attacker with the intent to create a
DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many
DHCPDISCOVER messages to lease the entire pool of available IP addresses, thus denying them
to legitimate hosts.
40. Which feature or configuration on a switch makes it vulnerable to VLAN
double-tagging attacks?
 the limited size of content-addressable memory space
 the automatic trunking port feature enabled for all ports by default
 the native VLAN of the trunking port being the same as a user VLAN
 mixed duplex mode enabled for all ports by default
Explanation: A double-tagging (or double-encapsulated) VLAN hopping attack takes advantage
of the way that hardware on most switches operates. Most switches perform only one level of
802.1Q de-encapsulation, which allows an attacker to embed a hidden 802.1Q tag inside the frame.
This tag allows the frame to be forwarded to a VLAN that the original 802.1Q tag did not specify. An
important characteristic of the double-encapsulated VLAN hopping attack is that it works even if
trunk ports are disabled, because a host typically sends a frame on a segment that is not a trunk
link. This type of attack is unidirectional and works only when the attacker is connected to a port
residing in the same VLAN as the native VLAN of the trunk port.
41. Which component of AAA allows an administrator to track individuals who
access network resources and any changes that are made to those
resources?
 authentication
 accounting
 accessibility
authorization
Explanation: One of the components in AAA is accounting. After a user is authenticated through
AAA, AAA servers keep a detailed log of exactly what actions the authenticated user takes on the
device.
42. Refer to the exhibit. PC1 and PC2 should be able to obtain IP address
assignments from the DHCP server. How many ports among switches should
be assigned as trusted ports as part of the DHCP snooping configuration?

 1
 3
 5
 7
Explanation: The DHCP snooping configuration includes building the DHCP Snooping Binding
Database and assigning necessary trusted ports on switches. A trusted port points to the legitimate
DHCP servers. In this network design, because the DHCP server is attached to AS3, seven switch
ports should be assigned as trusted ports, one on AS3 toward the DHCP server, one on DS1
toward AS3, one on DS2 toward AS3, and two connections on both AS1 and AS2 (toward DS1 and
DS2), for a total of seven.
43. An IT security specialist enables port security on a switch port of a Cisco
switch. What is the default violation mode in use until the switch port is
configured to use a different violation mode?
 shutdown
 disabled
 restrict
 protect
Explanation: If no violation mode is specified when port security is enabled on a switch port,
then the security violation mode defaults to shutdown.
44. A laptop cannot connect to a wireless access point. Which two
troubleshooting steps should be taken first? (Choose two.)
 Ensure that the correct network media is selected.
 Ensure that the laptop antenna is attached.
 Ensure that the wireless NIC is enabled.
 Ensure that the wireless SSID is chosen.
 Ensure that the NIC is configured for the proper frequency.
Explanation: A wireless laptop normally does not have an antenna attached unless a repair has
recently been implemented. If the wireless NIC is enabled, the correct media, radio, will be used.
When the NIC detects an access point, the correct frequency is automatically used.
45. What is an advantage of SSID cloaking?
 Clients will have to manually identify the SSID to connect to the
network.
 It is the best way to secure a wireless network.
 SSIDs are very difficult to discover because APs do not broadcast them.
  It provides free Internet access in public locations where knowing the SSID is of no
concern.
Explanation: SSID cloaking is a weak security feature that is performed by APs and some
wireless routers by allowing the SSID beacon frame to be disabled. Although clients have to
manually identify the SSID to be connected to the network, the SSID can be easily discovered. The
best way to secure a wireless network is to use authentication and encryption systems. SSID
cloaking does not provide free Internet access in public locations, but an open system
authentication could be used in that situation.
46. What is a wireless security mode that requires a RADIUS server to
authenticate wireless users?
 personal
 shared key
 enterprise
 WEP
Explanation: WPA and WPA2 come in two types: personal and enterprise. Personal is used in
home and small office networks. Shared key allows three different authentication techniques: (1)
WEP, (2) WPA, and (3) 802.11i/WPA2. WEP is an encryption method.
47. A company has recently implemented an 802.11n wireless network. Some
users are complaining that the wireless network is too slow. Which solution is
the best method to enhance the performance of the wireless network?
 Disable DHCP on the access point and assign static addresses to the wireless clients.
 Upgrade the firmware on the wireless access point.
 Split the traffic between the 2.4 GHz and 5 GHz frequency bands.
 Replace the wireless NICs on the computers that are experiencing slow connections.
Explanation: Because some users are complaining about the network being too slow, the correct
option would be to split the traffic so that there are two networks using different frequencies at the
same time. Replacing the wireless NICs will not necessarily correct the network being slow and it
could be expensive for the company. DHCP versus static addressing should have no impact of the
network being slow and it would be a huge task to have all users assigned static addressing for their
wireless connection. Upgrading the firmware on the wireless access point is always a good idea.
However, if some of the users are experiencing a slow network connection, it is likely that this would
not substantially improve network performance.
48. Which protocol can be used to monitor the network?
 DHCP
 SNMP
 RADIUS
 AAA
Explanation: Simple Network Management Protocol (SNMP) is used to monitor the network.
49. A network administrator deploys a wireless router in a small law firm.
Employee laptops join the WLAN and receive IP addresses in the 10.0.10.0/24
network. Which service is used on the wireless router to allow the employee
laptops to access the internet?
 DHCP
 RADIUS
 DNS
 NAT
Explanation: Any address with the 10 in the first octet is a private IPv4 address and cannot be
routed on the internet. The wireless router will use a service called Network Address Translation
(NAT) to convert private IPv4 addresses to internet-routable IPv4 addresses for wireless devices to
gain access to the internet.
50. Which service can be used on a wireless router to prioritize network
traffic among different types of applications so that voice and video data are
prioritized over email and web data?
 QoS
 DNS
 DHCP
 NAT
Explanation: Many wireless routers have an option for configuring quality of service (QoS). By
configuring QoS, certain time-sensitive traffic types, such as voice and video, are prioritized over
traffic that is not as time-sensitive, such as email and web browsing.
51. Which access control component, implementation, or protocol is based on
device roles of supplicant, authenticator, and authentication server?
 accounting
 authentication
 authorization
 802.1X
52. Which type of wireless network is suitable for national and global
communications?
 wireless metropolitan-area network
 wireless local-area network
 wireless personal-area network
 wireless wide-area network
53. Which feature on a switch makes it vulnerable to VLAN hopping attacks?
 the mixed duplex mode enabled for all ports by default
 the limited size of content-addressable memory space
 mixed port bandwidth support enabled for all ports by default
 the automatic trunking port feature enabled for all ports by default
Explanation: A VLAN hopping attack enables traffic from one VLAN to be seen by another VLAN
without routing. In a basic VLAN hopping attack, the attacker takes advantage of the automatic
trunking port feature enabled by default on most switch ports.
54. Which component of AAA is used to determine which resources a user can
access and which operations the user is allowed to perform?
 accounting
 authentication
 auditing
 authorization
Explanation: One of the components in AAA is authorization. After a user is authenticated
through AAA, authorization services determine which resources the user can access and which
operations the user is allowed to perform.
55. Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured
with the switchport port-security mac-address 0023.189d.6456 command and
a workstation has been connected. What could be the reason that the Fa0/2
interface is shutdown?

