211. which IP configuration does the CIDR notation 192.168.1.1/25 refer?
- 192.168.1.1 255.255.255.64
- 192.168.1.1 255.255.255.1
- 192.168.1.1 255.255.255.32
- 192.168.1.1 255.255.255.256
- 192.168.1.1 255.255.255.128*
212. CIDR notation (255.255.255.252 ) / notation?
213. Which two of these statements regarding RSTP are correct? (Choose two)
- RSTP cannot operate with PVST+.
- RSTP defines new port roles.*
- RSTP defines no new port states.
- RSTP is a proprietary implementation of IEEE 802.1D STP.
- RSTP is compatible with the original IEEE 802.1D STP.*
214. What is known as ―one-to-nearest addressing in IPv6?
- global unicast
- unspecified address
215. When a device learns multiple routes to a specific network, it installs the route with :
- Longest bit Match (highest subnet Mask)
- lowest AD*
- lowest metric
- equal load balancing
216. Requirement to configure DHCP binding ( 2 options)
- DHCP pool
- ip address*
- Hardware address*
- other option
All DHCP clients send a client identifier (DHCP option 61) in the DHCP packet. To configure manual bindings, you must enter the client-identifier DHCP pool configuration command with the appropriate hexadecimal values identifying the DHCP client. For example:
ip dhcp pool SERVER host 172.16.200.100 255.255.255.0 client-identifier 01aa.bbcc.0003.00 default-router 172.16.200.1 !
Therefore two requirements for DHCP binding is the IP address and the hardware address (MAC address) of the client. Notice that in the above example “aabb.cc00.0300” is the MAC address of the client while prefix “01” represents the Ethernet media type.
In fact the “DHCP pool” option is also correct but two above choices are better.
217. how to see dhcp conflict?
- show ip dhcp pool
- show dhcp database
- show ip dhcp conflict*
- Other Option.
218. What type of MAC address is aged automatically by the switch?
- one more option
The switch dynamically builds the address table by using the MAC source address of the frames received. When the switch receives a frame for a MAC destination address not listed in its address table, it floods the frame to all LAN ports of the same VLAN except the port that received the frame. When the destination station replies, the switch adds its relevant MAC source address and port ID to the address table. The switch then forwards subsequent frames to a single LAN port without flooding all LAN ports.
When the switch dynamically builds the MAC address table, it also specifies the time before an entry ages out and is discarded from the MAC address table. The default is 300 seconds.
219. Which major component of the network virtualization architecture isolate users according to policy?
- policy enforcement
- network access control*
- network services virtualization
- path isolation
+ Network access control and segmentation of classes of users: Users are authenticated and either allowed or denied into a logical partition. Users are segmented into employees, contractors and consultants, and guests, with respective access to IT assets. This component identifies users who are authorized to access the network and then places them into the appropriate logical partition.
+ Path isolation: Network isolation is preserved across the entire enterprise: from the edge to the campus to the WAN and back again. This component maintains traffic partitioned over a routed infrastructure and transports traffic over and between isolated partitions. The function of mapping isolated paths to VLANs and to virtual services is also performed in component.
+ Network Services virtualization: This component provides access to shared or dedicated network services such as security, quality of service (QoS), and address management (Dynamic Host Configuration Protocol [DHCP] and Domain Name System [DNS]). It also applies policy per partition and isolates application environments, if required.
220. Which two statements about firewalls are true?
- They can be used with an intrusion prevention system.*
- They can limit unauthorized user access to protect data.*
- Each wireless access point requires its own firewall.
- They must be placed only at locations where the private network connects to the internet.
- They can prevent attacks from the internet only.
221. Which two statements about data VLANs on access ports are true? ( Choose two)
- They can be configured as trunk ports.
- Two or more VLANs can be configured on the interface.
- 802.1Q encapsulation must be configured on the interface.
- Exactly one VLAN can be configured on the interface.*
- They can be configured as host ports.*
222. Where does the configuration reside when a helper address is configured to support DHCP?
- on the switch trunk interface.
