CCNA 2 v5 Chapter 2: Check Your Understanding Questions Answers

CCNA 2 Routing and Switching Essentials v5 Chapter 2: Basic Switching Concepts and Configuration – Check Your Understanding Questions Answers

1. Which three options correctly associate the command with the paired behavior? (Choose three.)

  • switchport port-security violation protect: Frames with unknown source addresses are dropped and a notification is sent.
  • switchport port-security violation restrict: Frames with unknown source addresses are dropped and no notification is sent.
  • switchport port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.
  • switchport port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
  • switchport port-security maximum: Defines the number of MAC addresses associated with a port.

Explanation: Know the switch port security types and violation modes is important before configuring port security. Port security can be configured using (1) static secure MAC addresses, (2) dynamic secure MAC addresses, and (3) sticky secure MAC addresses. The three violation modes are protect, restrict, and shutdown. Shutdown is the default violation mode.

2. What is the effect of entering the following command on a Fast Ethernet switch port?

SW1(config-if)# duplex full
  • The connected device communicates in two directions, but only one direction at a time.
  • The switch port returns to its default configuration.
  • If the device connected to this port is also set for full duplex, the device participates in collision-free communication.
  • The efficiency of this configuration is typically rated at 50 to 60 percent.
  • The connected device should be configured as half duplex.

Explanation: The switch will connect with full duplex when autonegotiating with a peer device. The default configuration for a switch port is auto negotiating.

3. Which two tasks does autonegotiation in an Ethernet network accomplish? (Choose two.)

  • Sets the link speed
  • Sets the IP address
  • Sets the link duplex mode
  • Sets MAC address assignments on switch port
  • Sets the ring speed

Explanation: Autonegotiation sets duplex and speed. Autonegotiation is the default mode for a Cisco switch port.

4. Why should a default gateway be assigned to a switch?

  • So that there can be remote connectivity to the switch via such programs as Telnet and ping
  • So that frames can be sent through the switch to the router
  • So that frames generated from workstations and destined for remote networks can pass to a higher level
  • So that other networks can be accessed from the command prompt of the switch

Explanation: The default gateway provides a means for the administrator of the switch (from the switch command prompt) to access networks not directly connected to the switch. It also allows for remote connectivity from a different network because when connected, the return packets from the switch can be sent to the remote network device. Answer A would be possible from devices on the same network.

5. The network administrator wants to configure an IP address on a Cisco switch. How does the network administrator assign the IP address?

  • In privileged EXEC mode
  • On the switch interface FastEthernet0/0
  • On the management VLAN
  • On the physical interface connected to the router or next-hop device

Explanation: A Layer 2 switch is allotted a single Layer 3 logical address in the form of a switch virtual interface (SVI) used for managing the switch.

6. Which option correctly associates the Layer 2 security attack with the description?

  • MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses.
  • DHCP starvation: Using proprietary Cisco protocols to gain information about a switch.
  • CDP attack: The attacker fills the switch MAC address table with invalid MAC addresses.
  • Telnet attack: Using brute force password attacks to gain access to a switch.

Explanation: The description in A goes with DHCP starvation, in B goes with CDP attack, in C goes with MAC address flooding.

7. What is an advantage of using SSH over Telnet when remotely connecting to a switch?

  • Encryption
  • More connection lines
  • Connection-oriented services
  • Username and password authentication

Explanation: SSH is a more secure method of accessing a device from a remote network.

8. Consider the configuration. Which two commands are not needed on the switch in order for a remote network administrator to access the switch using SSH? (Choose two.)

  • Switch(config)# ip domain-name
  • Switch(config)# crypto key generate rsa
  • Switch(config)# ip ssh version 2
  • Switch(config)# line vty 0 15
  • Switch(config-if)# transport input ssh

Explanation: SSH version 2 is the default version. The transport input ssh command would not be entered in interface configuration mode, but in line configuration mode (Switch(config-line)#).

9. What is an advantage of having the correct date and time on a network device?

  • Network administrators are provided with correct timestamps on log messages.
  • When working at the console prompt, the network administrator has a good idea how long the configuration or troubleshooting process is taking.
  • Other devices can use CDP to discover neighbor device information if the time and date are synchronized between the two devices.
  • Secure remote connectivity can be accomplished if the date and time are accurate.

Explanation: By using NTP or manually configuring the date and time on a network device, log messages are time stamped accurately. This is especially important when troubleshooting problems.

10. What is the purpose of DHCP snooping?

  • Ensures devices are configured for automatic IP address assignment
  • Prevents unauthorized DHCP servers
  • Prevents DHCP messages from going across a trunk
  • Prevents DHCP messages from being sent to another network

Explanation: When DHCP snooping is configured, switch ports are configured as either a trusted port or an untrusted port. A device connected to a trusted port can send any type of DHCP message into the switch. An untrusted port only allows incoming DHCP requests.

11. What is a Cisco best practice for deploying switches?

  • When a server connects to a switch, the switch port should have the port speed manually configured, but the autonegotiation feature used for duplex.
  • A compound word should be used as a password on an infrastructure network device such as a switch.
  • Telnet should be used whenever possible on the switch vty lines.
  • The enable secret password should be used when configuring a switch to use SSH on the vty lines.

Explanation: Gigabit Ethernet and 10Gb Ethernet NICs can only run in full duplex. Speed should be manually configured on a port that has an important device such as a server. A network engineer would not want to chance the autonegotiation configuring a slower speed. No normal word (whether compound or not) should be used as a password. Passwords should include uppercase and lowercase letters as well as special symbols. SSH is the preferred method of remote connectivity for a switch.

12. When would auto-MDIX be best to use?

  • When a switch connects to a router
  • When a switch connects to another switch
  • When any device connects to an access layer switch
  • When the cable type is unknown

Explanation: Auto-MDIX is not supported on every Cisco device, but if supported, this feature will allow the interface to automatically detect the required connection type (straight-through or crossover) and configure the port appropriately.

Notify of

Inline Feedbacks
View all comments