CCNA 2 v7 Modules 10 – 13: L2 Security and WLANs Exam Answers 55

 The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2
interface.
 The connection between S1 and PC1 is via a crossover cable.
 S1 has been configured with a switchport port-security aging command.
 The MAC address of PC1 that connects to the Fa0/2 interface is not
the configured MAC address.
Explanation: The security violation counter for Fa0/2 has been incremented (evidenced by the 1
in the SecurityViolation column). The most secure addresses allowed on port Fa0/2 is 1 and that
address was manually entered. Therefore, PC1 must have a different MAC address than the one
configured for port Fa0/2. Connections between end devices and the switch, as well as connections
between a router and a switch, are made with a straight-through cable.
56. A network administrator enters the following commands on the switch
SW1.
SW1(config)# interface range fa0/5 - 10

SW1(config-if)# ip dhcp snooping limit rate 6

What is the effect after these commands are entered?

 If any of the FastEthernet ports 5 through 10 receive more than 6 DHCP messages per
second, the port will be shut down.
 FastEthernet ports 5 through 10 can receive up to 6 DHCP messages per second of any
type.
 If any of the FastEthernet ports 5 through 10 receive more than 6 DHCP messages per
second, the port will continue to operate and an error message will be sent to the network
administrator.
 FastEthernet ports 5 through 10 can receive up to 6 DHCP discovery
messages per second.
Explanation: When DHCP snooping is being configured, the number of DHCP discovery
messages that untrusted ports can receive per second should be rate-limited by using the ip dhcp
snooping limit rate interface configuration command. When a port receives more messages than the
rate allows, the extra messages will be dropped.
57. A network administrator is configuring port security on a Cisco switch.
The company security policy specifies that when a violation occurs, packets
with unknown source addresses should be dropped and no notification should
be sent. Which violation mode should be configured on the interfaces?
 off
 restrict
 protect
 shutdown
Explain: On a Cisco switch, an interface can be configured for one of three violation modes,
specifying the action to be taken if a violation occurs:Protect – Packets with unknown source
addresses are dropped until a sufficient number of secure MAC addresses are removed, or the
number of maximum allowable addresses is increased. There is no notification that a security
violation has occurred.
Restrict – Packets with unknown source addresses are dropped until a sufficient number of secure
MAC addresses are removed, or the number of maximum allowable addresses is increased. In this
mode, there is a notification that a security violation has occurred.
Shutdown – The interface immediately becomes error-disabled and the port LED is turned off.
58. A network administrator is working to improve WLAN performance on a
dual-band wireless router. What is a simple way to achieve a split-the-traffic
result?
 Add a Wi-Fi range extender to the WLAN and set the AP and the range extender to serve
different bands.
 Check and keep the firmware of the wireless router updated.
 Make sure that different SSIDs are used for the 2.4 GHz and 5 GHz
bands.
 Require all wireless devices to use the 802.11n standard.
Explanation: By default, dual-band routers and APs use the same network name on both the 2.4
GHz band and the 5 GHz band. The simplest way to segment traffic is to rename one of the
wireless networks.
59. Which access control component, implementation, or protocol controls
what users can do on the network?
 accounting
 802.1X
 authorization
 authentication
60. Which type of wireless network is suitable for providing wireless access
to a city or district?
 wireless wide-area network
 wireless personal-area network
 wireless local-area network
 wireless metropolitan-area network
61. On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab
allows a network administrator to access and configure a WLAN for a specific
security option such as WPA2?
  MANAGEMENT
 WIRELESS
 WLANs
 SECURITY
Explanation: The WLANs tab in the Cisco 3504 WLC advanced Summary page allows a
user to access the configuration of WLANs including security, QoS, and policy-mapping.
62. What type of wireless antenna is best suited for providing coverage in
large open spaces, such as hallways or large conference rooms?
 Yagi
 omnidirectional
 dish
 directional
Explanation: Omnidirectional antennas send the radio signals in a 360 degree pattern around
the antenna. This provides coverage to devices situated anywhere around the access point. Dishes,
directional, and Yagi antennas focus the radio signals in a single direction, making them less
suitable for covering large, open areas.
64. What security benefit is gained from enabling BPDU guard on PortFast
enabled interfaces?
 preventing buffer overflow attacks
 preventing rogue switches from being added to the network
 protecting against Layer 2 loops
 enforcing the placement of root bridges
Explanation: BPDU guard immediately error-disables a port that receives a BPDU. This
prevents rogue switches from being added to the network. BPDU guard should only be applied to all
end-user ports.
65. Which access control component, implementation, or protocol logs EXEC
and configuration commands configured by a user?
 authentication
 authorization
 802.1X
 accounting
66. Which type of wireless network uses transmitters to provide coverage
over an extensive geographic area?
 wireless metropolitan-area network
 wireless local-area network
 wireless personal-area network
 wireless wide-area network
67. Which access control component, implementation, or protocol controls
who is permitted to access a network?
 authorization
 802.1X
 accounting
 authentication
68. What two IEEE 802.11 wireless standards operate only in the 5 GHz
range? (Choose two.)
 802.11g
 802.11ad
 802.11ac
 802.11a
 802.11n
 802.11b
Explanation: The 802.11a and 802.11ac standards operate only in the 5 GHZ range. The
802.11b and 802.11g standards operate only in the 2.4 GHz range. The 802.11n standard operates
in both the 2.4 and 5 GHz ranges. The 802.11ad standard operates in the 2.4, 5, and 60 GHz
ranges.
69. Which type of wireless network uses low powered transmitters for a
short-range network, usually 20 to 30 ft. (6 to 9 meters)?
 wireless metropolitan-area network
 wireless personal-area network
 wireless local-area network
 wireless wide-area network
71. Which wireless network topology would be used by network engineers to
provide a wireless network for an entire college building?
 ad hoc
 hotspot
 infrastructure
 mixed mode
Explanation: Ad hoc mode (also known as independent basic service set or IBSS) is used in a
peer-to-peer wireless network such as when Bluetooth is used. A variation of the ad hoc topology
exists when a smart phone or tablet with cellular data access is enabled to create a personal
wireless hotspot. Mixed mode allows older wireless NICs to attach to an access point that can use a
newer wireless standard.
72. Which type of wireless network uses transmitters to provide wireless
service over a large urban region?
 wireless wide-area network
 wireless personal-area network
 wireless metropolitan-area network
 wireless local-area network.
73. Which type of wireless network is suitable for use in a home or office?
 wireless wide-area network
 wireless personal-area network
 wireless local-area network
 wireless metropolitan-area network
74. Which access control component, implementation, or protocol indicates
success or failure of a client-requested service with a PASS or FAIL message?
 accounting
 authentication
 802.1X
 authorization
75. Which type of wireless network often makes use of devices mounted on
buildings?
 wireless local-area network
 wireless metropolitan-area network
 wireless personal-area network
 wireless wide-area network
76. A network administrator is configuring DAI on a switch with the command
ip arp inspection validate src-mac . What is the purpose of this configuration
command?
 It checks the source MAC address in the Ethernet header against the user-configured
ARP ACLs.
 It checks the source MAC address in the Ethernet header against the MAC address table.
 It checks the source MAC address in the Ethernet header against the
sender MAC address in the ARP body.
 It checks the source MAC address in the Ethernet header against the target MAC
address in the ARP body.
Explanation: DAI can be configured to check for both destination or source MAC and IP
addresses:
Destination MAC – Checks the destination MAC address in the Ethernet header against the
target MAC address in the ARP body.
Source MAC – Checks the source MAC address in the Ethernet header against the sender MAC
address in the ARP body.
IP address – Checks the ARP body for invalid and unexpected IP addresses including addresses
0.0.0.0, 255.255.255.255, and all IP multicast addresses.
77. Which access control component, implementation, or protocol collects
and reports usage data?
 accounting
 authentication
 authorization
 802.1X
78. Which type of wireless network uses transmitters to cover a medium-
sized network, usually up to 300 feet (91.4 meters)?
 Wireless LANs (WLAN)
79. Which access control component, implementation, or protocol audits
what users actions are performed on the network?
 Accounting
 Authorization
 Authentication
 802.1X
Explanation:
The final plank in the AAA framework is accounting, which measures the resources a user
consumes during access. This can include the amount of system time or the amount of data a user
has sent and/or received during a session. Accounting is carried out by logging of session statistics
and usage information and is used for authorization control, billing, trend analysis, resource
utilization, and capacity planning activities.
80. Which type of wireless network commonly uses Bluetooth or ZigBee
devices?
 wireless wide-area network
 wireless personal-area network
 wireless local-area network
 wireless metropolitan-area network
81. Which access control component, implementation, or protocol is
implemented either locally or as a server-based solution?
 authorization
 802.1X
 accounting
 authentication
82. A technician is troubleshooting a slow WLAN and decides to use the split-
the-traffic approach. Which two parameters would have to be configured to
do this? (Choose two.)
 Configure the 5 GHz band for streaming multimedia and time
sensitive traffic.
 Configure the security mode to WPA Personal TKIP/AES for one network and WPA2
Personal AES for the other network
 Configure the 2.4 GHz band for basic internet traffic that is not time
sensitive.
 Configure the security mode to WPA Personal TKIP/AES for both networks.
 Configure a common SSID for both split networks.
83. Which access control component, implementation, or protocol restricts
LAN access through publicly accessible switch ports?
 802.1X
 authorization
 accounting
 authentication
84. A network administrator is required to upgrade wireless access to end
users in a building. To provide data rates up to 1.3Gb/s and still be backward
compatible with older devices, which wireless standard should be
implemented?
 802.11g
 802.11n
 802.11ac
 802.11b
Explanation: 802.11ac provides data rates up to 1.3 Gb/s and is still backward compatible with
802.11a/b/g/n devices. 802.11g and 802.11n are older standards that cannot reach speeds over
1Gb/s. 802.11ad is a newer standard that can offer theoretical speeds of up to 7 Gb/s.