- on the router closest to the client.*
- on the router closest to the server.
- on every router along the path.
223. Which command can you enter to configure an IPV6 floating static route?
- Router(config)# ipv6 route static resolve default
- Router(config)# ipv6 route::/0 serail0/1
- Router(config)# ipv6 route FE80:0202::/32 serail 0/1 201*
- Router(config)# ipv6 route FE80:0202::/32 serail 0/1 1
224. How does NAT overloading provide one-to-many address translation?
- It uses a pool of addresses
- It converts IPV4 addresses to unused IPv6 Addresses
- assigns a unique TCP/UDP port to each session*
- It uses virtual MAC Address and Virtual IP Addresses
225. Which three options are types of Layer 2 network attack? (Choose three)
- Spoofing attacks*
- Vlan Hopping*
- botnet attacks
- DDOS attacks
- ARP Attacks*
- Brute force attacks
(DHCP) Spoofing attack is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a “man-in-the-middle”.
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is “closer” than the DHCP Server then he doesn’t need to do anything. Or he can DoS the DHCP Server so that it can’t send the DHCP Response.
VLAN Hopping: By altering the VLAN ID on packets encapsulated for trunking, an attacking device can send or receive packets on various VLANs, bypassing Layer 3 security measures. VLAN hopping can be accomplished by switch spoofing or double tagging.
1) Switch spoofing:
The attacker can connect an unauthorized Cisco switch to a Company switch port. The unauthorized switch can send DTP frames and form a trunk with the Company Switch. If the attacker can establish a trunk link to the Company switch, it receives traffic to all VLANs through the trunk because all VLANs are allowed on a trunk by default.
(Instead of using a Cisco Switch, the attacker can use a software to create and send DTP frames).
In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and the second matches the VLAN of a host it wants to attack (VLAN 20).
When the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed. Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards out to the Victim computer.
Note: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker.
ARP attack (like ARP poisoning/spoofing) is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. This is an attack based on ARP which is at Layer 2.
226. What does split-horizon do?
- Prevent routing loop in distance vector protocol*
- Prevent switching loop in distance vector protocol
- Prevent switching loop in link-state protocol
- Prevent routing loop in link-state protocol
227. Refer to the exhibit.
After you apply the given configuration to R1, you notice that it failed to enable OSPF Which action can you take to correct the problem?
- Configure a loopback interface on R1
- Enable IPv6 unicast routing on R1.*
- Configure an IPv4 address on interface FO/0.
- Configure an autonomous system number on OSPF.
Prerequisites for IPv6 Routing: OSPFv3
Complete the OSPFv3 network strategy and planning for your IPv6 network. For example, you must decide whether multiple areas are required.
Enable IPv6 unicast routing.
Enable IPv6 on the interface.
228. How many broadcast domains are shown in the graphic assuming only the default VLAN is confgured on the switches?
For your information, there are 7 collision domains in this exhibit (6 collision domains between hubs & switches + 1 collision between the two switches).
229. Which three statements correcctly describe Network Device A? (Choose three.)
- With a network wide mask of 255.255.255.128, each interface does not require an IP address.
- With a network wide mask of 255.255.255.128, each interface does require an IP address on a unique IP subnet.*
- With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to communicate with each other.
- With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to communicate with each other.*
- With a network wide mask of 255.255.254.0, each interface does not require an IP address.*
A quick way to find out the correct answers is notice that all 255.255.255.x subnet masks will separate these two IP addresses into two separate subnets so we need a Layer 3 device here and each interface must require an IP address on a unique IP subnet -> A, C are not correct while B, D are correct.
With 255.255.254.0 subnet mask, the increment here is 2 in the third octet -> the first subnet is from 10.1.0.0 to 10.1.1.255, in which two above IP addresses belong to -> each interface of Network device A does not require an IP address -> E is correct.
230. At the end of an RSTP election process, which access layer switch port will assume the discarding role?
- Switch3, port fa0/1
- Switch3, port fa0/12
- Switch4, port fa0/11*
- Switch4, port fa0/2
- Switch3, port Gi0/1
- Switch3, port Gi0/2
ID than Switch 4 (because the MAC of Switch3 is smaller than that of Switch4) so both ports of Switch3
will be in forwarding state. The alternative port will surely belong to Switch4.
Switch4 will need to block one of its ports to avoid a bridging loop between the two switches. But how
does Switch4 select its blocked port? Well, the answer is based on the BPDUs it receives from Switch3. A
BPDU is superior to another if it has:
1. A lower Root Bridge ID
2. A lower path cost to the Root
3. A lower Sending Bridge ID
4. A lower Sending Port ID
These four parameters are examined in order. In this specific case, all the BPDUs sent by Switch3 have
the same Root Bridge ID, the same path cost to the Root and the same Sending Bridge ID. The only
parameter left to select the best one is the Sending Port ID (Port ID = port priority + port index). In this
case the port priorities are equal because they use the default value, so Switch4 will compare port index
values, which are unique to each port on the switch, and because Fa0/12 is inferior to Fa0/1, Switch4 will
select the port connected with Fa0/1 (of Switch3) as its root port and block the other port -> Port fa0/11
of Switch4 will be blocked (discarding role).
231. Why is flash memory erased prior to upgrading the IOS image from the TFTP server?
- The router cannot verify that the Cisco IOS image currently in flash is valid.
- Flash memory on Cisco routers can contain only a single IOS image.
- Erasing current flash content is requested during the copy dialog.*
- In order for the router to use the new image as the default, it must be the only IOS image in flash.
Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will see an error message like this:
|%Error copying tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin (Not enough space on device)|
232. The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.)
- Configure the gateway on Host A as 10.1.1.1
- Configure the gateway on Host B as 10.1.2.254*
- Configure the IP address of Host A as 10.1.2.2
- Configure the IP address of Host B as 10.1.2.2*
- Configure the masks on both hosts to be 255.255.255.224
- Configure the masks on both hosts to be 255.255.255.240
233. Which utility can you use to identify the cause of a traffic-flow blockage between the two devices in a network?
- ACL path analysis tool in APIC-EM*
- I WAN application
- ACL analysis tool in APIC-EM
- APIC-EM automation scheduler
Icon means “there are ACLs that permit the traffic applied on the interface”.
Icon means “traffic may or may not be blocked. For example, if your traffic matches a deny access control entry (ACE), traffic is denied. However, if your traffic matches any other ACEs, it is permitted. You can get this type of results if you leave out the protocol, source port, or destination port when defining a path trace”.
Icon means “there is an ACL on the device or interface that is blocking the traffic on the path”.
Icon means “there are no ACLs applied on the interface”.
234. Which IEEE mechanism is responsible for the authentication of devices when they attempt to connect to a local network?
235. When a router is unable to find a known route in the routing table, how does it handle the packet?
- It discards the packet*
- It sends the packet over the route with the best metric
- It sends the packet to the next hop address
- It sends the packet to the gateway of last resort
A Gateway of Last Resort is a route used by the router when no other known route exists to send the IP packet. For CCNA level, when ip routing feature is enabled, a gateway of last resort is usually created by:
+ The “ip default-network” command (but dynamic routing protocols have different behaviors). But in general, the “ip default-network” cannot set the gateway of last resort without a known route in the routing table.
+ Creating a static route to network 0.0.0.0 0.0.0.0 is another way to set the gateway of last resort on a router. This is the reason why this question is not clear as it does not tell us if a default route exists or not.
Maybe in this question a default route does not exist. Otherwise the author would notice and indicate it in the question.
For more information about Gateway of Last Resort, please read: http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html
236. If router R1 knows a static route to a destination network and then learns about the same destination network through a dynamic routing protocol, how does R1 respond?