Switching, Routing, and Wireless Essentials ( Version 7.00) – Routing Concepts

and Configuration Exam
1. Which feature on a Cisco router permits the forwarding of traffic for which
there is no specific route?
 next-hop
 gateway of last resort
 route source
  outgoing interface
Explanation: A default static route is used as a gateway of last resort to forward unknown
destination traffic to a next hop/exit interface. The next-hop or exit interface is the destination to
send traffic to on a network after the traffic is matched in a router. The route source is the location a
route was learned from.
2. Which three advantages are provided by static routing? (Choose three.)
 Static routing does not advertise over the network, thus providing
better security.
 Configuration of static routes is error-free.
 Static routes scale well as the network grows.
 Static routing typically uses less network bandwidth and fewer CPU
operations than dynamic routing does.
 The path a static route uses to send data is known.
 No intervention is required to maintain changing route information.
Explanation: Static routes are prone to errors from incorrect configuration by the administrator.
They do not scale well, because the routes must be manually reconfigured to accommodate a
growing network. Intervention is required each time a route change is necessary. They do provide
better security, use less bandwidth, and provide a known path to the destination.
3. What are two functions of dynamic routing protocols? (Choose two.)
 to maintain routing tables
 to assure low router overhead
 to avoid exposing network information
 to discover the network
 to choose the path that is specified by the administrator
Explanation: Dynamic routing protocols exist to discover the network, maintain routing tables,
and calculate the best path. Having low levels of routing overhead, using the path specified by the
administrator, and avoiding the exposure of network information are functions of static routing.
4. What is an advantage of using dynamic routing protocols instead of static
routing?
 easier to implement
 more secure in controlling routing updates
 fewer router resource overhead requirements
 ability to actively search for new routes if the current path becomes
unavailable
Explanation: Dynamic routing has the ability to search and find a new best path if the current
path is no longer available. The other options are actually the advantages of static routing.
5. What happens to a static route entry in a routing table when the outgoing
interface associated with that route goes into the down state?
 The static route is removed from the routing table.
 The router polls neighbors for a replacement route.
 The router automatically redirects the static route to use another interface.
 The static route remains in the table because it was defined as static.
Explanation: When the interface associated with a static route goes down, the router will remove
the route because it is no longer valid.
6. What is a characteristic of a static route that matches all packets?
 It uses a single network address to send multiple static routes to one destination address.
 It identifies the gateway IP address to which the router sends all IP
packets for which it does not have a learned or static route.
 It backs up a route already discovered by a dynamic routing protocol.
 It is configured with a higher administrative distance than the original dynamic routing
protocol has.
Explanation: A default static route is a route that matches all packets. It identifies the gateway IP
address to which the router sends all IP packets for which it does not have a learned or static route.
A default static route is simply a static route with 0.0.0.0/0 as the destination IPv4 address.
Configuring a default static route creates a gateway of last resort.
7. When would it be more beneficial to use a dynamic routing protocol
instead of static routing?
 in an organization where routers suffer from performance issues
 on a stub network that has a single exit point
 in an organization with a smaller network that is not expected to grow in size
 on a network where there is a lot of topology changes
Explanation: Dynamic routing protocols consume more router resources, are suitable for larger
networks, and are more useful on networks that are growing and changing.
8. Which route would be used to forward a packet with a source IP address of
192.168.10.1 and a destination IP address of 10.1.1.1?
 C 192.168.10.0/30 is directly connected, GigabitEthernet0/1
 O 10.1.1.0/24 [110/65] via 192.168.200.2, 00:01:20, Serial0/1/0
 S* 0.0.0.0/0 [1/0] via 172.16.1.1
 S 10.1.0.0/16 is directly connected, GigabitEthernet0/0
Explanation: Even though OSPF has a higher administrative distance value (less trustworthy),
the best match is the route in the routing table that has the most number of far left matching bits.
9. Refer to the exhibit. What is the administrative distance value of the route
for router R1 to reach the destination IPv6 address of 2001:DB8:CAFE:4::A?

 120
 110
 1
 4
Explanation: The RIP route with the source code R is used to forward data to the destination
IPv6 address of 2001:DB8:CAFE:4::A. This route has an AD value of 120.
10. Which value in a routing table represents trustworthiness and is used by
the router to determine which route to install into the routing table when
there are multiple routes toward the same destination?
 administrative distance
 metric
 outgoing interface
 routing protocol
Explanation: The administrative distance represents the trustworthiness of a particular route.
The lower an administrative distance, the more trustworthy the learned route is. When a router
learns multiple routes toward the same destination, the router uses the administrative distance
value to determine which route to place into the routing table. A metric is used by a routing protocol
to compare routes received from the routing protocol. An exit interface is the interface used to send
a packet in the direction of the destination network. A routing protocol is used to exchange routing
updates between two or more adjacent routers.
12. Refer to the graphic. Which command would be used on router A to
configure a static route to direct traffic from LAN A that is destined for LAN
C?