- It refuses to advertise the dynamic route to other neighbors
- It sends a withdrawal signal to the neighboring router
- It disables the routing protocol
- It prefers the static route*
237. Which two statements about floating static routes are true? (Choose two)
- They are routes to the exact /32 destination address
- They are used when a route to the destination network is missing
- They have a higher administrative distance than the default static route administrative distance*
- They are used as back-up routes when the primary route goes down*
- They are dynamic routes that are learned from a server
238. Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to which IP address does it send the packet?
239. What is the danger of the permit any entry in a NAT access list?
- It can lead to overloaded resources on the router.*
- It can cause too many addresses to be assigned to the same interface.
- It can disable the overload command.
- It prevents the correct translation of IP addresses on the inside network.
240. How does a DHCP server dynamically assign IP addresses to hosts?
- Addresses are permanently assigned so that the host uses the same address at all times.
- Addresses are assigned for a fixed period of time.
- Addresses are leased to hosts. A host will usually keep the same address by periodically contacting the DHCP server to renew the lease.*
- Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.
241. Refer to the exhibit. What two results would occur if the hub were to be replaced with a switch that is configured with one Ethernet VLAN? (Choose two.)
- The number of collision domains would remain the same.
- The number of collision domains would decrease.
- The number of collision domains would increase.*
- The number of broadcast domains would remain the same.*
- The number of broadcast domains would decrease.
- The number of broadcast domains would increase.
242. Refer to the exhibit, you determine that Computer A cannot ping Computer
Which reason for the problem is most likely true?
- The Subnet mask for Computer A is incorrect.*
- The default gateway address for Computer A is incorrect.
- The subnet mask for computer B is incorrect.
- The default gateway address for computer B is incorrect.
243. Which effect of the passive-interface command on R1 is true?
- It prevents interface Fa0/0 from sending updates.*
- Interface Fa 0/0 operates in RIPv1 mode.
- It removes the 172.16.0.0 network from all updates on all interfaces on R1.
- It removes the 172.17.0.0 network from all updates on all interfaces on R1.
But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different.
244. Which three encapsulation layers in the OSI model are combined into the TCP/IP application layer? (Choose three)
245. When is the most appropriate time to escalate an issue that you troubleshooting?
- A. When you lack the proper to resolve the issue*
- B. When a more urgent issue that requires your intervention is detected
- C. When you have gathered all information about an issue
- D. When you have been unable to resolve the issue after 30 min
Step 2. Resolve or escalate: Problem isolation should eventually uncover the root cause of the problem – that is, the cause which, if fixed, will resolve the problem. In short, resolving the problem means finding the root cause of the problem and fixing that problem. Of course, what do you do if you cannot find the root cause, or fix (resolve) that root cause once found? Escalate the problem. Most companies have a defined escalation process, with different levels of technical support and management support depending on whether the next step requires more technical expertise or management decision making.
Reference: ICND1 100-105 Official Cert Guide
Also from this link: http://www.ciscopress.com/articles/article.asp?p=1578504&seqNum=2
“After you have clearly defined the problem, you have one more step to take before starting the actual troubleshooting process. You must determine whether this problem is your responsibility or if it needs to be escalated to another department or person. For example, assume the reported problem is this: “When user Y tries to access the corporate directory on the company intranet, she gets a message that says permission is denied. She can access all other intranet pages.” You are a network engineer, and you do not have access to the servers. A separate department in your company manages the intranet servers. Therefore, you must know what to do when this type of problem is reported to you as a network problem. You must know whether to start troubleshooting or to escalate it to the server department. It is important that you know which type of problems is your responsibility to act on, what minimal actions you need to take before you escalate a problem, and how you escalate a problem.”
So we can say answer A is the most suitable choice.
246. Which two command can you enter to display the current time sources statistics on devices? (Choose TWO)
- Show ntp associations.*
- Show clock details.
- Show clock.
- Show time.
- Show ntp status.*
R1#show ntp associations address ref clock st when poll reach delay offset disp *~10.1.2.1 22.214.171.124 9 509 64 200 32.2 15.44 16000. * master (synced), # master (unsynced), + selected, - candidate, ~ configured
Below is the output of the “show ntp status” command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1.
R1#show ntp status Clock is synchronized, stratum 10, reference is 10.1.2.1 nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**18 reference time is D5E492E9.98ACB4CF (13:00:25.596 CST Wed Sep 18 2013) clock offset is 15.4356 msec, root delay is 52.17 msec root dispersion is 67.61 msec, peer dispersion is 28.12 msec
For more information about these two commands, please read at: http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/116161-trouble-ntp-00.html
In fact this question is unclear, but other answers are surely not correct.
247. When you enable PortFast on a switch port, the port immediately transitions to which state?
248. Which path does a router choose when it receives a packet with multiple possible paths to the destination
over different routing protocols?
- the path with both the lowest administrative distance and the highest metric
- the path with the lowest administrative distance*
- the path with the lowest metric
- the path with both the lowest administrative distance and lowest metric
249. Which command is used to know the duplex speed of serial link?
- show line
- show interface*
- show protocol
- show run
In this output the speed of S0/0 interface is 1544 Kbits.
250. What command is used to configure a switch as authoritative NTP server?
- switch(config)#ntp master 3*
- switch(config)#ntp peer 126.96.36.199
- switch(config)#ntp server 188.8.131.52
- switch(config)#ntp source 184.108.40.206
251. Which address class includes network 220.127.116.11/27?
- Class C
- Class B*
- Class D
- Class A
252. On which type of port can switches interconnect for multi-VLAN communication?
- interface port
- access port
- switch port
- trunk port*
253. Refer to the exhibit. If R1 sends traffic to 192.168.101.45 the traffic is sent through which interface?
254. Which IPV6 function serves the same purpose as ARP entry verification on an IPv4 network?
- interface ip address verification
- MAC address table verification
- neighbor discovery verification*
- Routing table entry verification
+ Subsitute of ARP – Since ARP has been removed in IPv6, IPv6 follows a newer way to find the link-layer addresses of nodes on the local link. This new mechanism uses a mix of ICMPv6 messages and multicast addresses
255. Which HSRP feature was new in HSRPv2?
- VLAN group numbers that are greater than 255*
- Virtual MAC addresses
In HSRP version 1, group numbers are restricted to the range from 0 to 255. HSRP version 2 expands the group number range from 0 to 4095 -> A is correct.
256. Refer to exhibit. Which command can you enter to verify link speed and duplex setting on the interface?
R1(config)#interface gigabitEthernet0/1 R1(config-if)#ip address 192.168.1.1. 255.255.255.0 R1(config-if)#speed 100 R1(config-if)#duplex full
- router#show ip protocols
- router#show startup-config
- router#show line
- router#show interface gig 0/1*
257. Which two statements about unique local IPv6 addresses are true?
- They are identical to IPv4 private addresses.*
- They are defined by RFC 1884
- They use the prefix FEC0::/10
- They use the prefix FC00::/7*
- They can be routed on the IPv6 global internet.
- Show (Hide) Explanation/ReferenceA IPv6 Unique Local Address is an IPv6 address in the block FC00::/7. It is the approximate IPv6 counterpart of the IPv4 private address. It is not routable on the global Internet.Note: In the past, Site-local addresses (FEC0::/10) are equivalent to private IP addresses in IPv4 but now they are deprecated.
258. Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in trunk mode, dynamic desirable mode, or desirable auto mode?
- dynamic desirable
- dynamic auto*
In dynamic auto mode, the interface is able to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto. Note that if two Cisco switches are left to the common default setting of auto, a trunk will never form.
In dynamic desirable mode, the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode. This is the default switchport mode on older switches, such as the Catalyst 2950 and 3550 Series switches -> This is the best answer in this question.
259. When you troubleshoot an IPv4 connectivity issue on a router, which three router configuration checks you
- Verify that the router interface IP address is correct.*
- Verify that the DNS is configured correctly.
- Verify that the router and the host use the same subnet mask.*
- Verify that the router firmware is up-to-date.
- Verify that a default route is configured.