 A(config)# ip route 192.168.3.0 255.255.255.0 192.168.3.1

 A(config)# ip route 192.168.3.2 255.255.255.0 192.168.4.0
 A(config)# ip route 192.168.4.0 255.255.255.0 192.168.5.2
  A(config)# ip route 192.168.5.0 255.255.255.0 192.168.3.2
 A(config)# ip route 192.168.4.0 255.255.255.0 192.168.3.2
Explanation: The destination network on LAN C is 192.168.4.0 and the next-hop address from
the perspective of router A is 192.168.3.2.
13. On which two routers would a default static route be configured? (Choose
two.)
 any router where a backup route to dynamic routing is needed for reliability
 the router that serves as the gateway of last resort
 any router running an IOS prior to 12.0
 stub router connection to the rest of the corporate or campus
network
 edge router connection to the ISP
Explanation: A stub router or an edge router connected to an ISP has only one other router as a
connection. A default static route works in those situations because all traffic will be sent to one
destination. The destination router is the gateway of last resort. The default route is not configured
on the gateway, but on the router sending traffic to the gateway. The router IOS does not matter.
14. Refer to the exhibit. This network has two connections to the ISP, one via
router C and one via router B. The serial link between router A and router C
supports EIGRP and is the primary link to the Internet. If the primary link
fails, the administrator needs a floating static route that avoids recursive
route lookups and any potential next-hop issues caused by the multiaccess
nature of the Ethernet segment with router B. What should the administrator
configure?

 Create a static route pointing to 10.1.1.1 with an AD of 95.

 Create a fully specified static route pointing to Fa0/0 with an AD of 1.
 Create a fully specified static route pointing to Fa0/0 with an AD of
95.
 Create a static route pointing to 10.1.1.1 with an AD of 1.
 Create a static route pointing to Fa0/0 with an AD of 1.
Explanation: A floating static route is a static route with an administrative distance higher than
that of another route already in the routing table. If the route in the table disappears, the floating
static route will be put into the routing table in its place. Internal EIGRP has an AD of 90, so a
floating static route in this scenario would need to have an AD higher than 90. Also, when creating a
static route to a multiaccess interface like a FastEthernet segment a fully specified route should be
used, with both a next-hop IP address and an exit interface. This prevents the router from doing a
recursive lookup, but still ensures the correct next-hop device on the multiaccess segment forwards
the packet.
15. What is a characteristic of a floating static route?
 When it is configured, it creates a gateway of last resort.
 It is used to provide load balancing between static routes.
 It is simply a static route with 0.0.0.0/0 as the destination IPv4 address.
 It is configured with a higher administrative distance than the
original dynamic routing protocol has.
Explanation: Floating static routes are static routes used to provide a backup path to a primary
static or dynamic route, in the event of a link failure. They must be configured with a higher
administrative distance than the original dynamic routing protocol has. A default static route is
simply a static route with 0.0.0.0/0 as the destination IPv4 address. Configuring a default static route
creates a gateway of last resort.
16. What network prefix and prefix-length combination is used to create a
default static route that will match any IPv6 destination?
 FFFF::/128
  ::1/64
 ::/128
 ::/0
Explanation: A default static route configured for IPv6, is a network prefix of all zeros and a
prefix mask of 0 which is expressed as ::/0.
17. Consider the following command:
ip route 192.168.10.0 255.255.255.0 10.10.10.2 5
What does the 5 at the end of the command signify?
 exit interface
 maximum number of hops to the 192.168.10.0/24 network
 metric
 administrative distance
Explanation: The 5 at the end of the command signifies administrative distance. This value is
added to floating static routes or routes that only appear in the routing table when the preferred
route has gone down. The 5 at the end of the command signifies administrative distance configured
for the static route. This value indicates that the floating static route will appear in the routing table
when the preferred route (with an administrative distance less than 5) is down.
18. Refer to the exhibit. The routing table for R2 is as follows:
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, Serial0/0/0
C 10.0.0.4 is directly connected, Serial0/0/1
192.168.10.0/26 is subnetted, 3 subnets
S 192.168.10.0 is directly connected, Serial0/0/0
C 192.168.10.64 is directly connected, FastEthernet0/0
S 192.168.10.128 [1/0] via 10.0.0.6
What will router R2 do with a packet destined for 192.168.10.129?

 send the packet out interface FastEthernet0/0

 send the packet out interface Serial0/0/1
 drop the packet
 send the packet out interface Serial0/0/0
Explanation: When a static route is configured with the next hop address (as in the case of the
192.168.10.128 network), the output of the show ip route command lists the route as “via” a
particular IP address. The router has to look up that IP address to determine which interface to send
the packet out. Because the IP address of 10.0.0.6 is part of network 10.0.0.4, the router sends the
packet out interface Serial0/0/1.
19. An administrator issues the ipv6 route 2001:db8:acad:1::/32
gigabitethernet0/0 2001:db8:acad:6::1 100 command on a router. What
administrative distance is assigned to this route?
 0
 1
 32
 100
Explanation: The command ipv6 route 2001:db8:acad:1::/32 gigabitethernet0/0
2001:db8:acad:6::1 100 will configure a floating static route on a router. The 100 at the end of
the command specifies the administrative distance of 100 to be applied to the route.
20. Refer to the exhibit. Which default static route command would allow R1
to potentially reach all unknown networks on the Internet?

 R1(config)# ipv6 route 2001:db8:32::/64 G0/0

 R1(config)# ipv6 route ::/0 G0/0 fe80::2
 R1(config)# ipv6 route 2001:db8:32::/64 G0/1 fe80::2
 R1(config)# ipv6 route ::/0 G0/1 fe80::2
Explanation: To route packets to unknown IPv6 networks a router will need an IPv6 default
route. The static route ipv6 route ::/0 G0/1 fe80::2 will match all networks and send packets out the
specified exit interface G0/1 toward R2.
21. Refer to the exhibit. The network engineer for the company that is shown
wants to use the primary ISP connection for all external connectivity. The
backup ISP connection is used only if the primary ISP connection fails. Which
set of commands would accomplish this goal?

 ip route 0.0.0.0 0.0.0.0 s0/0/0

ip route 0.0.0.0 0.0.0.0 s0/1/0
 ip route 0.0.0.0 0.0.0.0 s0/0/0
ip route 0.0.0.0 0.0.0.0 s0/1/0 10
 ip route 198.133.219.24 255.255.255.252
ip route 64.100.210.80 255.255.255.252 10
 ip route 198.133.219.24 255.255.255.252
ip route 64.100.210.80 255.255.255.252
Explanation: A static route that has no administrative distance added as part of the command
has a default administrative distance of 1. The backup link should have a number higher than 1.
The correct answer has an administrative distance of 10. The other quad zero route would load
balance packets across both links and both links would appear in the routing table. The remaining
answers are simply static routes (either a default route or a floating static default route).
22. Refer to the exhibit. Which set of commands will configure static routes
that will allow the Park and the Alta routers to a) forward packets to each
LAN and b) direct all other traffic to the Internet?

 Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1

Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
 Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 198.18.222.0 255.255.255.255 s0/0/0
 Park(config)# ip route 172.16.67.0 255.255.255.0 192.168.14.1
Park(config)# ip route 0.0.0.0 0.0.0.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
 Park(config)# ip route 172.16.67.0 255.255.255.0 192.168.14.1
Alta(config)# ip route 10.0.234.0 255.255.255.0 192.168.14.2
Alta(config)# ip route 0.0.0.0 0.0.0.0 s0/0/1
Explanation: The LAN connected to the router Park is a stud network, therefore, a default route
should be used to forward network traffic destined to non-local networks. The router Alta connects
to both the internet and the Park router, it would require two static routes configured, one toward the
internet and the other toward the LAN connected to the router Park.
23. Refer to the exhibit. The small company shown uses static routing. Users
on the R2 LAN have reported a problem with connectivity. What is the issue?
  R1 needs a static route to the R2 LAN.
 R2 needs a static route to the R1 LANs.
 R1 needs a default route to R2.
 R2 needs a static route to the Internet.
 R1 and R2 must use a dynamic routing protocol.
Explanation: R1 has a default route to the Internet. R2 has a default route to R1. R1 is missing a
static route for the 10.0.60.0 network. Any traffic that reached R1 and is destined for 10.0.60.0/24
will be routed to the ISP.
24. Refer to the exhibit. An administrator is attempting to install an IPv6
static route on router R1 to reach the network attached to router R2. After
the static route command is entered, connectivity to the network is still
failing. What error has been made in the static route configuration?

 The next hop address is incorrect.

 The interface is incorrect.
 The destination network is incorrect.
 The network prefix is incorrect.
Explanation: In this example the interface in the static route is incorrect. The interface should be
the exit interface on R1, which is s0/0/0.
25. Refer to the exhibit. How was the host route 2001:DB8:CAFE:4::1/128
installed in the routing table?

 The route was dynamically created by router R1.

 The route was dynamically learned from another router.
 The route was manually entered by an administrator.
 The route was automatically installed when an IP address was configured on an active
interface.
Explanation: A host route is an IPv6 route with a 128-bit mask. A host route can be installed in a
routing table automatically when an IP address is configured on a router interface or manually if a
static route is created.
26. Refer to the exhibit. HostA is attempting to contact ServerB. Which two
statements correctly describe the addressing that HostA will generate in the
process? (Choose two.)

 A packet with the destination IP address of RouterA.

 A frame with the destination MAC address of SwitchA.
 A packet with the destination IP address of ServerB.
 A frame with the destination MAC address of RouterA.
 A frame with the destination MAC address of ServerB.
 A packet with the destination IP address of RouterB.
Explanation: In order to send data to ServerB, HostA will generate a packet that contains the IP
address of the destination device on the remote network and a frame that contains the MAC
address of the default gateway device on the local network.
27. Refer to the exhibit. A ping from R1 to 10.1.1.2 is successful, but a ping
from R1 to any address in the 192.168.2.0 network fails. What is the cause of
this problem?

 There is no gateway of last resort at R1.

 The static route for 192.168.2.0 is incorrectly configured.
 A default route is not configured on R1.
 The serial interface between the two routers is down.
28. Refer to the exhibit. An administrator is attempting to install a default
static route on router R1 to reach the Site B network on router R2. After
entering the static route command, the route is still not showing up in the
routing table of router R1. What is preventing the route from installing in the
routing table?
  The netmask is incorrect.
 The exit interface is missing.
 The next hop address is incorrect.
 The destination network is incorrect.
Explanation: The next hop address is incorrect. From R1 the next hop address should be that of
the serial interface of R2, 209.165.202.130.
29. Refer to the exhibit. The Branch Router has an OSPF neighbor
relationship with the HQ router over the 198.51.0.4/30 network. The
198.51.0.8/30 network link should serve as a backup when the OSPF link goes
down. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/1/1 100
was issued on Branch and now traffic is using the backup link even when the
OSPF link is up and functioning. Which change should be made to the static
route command so that traffic will only use the OSPF link when it is up?

 Add the next hop neighbor address of 198.51.0.8.

 Change the administrative distance to 1.
 Change the destination network to 198.51.0.5.
 Change the administrative distance to 120.
Explanation: The problem with the current floating static route is that the administrative distance
is set too low. The administrative distance will need to be higher than that of OSPF, which is 110, so
that the router will only use the OSPF link when it is up.
30. What characteristic completes the following statement?
When an IPv6 static route is configured, the next-hop address can be ……
 a destination host route with a /128 prefix.
 the “show ipv6 route static” command.
 an IPv6 link-local address on the adjacent router.
 the interface type and interface number.
31. Gateway of last resort is not set.
172.19.115.0/26 is variously subnetted, 7 subnets, 3 masks
O 172.19.115.0/26 [110/10] via 172.19.39.1, 00:00:24, Serial0/0/0
O 172.19.115.64/26 [110/20] via 172.19.39.6, 00:00:56, Serial 0/0/1
O 172.19.115.128/26 [110/10] via 172.19.39.1, 00:00:24, Serial 0/0/0
C 172.19.115.192/27 is directly connected, GigabitEthernet0/0
L 172.19.115.193/27 is directly connected, GigabitEthernet0/0
C 172.19.115.224/27 is directly connected, GigabitEthernet0/1
L 172.19.115.225/27 is directly connected, GigabitEthernet0/1
172.19.39.0/24 is variably subnetted, 4 subnets, 2 masks
C 172.19.39.0/30 is directly connected, Serial0/0/0
L 172.19.39.2/32 is directly connected, Serial0/0/0
C 172.19.39.4/30 is directly connected, Serial0/0/1
L 172.19.39.5/32 is directly connected, Serial0/0/1
S 172.19.40.0/26 [1/0] via 172.19.39.1, 00:00:24, Serial0/0/0
R1#
Refer to the exhibit. Which interface will be the exit interface to forward a
data packet that has the destination IP address 172.19.115.206?
 GigabitEthernet0/1
 None, the packet will be dropped.
 GigabitEthernet0/0
 Serial0/0/1
32. Refer to the exhibit. What routing solution will allow both PC A and PC B
to access the Internet with the minimum amount of router CPU and network
bandwidth utilization?

 Configure a dynamic routing protocol between R1 and Edge and advertise all routes.
 Configure a static route from R1 to Edge and a dynamic route from Edge to R1.
 Configure a static default route from R1 to Edge, a default route from
Edge to the Internet, and a static route from Edge to R1.
 Configure a dynamic route from R1 to Edge and a static route from Edge to R1.
Explanation: Two routes have to be created: a default route in R1 to reach Edge and a static
route in Edge to reach R1 for the return traffic. This is a best solution once PC A and PC B belong
to stub networks. Moreover, static routing consumes less bandwidth than dynamic routing.
33. Refer to the exhibit. What would happen after the IT administrator enters
the new static route?
  The 172.16.1.0 static route would be entered into the running-config but not shown in the
routing table.
 The 172.16.1.0 route learned from RIP would be replaced with the
172.16.1.0 static route.
 The 0.0.0.0 default route would be replaced with the 172.16.1.0 static route.
 The 172.16.1.0 static route is added to the existing routes in the routing table.
Explanation: A route will be installed in a routing table if there is not another routing source with
a lower administrative distance. If a route with a lower administrative distance to the same
destination network as a current route is entered, the route with the lower administrative distance
will replace the route with a higher administrative distance.
34. What two pieces of information are needed in a fully specified static route
to eliminate recursive lookups? (Choose two.)
 the interface ID of the next-hop neighbor
 the interface ID exit interface
 the IP address of the exit interface
 the IP address of the next-hop neighbor
 the administrative distance for the destination network
Explanation: A fully specified static route can be used to avoid recursive routing table lookups by
the router. A fully specified static route contains both the IP address of the next-hop router and the
ID of the exit interface.
35. Refer to the exhibit. Which command will properly configure an IPv6
static route on R2 that will allow traffic from PC2 to reach PC1 without any
recursive lookups by router R2?