- Verify that the route appears in the Routing table*
260. Configuration of which option is required on a Cisco switch for the Cisco IP phone to work?
- PortFast on the interface
- the interface as an access port to allow the voice VLAN ID*
- a voice VLAN ID in interface and global configuration mode
- Cisco Discovery Protocol in global configuration mode
In order to avoid this, remove the trunk configuration and keep the voice and access VLAN configured along with Quality of Service (QoS). Technically, it is still a trunk, but it is called a Multi-VLAN Access Port (MVAP). Because voice and data traffic can travel through the same port, you should specify a different VLAN for each type of traffic. You can configure a switch port to forward voice and data traffic on different VLANs. Configure IP phone ports with a voice VLAN configuration. This configuration creates a pseudo trunk, but does not require you to manually prune the unnecessary VLANs.
The voice VLAN feature enables access ports to carry IP voice traffic from an IP phone. You can configure a voice VLAN with the “switchport voice vlan …” command under interface mode. The full configuration is shown below:
Switch(config)#interface fastethernet0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport access vlan 10 Switch(config-if)#switchport voice vlan 20
261. Which method does a connected trunk port use to tag VLAN traffic?
- IEEE 802 1w
- IEEE 802 1D
- IEEE 802 1Q*
- IEEE 802 1p
262. Which RFC was created to alleviate the depletion of IPv4 public addresses?
- RFC 4193
- RFC 1519
- RFC 1518 *
- RFC 1918
The RFC 1918 is Address Allocation for Private Internets, which reserves IP addresses for private and internal use. These addresses can be used for networks that do not need to connect to the Internet.
Therefore the RFC 1918 is the best choice to “alleviate the depletion of IPv4 public addresses”.
263. What is the default lease time for a DHCP binding?
- 24 hours*
- 12 hours
- 48 hours
- 36 hours
264. Which NAT type is used to translate a single inside address to a single outside address?
- dynamic NAT
- NAT overload
- static NAT*
Static NAT: Designed to allow one-to-one mapping between local and global addresses. This flavor requires you to have one real Internet IP address for every host on your network
Dynamic NAT: Designed to map an unregistered IP address to a registered IP address from a pool of registered IP addresses. You don’t have to statically configure your router to map an inside to an outside address as in static NAT, but you do have to have enough real IP addresses for everyone who wants to send packets through the Internet. With dynamic NAT, you can configure the NAT router with more IP addresses in the inside local address list than in the inside global address pool. When being defined in the inside global address pool, the router allocates registered public IP addresses from the pool until all are allocated. If all the public IP addresses are already allocated, the router discards the packet that requires a public IP address.
In this question we only want to translate a single inside address to a single outside address so static NAT should be used.
265. Which network topology allows all traffic to flow through a central hub?
266. Which statement about a router on a stick is true?
- Its date plane router traffic for a single VI AN over two or more switches.
- It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs on the same subnet
- It requires the native VLAN to be disabled.
- It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs.*
267. By default, how many MAC addresses are permitted to be learned on a switch port with port security enabled?
268. Which device allows users to connect to the network using a single or double radio?
- access point*
- wireless controller
Note: The wireless controller automates wireless configuration and management functions. It does not connect directly to users.
269. When enabled, which feature prevents routing protocols from sending hello messages on an interface?
- virtual links
- directed neighbors
- OSPF areas
The command enables the suppression of routing updates over some interfaces while it allows updates to
be exchanged normally over other interfaces. With most routing protocols, the passive-interface command
restricts outgoing advertisements only.
But, when used with Enhanced Interior Gateway Routing Protocol (EIGRP), the effect is slightly different.
This document demonstrates that use of the passive-interface command in EIGRP suppresses the
exchange of hello packets between two routers, which results in the loss of their neighbor relationship. This
stops not only routing updates from being advertised, but it also suppresses incoming routing updates. This
document also discusses the configuration required in order to allow the suppression of outgoing routing
updates, while it also allows incoming routing updates to be learned normally from the neighbor
270. Refer to the exhibit. Which statement describes the effect of this configuration?
- The VLAN 10 VTP configuration is displayed
- VLAN 10 spanning-tree output is displayed
- The VLAN 10 configuration is saved when the router exits VLAN configuration mode*
- VLAN 10 is added to the VLAN database
271. Which route source code represents the routing protocol with a default administrative distance of 90 in the routing table?
272. Which statement about native VLAN traffic is true?
- Cisco Discovery Protocol traffic travels on the native VLAN by default*
- Traffic on the native VLAN is tagged with 1 by default
- Control plane traffic is blocked on the native VLAN.
- The native VLAN is typically disabled for security reasons
273. Which statement about unicast frame forwarding on a switch is true?
- The TCAM table stores destination MAC addresses
- If the destination MAC address is unknown, the frame is flooded to every port that is configured in the same VLAN except on the port that it was received on.*
- The CAM table is used to determine whether traffic is permitted or denied on a switch
- The source address is used to determine the switch port to which a frame is forwarded
274. Which component of the routing table ranks routing protocols according to their preferences?
- administrative distance*
- next hop
- routing protocol code
275. Which switch would STP choose to become the root bridge in the selection process?
- 32768: 11-22-33-44-55-66*
- 32768: 22-33-44-55-66-77
- 32769: 11-22-33-44-55-65
- 32769: 22-33-44-55-66-78
276. Refer to the graphic. R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this problem? (Choose two.)
- All of the routers need to be configured for backbone Area 1.
- R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3
- A static route has been configured from R1 to R3 and prevents the neighbor adjacency from being established.
- The hello and dead interval timers are not set to the same values on R1 and R3.*
- EIGRP is also configured on these routers with a lower administrative distance.
- R1 and R3 are configured in different areas.*
B is not correct because R1 or R3 must be the DR or BDR -> it has to establish neighbor adjacency with the other.
C is not correct because OSPF neighbor relationship is not established based on static routing. It uses multicast address 18.104.22.168 to establish OSPF neighbor relationship.
E is not correct because configure EIGRP on these routers (with a lower administrative distance) will force these routers to run EIGRP, not OSPF.
D and F are correct because these entries must match on neighboring routers:
– Hello and dead intervals
– Area ID (Area 0 in this case)
– Authentication password
– Stub area flag
277. For what two purposes does the Ethernet protocol use physical addresses? (Choose two.)
- to uniquely identify devices at Layer 2*
- to allow communication with devices on a different network
- to differentiate a Layer 2 frame from a Layer 3 packet
- to establish a priority system to determine which device gets to transmit first
- to allow communication between different devices on the same network*
- to allow detection of a remote device when its physical address is unknown
MAC addresses are only used to communicate on the same network. To communicate on different network we have to use Layer 3 addresses (IP addresses) -> B is not correct; E is correct.
Layer 2 frame and Layer 3 packet can be recognized via headers. Layer 3 packet also contains physical address -> C is not correct.
On Ethernet, each frame has the same priority to transmit by default -> D is not correct.
All devices need a physical address to identify itself. If not, they can not communicate -> F is not correct.
278. 2 authentication type of MLPPP
Multilink PPP combines multiple physical links into a logical bundle called a Multilink PPP bundle. A Multilink PPP bundle is a single, virtual interface that connects to the peer system. Having a single interface (Multilink PPP bundle interface) provides a single point to apply hierarchical queueing, shaping, and policing to traffic flows. Individual links in a bundle do not perform any hierarchical queueing. None of the links have any knowledge about the traffic on parallel links.
MLPPP supports two authentication protocols: Password Authentication protocol (PAP) and Challenge-Handshake Authentication Protocol (CHAP)
279. What is the effect of the overload keyword in a static NAT translation configuration?
- It enables port address translation.*
- It enables the use of a secondary pool of IP addresses when the first pool is depleted
- It enables the inside interface to receive traffic.
- It enables the outside interface to forward traffic.
280. What are the requirements for running VTP (choose two)
- VTP domain names must be different
- VTP domain names must be the same*
- VTP server must have the highest revision numbers
- All devices need to have the same VTP version*