 R2(config)# ipv6 route ::/0 2001:db8:32::1

  R2(config)# ipv6 route 2001:db8:10:12::/64 S0/0/0
 R2(config)# ipv6 route 2001:db8:10:12::/64 2001:db8:32::1
 R2(config)# ipv6 route 2001:db8:10:12::/64 S0/0/1
Explanation: A nonrecursive route must have an exit interface specified from which the
destination network can be reached. In this example 2001:db8:10:12::/64 is the destination network
and R2 will use exit interface S0/0/0 to reach that network. Therefore, the static route would be ipv6
route 2001:db8:10:12::/64 S0/0/0.
36. Refer to the exhibit. Which static route would an IT technician enter to
create a backup route to the 172.16.1.0 network that is only used if the
primary RIP learned route fails?

 ip route 172.16.1.0 255.255.255.0 s0/0/0

 ip route 172.16.1.0 255.255.255.0 s0/0/0 121
 ip route 172.16.1.0 255.255.255.0 s0/0/0 111
 ip route 172.16.1.0 255.255.255.0 s0/0/0 91
Explanation: A backup static route is called a floating static route. A floating static route has an
administrative distance greater than the administrative distance of another static route or dynamic
route.
37. Open the PT Activity. Perform the tasks in the activity instructions and
then answer the question.

Modules 14 – 16: Routing Concepts and Configuration Exam

A user reports that PC0 cannot visit the web server www.server.com .
Troubleshoot the network configuration to identify the problem.
What is the cause of the problem?
 The clock rate on one of the serial links is configured incorrectly.
 A serial interface on Branch is configured incorrectly.
  The DNS server address on PC0 is configured incorrectly.
 Routing between HQ and Branch is configured incorrectly.
Explanation: In order to allow communication to remote networks, proper routing, either static or
dynamic, is necessary. Both routers must be configured with a routing method.
38. Match the routing table entry to the corresponding function. (Not all
options are used.)

39. Refer to the exhibit. PC A sends a request to Server B. What IPv4 address
is used in the destination field in the packet as the packet leaves PC A?

 192.168.11.1
 192.168.10.1
 192.168.12.16
 192.168.10.10
Explanation: The destination IP address in packets does not change along the path between the
source and destination.
40. What does R1 use as the MAC address of the destination when
constructing the frame that will go from R1 to Server B?

 If the destination MAC address that corresponds to the IPv4 address

is not in the ARP cache, R1 sends an ARP request.
 R1 uses the destination MAC address of S1.
 The packet is encapsulated into a PPP frame, and R1 adds the PPP destination address
to the frame.
 R1 leaves the field blank and forwards the data to the PC.
Explanation: Communication inside a local network uses Address Resolution Protocol to obtain
a MAC address from a known IPv4 address. A MAC address is needed to construct the frame in
which the packet is encapsulated.
41. What route would have the lowest administrative distance?
 a route received through the OSPF routing protocol
 a directly connected network
 a static route
 a route received through the EIGRP routing protocol
Explanation: The most believable route or the route with the lowest administrative distance is
one that is directly connected to a router.
42. What characteristic completes the following statement?
When an IPv6 static route is configured, as a backup route to a static route in
the routing table, the “distance” command is used with ……
 the “show ipv6 route static” command.
 an administrative distance of 2.
 a destination host route with a /128 prefix.
 the interface type and interface number.
43. A router has used the OSPF protocol to learn a route to the
172.16.32.0/19 network. Which command will implement a backup floating
static route to this network?
 ip route 172.16.0.0 255.255.224.0 S0/0/0 100
 ip route 172.16.0.0 255.255.240.0 S0/0/0 200
 ip route 172.16.32.0 255.255.224.0 S0/0/0 200
 ip route 172.16.32.0 255.255.0.0 S0/0/0 100
Explanation: OSPF has an administrative distance of 110, so the floating static route must have
an administrative distance higher than 110. Because the target network is 172.16.32.0/19, that
static route must use the network 172.16.32.0 and a netmask of 255.255.224.0.
44. Consider the following command:

ip route 192.168.10.0 255.255.255.0 10.10.10.2 5

How would an administrator test this configuration?

 Delete the default gateway route on the router.
 Manually shut down the router interface used as a primary route.
  Ping from the 192.168.10.0 network to the 10.10.10.2 address.
 Ping any valid address on the 192.168.10.0/24 network.
Explanation: A floating static is a backup route that only appears in the routing table when the
interface used with the primary route is down. To test a floating static route, the route must be in the
routing table. Therefore, shutting down the interface used as a primary route would allow the
floating static route to appear in the routing table.
45. Refer to the exhibit. Which type of IPv6 static route is configured in the
exhibit?

 floating static route

 fully specified static route
 recursive static route
 directly attached static route
Explanation: The route provided points to another address that must be looked up in the routing
table. This makes the route a recursive static route.
46. What characteristic completes the following statement?
When an IPv6 static route is configured, it is first necessary to configure ……
 the next-hop address of two different adjacent routers.
 the “ipv6 unicast-routing” command.
 an IPv6 link-local address on the adjacent router.
 an administrative distance of 2.
47. Gateway of last resort is not set.

172.18.109.0/26 is variously subnetted, 7 subnets, 3 masks

O 172.18.109.0/26 [110/10] via 172.18.32.1, 00:00:24, Serial0/0/0

O 172.18.109.64/26 [110/20] via 172.18.32.6, 00:00:56, Serial 0/0/1

O 172.18.109.128/26 [110/10] via 172.18.32.1, 00:00:24, Serial 0/0/0

C 172.18.109.192/27 is directly connected, GigabitEthernet0/0

L 172.18.109.193/27 is directly connected, GigabitEthernet0/0

C 172.18.109.224/27 is directly connected, GigabitEthernet0/1

L 172.18.109.225/27 is directly connected, GigabitEthernet0/1

172.18.32.0/24 is variably subnetted, 4 subnets, 2 masks

C 172.18.32.0/30 is directly connected, Serial0/0/0

L 172.18.32.2/32 is directly connected, Serial0/0/0

C 172.18.32.4/30 is directly connected, Serial0/0/1

L 172.18.32.5/32 is directly connected, Serial0/0/1

S 172.18.33.0/26 [1/0] via 172.18.32.1, 00:00:24, Serial0/0/0

R1#

Refer to the exhibit. Which interface will be the exit interface to forward a
data packet that has the destination IP address 172.18.109.152?
 GigabitEthernet0/0
 GigabitEthernet0/1
 Serial0/0/0
 None, the packet will be dropped.
48. Refer to the exhibit. What will the router do with a packet that has a
destination IP address of 192.168.12.227?

 Drop the packet.

 Send the packet out the GigabitEthernet0/0 interface.
 Send the packet out the Serial0/0/0 interface.
 Send the packet out the GigabitEthernet0/1 interface.
Explanation: After a router determines the destination network by ANDing the destination IP
address with the subnet mask, the router examines the routing table for the resulting destination
network number. When a match is found, the packet is sent to the interface associated with the
network number. When no routing table entry is found for the particular network, the default
gateway or gateway of last resort (if configured or known) is used. If there is no gateway of last
resort, the packet is dropped. In this instance, the 192.168.12.224 network is not found in the
routing table and the router uses the gateway of last resort. The gateway of last resort is the IP
address of 209.165.200.226. The router knows this is an IP address that is associated with the
209.165.200.224 network. The router then proceeds to transmit the packet out the Serial0/0/0
interface, or the interface that is associated with 209.165.200.224.
49. Consider the following command:

ip route 192.168.10.0 255.255.255.0 10.10.10.2 5

Which route would have to go down in order for this static route to appear in the routing table?
 a default route
 a static route to the 192.168.10.0/24 network
 an OSPF-learned route to the 192.168.10.0/24 network
 an EIGRP-learned route to the 192.168.10.0/24 network
The administrative distance of 5 added to the end of the static route creates a floating static
situation for a static route that goes down. Static routes have a default administrative distance of 1.
This route that has an administrative distance of 5 will not be placed into the routing table unless the
previously entered static route to the 192.168.10.0/24 goes down or was never entered. The
administrative distance of 5 added to the end of the static route configuration creates a floating
static route that will be placed in the routing table when the primary route to the same destination
network goes down. By default, a static route to the 192.168.10.0/24 network has an administrative
distance of 1. Therefore, the floating route with an administrative distance of 5 will not be placed into
the routing table unless the previously entered static route to the 192.168.10.0/24 goes down or
was never entered. Because the floating route has an administrative distance of 5, the route is
preferred to an OSPF-learned route (with the administrative distance of 110) or an EIGRP-learned
route (with the administrative distance of 110) to the same destination network.
50. What are two advantages of static routing over dynamic routing? (Choose
two.)
 Static routing is more secure because it does not advertise over the
network.
 Static routing scales well with expanding networks.
 Static routing requires very little knowledge of the network for correct implementation.
 Static routing uses fewer router resources than dynamic routing.
 Static routing is relatively easy to configure for large networks.
Static routing requires a thorough understanding of the entire network for proper implementation. It
can be prone to errors and does not scale well for large networks. Static routing uses fewer router
resources, because no computing is required for updating routes. Static routing can also be more
secure because it does not advertise over the network.
51. What characteristic completes the following statement?
When an IPv6 static route is configured, it is possible that the same IPv6 link-
local address is used for …
 a destination host route with a /128 prefix.
 the “ipv6 unicast-routing” command.
 the next-hop address of two different adjacent routers.
 an administrative distance of 2.
52. A network administrator configures the interface fa0/0 on the router R1
with the command ip address 172.16.1.254 255.255.255.0. However, when
the administrator issues the command show ip route, the routing table does
not show the directly connected network. What is the possible cause of the
problem?
 The subnet mask is incorrect for the IPv4 address.
 The configuration needs to be saved first.
 The interface fa0/0 has not been activated.
 No packets with a destination network of 172.16.1.0 have been sent to R1.
Explanation: A directly connected network will be added to the routing table when these three
conditions are met: (1) the interface is configured with a valid IP address; (2) it is activated with no
shutdown command; and (3) it receives a carrier signal from another device that is connected to the
interface. An incorrect subnet mask for an IPv4 address will not prevent its appearance in the
routing table, although the error may prevent successful communications.

53. Refer to the exhibit. What command would be used to configure a static route on R1 so
that traffic from both LANs can reach the 2001:db8:1:4::/64 remote network?

 ipv6 route 2001:db8:1:4::/64 2001:db8:1:3::1

 ipv6 route 2001:db8:1::/65 2001:db8:1:3::1
 ipv6 route ::/0 serial0/0/0
 ipv6 route 2001:db8:1:4::/64 2001:db8:1:3::2
Explanation: To configure an IPv6 static route, use the ipv6 route command followed by the
destination network. Then add either the IP address of the adjacent router or the interface R1 will
use to transmit a packet to the 2001:db8:1:4::/64 network.

54. Refer to the exhibit. What two commands will change the next-hop address for the
10.0.0.0/8 network from 172.16.40.2 to 192.168.1.2? (Choose two.)

 A(config)# ip route 10.0.0.0 255.0.0.0 192.168.1.2

 A(config)# ip route 10.0.0.0 255.0.0.0 s0/0/0
 A(config)# no ip address 10.0.0.1 255.0.0.0 172.16.40.2
 A(config)# no network 10.0.0.0 255.0.0.0 172.16.40.2
  A(config)# no ip route 10.0.0.0 255.0.0.0 172.16.40.2
Explanation: The two required commands are A(config)# no ip route 10.0.0.0 255.0.0.0
172.16.40.2 and A(config)# ip route 10.0.0.0 255.0.0.0 192.168.1.2.

55. Refer to the exhibit. Which interface will be the exit interface to forward a data packet that
has the destination IP address 192.168.139.244?

Gateway of last resort is not set.

192.168.139.0/26 is variously subnetted, 7 subnets, 3 masks

O 192.168.139.0/26 [110/10] via 192.168.70.1, 00:00:24, Serial0/0/0

O 192.168.139.64/26 [110/20] via 192.168.70.6, 00:00:56, Serial 0/0/1

O 192.168.139.128/26 [110/10] via 192.168.70.1, 00:00:24, Serial 0/0/0

C 192.168.139.192/27 is directly connected, GigabitEthernet0/0

L 192.168.139.193/27 is directly connected, GigabitEthernet0/0

C 192.168.139.224/27 is directly connected, GigabitEthernet0/1

L 192.168.139.225/27 is directly connected, GigabitEthernet0/1

192.168.70.0/24 is variably subnetted, 4 subnets, 2 masks

C 192.168.70.0/30 is directly connected, Serial0/0/0

L 192.168.70.2/32 is directly connected, Serial0/0/0

C 192.168.70.4/30 is directly connected, Serial0/0/1

L 192.168.70.5/32 is directly connected, Serial0/0/1

S 192.168.71.0/26 [1/0] via 192.168.70.1, 00:00:24, Serial0/0/0

R1#

GigabitEthernet0/1
 None, the packet will be dropped.
 Serial0/0/1
 GigabitEthernet0/0
56. What characteristic completes the following statement?
When an IPv6 static route is configured, a fully-specified configuration should
be used with …
 ::/0.
 the “ipv6 unicast-routing” command.
 the next-hop address of two different adjacent routers.
 a directly connected multiaccess network.
57. Refer to the exhibit. Which interface will be the exit interface to forward
a data packet that has the destination IP address 192.168.71.52?

Gateway of last resort is not set.

192.168.139.0/26 is variously subnetted, 7 subnets, 3 masks

O 192.168.139.0/26 [110/10] via 192.168.70.1, 00:00:24, Serial0/0/0

O 192.168.139.64/26 [110/20] via 192.168.70.6, 00:00:56, Serial 0/0/1

O 192.168.139.128/26 [110/10] via 192.168.70.1, 00:00:24, Serial 0/0/0

C 192.168.139.192/27 is directly connected, GigabitEthernet0/0

L 192.168.139.193/27 is directly connected, GigabitEthernet0/0

C 192.168.139.224/27 is directly connected, GigabitEthernet0/1

L 192.168.139.225/27 is directly connected, GigabitEthernet0/1

192.168.70.0/24 is variably subnetted, 4 subnets, 2 masks

C 192.168.70.0/30 is directly connected, Serial0/0/0

L 192.168.70.2/32 is directly connected, Serial0/0/0

C 192.168.70.4/30 is directly connected, Serial0/0/1

L 192.168.70.5/32 is directly connected, Serial0/0/1

S 192.168.71.0/26 [1/0] via 192.168.70.1, 00:00:24, Serial0/0/0

R1#

 The packet will take the gateway of last resort.

 GigabitEthernet0/1
 Serial0/0/0
 None, the packet will be dropped.
58. What characteristic completes the following statement?
When an IPv6 static route is configured, the installation of the route can be
verified with ……
 a destination host route with a /128 prefix.
 the interface type and interface number.
 the “show ipv6 route static” command.
 an administrative distance of 2.
59. Refer to the exhibit. Which interface will be the exit interface to forward
a data packet that has the destination IP address 10.55.99.78?

Gateway of last resort is not set.

10.55.99.0/26 is variously subnetted, 7 subnets, 3 masks

O 10.55.99.0/26 [110/10] via 10.55.18.1, 00:00:24, Serial0/0/0

O 10.55.99.64/26 [110/20] via 10.55.18.6, 00:00:56, Serial 0/0/1

O 10.55.99.128/26 [110/10] via 10.55.18.1, 00:00:24, Serial 0/0/0

C 10.55.99.192/27 is directly connected, GigabitEthernet0/0

L 10.55.99.193/27 is directly connected, GigabitEthernet0/0

C 10.55.99.224/27 is directly connected, GigabitEthernet0/1

L 10.55.99.225/27 is directly connected, GigabitEthernet0/1

10.55.18.0/24 is variably subnetted, 4 subnets, 2 masks

C 10.55.18.0/30 is directly connected, Serial0/0/0

L 10.55.18.2/32 is directly connected, Serial0/0/0

C 10.55.18.4/30 is directly connected, Serial0/0/1

L 10.55.18.5/32 is directly connected, Serial0/0/1

S 10.55.19.0/26 [1/0] via 10.55.18.1, 00:00:24, Serial0/0/0

R1#

 None, the packet will be dropped.

 GigabitEthernet0/0
 GigabitEthernet0/1
  Serial0/0/1
60. A network administrator configures the interface fa0/0 on the router R1
with the command ip address 172.16.1.254 255.255.255.0 . However, when
the administrator issues the command show ip route , the routing table does
not show the directly connected network. What is the possible cause of the
problem?
 The subnet mask is incorrect for the IPv4 address.
 No packets with a destination network of 172.16.1.0 have been sent to R1.
 The configuration needs to be saved first.
 The interface fa0/0 has not been activated.
Explanation: A directly connected network will be added to the routing table when these three
conditions are met: (1) the interface is configured with a valid IP address; (2) it is activated with no
shutdown command; and (3) it receives a carrier signal from another device that is connected to the
interface. An incorrect subnet mask for an IPv4 address will not prevent its appearance in the
routing table, although the error may prevent successful communications.
61. Refer to the exhibit. Which interface will be the exit interface to forward
a data packet that has the destination IP address 10.3.86.2?

Gateway of last resort is not set.

10.3.86.0/26 is variously subnetted, 7 subnets, 3 masks

O 10.3.86.0/26 [110/10] via 10.3.2.1, 00:00:24, Serial0/0/0

O 10.3.86.64/26 [110/20] via 10.3.2.6, 00:00:56, Serial 0/0/1

O 10.3.86.128/26 [110/10] via 10.3.2.1, 00:00:24, Serial 0/0/0

C 10.3.86.192/27 is directly connected, GigabitEthernet0/0

L 10.3.86.193/27 is directly connected, GigabitEthernet0/0

C 10.3.86.224/27 is directly connected, GigabitEthernet0/1

L 10.3.86.225/27 is directly connected, GigabitEthernet0/1

10.3.2.0/24 is variably subnetted, 4 subnets, 2 masks

C 10.3.2.0/30 is directly connected, Serial0/0/0

L 10.3.2.2/32 is directly connected, Serial0/0/0

C 10.3.2.4/30 is directly connected, Serial0/0/1

L 10.3.2.5/32 is directly connected, Serial0/0/1

S 10.3.3.0/26 [1/0] via 10.3.2.1, 00:00:24, Serial0/0/0

R1#

 GigabitEthernet0/1
 Serial0/0/1
 GigabitEthernet0/0
 Serial0/0/0
62. Match the characteristic to the corresponding type of routing. (Not all
options are used.)

Explanation: Both static and dynamic routing could be used when more than one router is
involved. Dynamic routing is when a routing protocol is used. Static routing is when every remote
route is entered manually by an administrator into every router in the network topology.
63. Refer to the exhibit. Which interface will be the exit interface to forward
a data packet that has the destination IP address 172.25.128.244?

Gateway of last resort is not set.

172.25.128.0/26 is variously subnetted, 7 subnets, 3 masks

O 172.25.128.0/26 [110/10] via 172.25.56.1, 00:00:24, Serial0/0/0

O 172.25.128.64/26 [110/20] via 172.25.56.6, 00:00:56, Serial 0/0/1

O 172.25.128.128/26 [110/10] via 172.25.56.1, 00:00:24, Serial 0/0/0

C 172.25.128.192/27 is directly connected, GigabitEthernet0/0

L 172.25.128.193/27 is directly connected, GigabitEthernet0/0

C 172.25.128.224/27 is directly connected, GigabitEthernet0/1

L 172.25.128.225/27 is directly connected, GigabitEthernet0/1

172.25.56.0/24 is variably subnetted, 4 subnets, 2 masks

C 172.25.56.0/30 is directly connected, Serial0/0/0

L 172.25.56.2/32 is directly connected, Serial0/0/0

C 172.25.56.4/30 is directly connected, Serial0/0/1

L 172.25.56.5/32 is directly connected, Serial0/0/1

S 172.25.57.0/26 [1/0] via 172.25.56.1, 00:00:24, Serial0/0/0

R1#

 GigabitEthernet0/0
 GigabitEthernet0/1
 None, the packet will be dropped.
 Serial0/0/1
64. Ipv6 route 2001:0DB8::/32 2001:0DB8:3000::1
Which static route is configured here?
 Floating static
 Recursive static
 Directly attached static
 Fully specified static
Explain: The Router has to look up in the routing table twice to find the exit interface. The first is
shown in the Question now the router has to lookup what interface ex.s0/0/0 that the 3000::1
address is associated with. route table ex. 2001:0DB8:3000::1 is directly connected, Serial0/0/0.
This is the 2nd lookup in the table to find out that the packet needs to exit the s0/0/0 interface
making the first route a recursive and 2nd route a direct.