Host A pings host B.

When R4 accepts the ping into the Ethernet

interface, what two pieces of header information are included?
(Choose two.)
destination IP address: 192.168.10.134
destination MAC address: 9999.DADC.1234

Which of the following is the correct flow of routines for a router

startup?
load bootstrap, load IOS, apply configuration

What can be concluded from the routing table output in the

exhibit? (Choose two.)
The FastEthernet0/0 and Serial0/0/0 interfaces of this router were
configured with an IP address and the no shutdown command.
An IP packet received by this router with a destination address of
198.18.9.1 will be forwarded out of the Serial0/0/0 interface.

The frame shown in the exhibit was received by the router. The
router interfaces are operational. How will the router process this
frame? (Choose two.)
The router will change the frame type to one supported by the WAN
link before forwarding the frame.
The frame was received on the Fa0/0 interface of the router and will
be switched to the S0/0/0 interface.

What three processes does a router execute when it receives a

packet from one network that is destined for another network?
(Choose three.)
decapsulates the Layer 3 packet by stripping off the Layer 2 frame
header
uses the destination IP Address in the IP header to look up the
next-hop address in the routing table
encapsulates the Layer 3 packet into the new Layer 2 frame and
forwards it out the exit interface

What can be concluded from the output of the runningconfiguration of a router?

The commands that are displayed determine the current operation
of the router.

A network administrator has just entered new configurations into

Router1. Which command should be executed to save
configuration changes to NVRAM?
Router1# copy running-config startup-config

What is the default sequence for loading the configuration file?

NVRAM, TFTP, CONSOLE

The network administrator has configured the router with the

interface IP addresses shown for the directly connected networks.
Pings from the router to hosts on the connected networks or pings
between router interfaces are not working. What is the most likely
problem?
The interfaces must be enabled with the no shutdown command.

What information about the router and its startup process can be
gathered from the output of the show version command? (Choose
three.)
the last restart method
the configuration register settings
the location from where the IOS loaded

Which interfaces in the exhibit could be used for a leased line

WAN connection? (Choose two.)
1
4

If a router cannot find a valid configuration file during the startup

sequence, what will occur?
The router will prompt the user for a response to enter setup mode.

Which are functions of a router? (Choose three.)

packet switching
segmentation of broadcast domains
selection of best path based on logical addressing

The serial connection shown in the graphic needs to be

configured. Which configuration commands must be made on the
Sydney router to establish connectivity with the Melbourne site?
(Choose three.)

Sydney(config-if)# ip address 201.100.53.2 255.255.255.0

Sydney(config-if)# no shutdown
Sydney(config-if)# clock rate 56000

What header address information does a router change in the

information it receives from an attached Ethernet interface before
information is transmitted out another interface?
the Layer 2 source and destination address

What is the outcome of entering these commands?

R1(config)# line vty 0 4
R1(config-line)# password check123
R1(config-line)# login
sets the password to be used for connecting to this router via Telnet

All routers have a route in its routing table to each network that is
shown in the exhibit. Default routes have not been issued on
these routers. What can be concluded about how packets are
forwarded in this network? (Choose two.)
If RouterA receives a packet that is destined for 192.168.3.146, it
will be forwarded out interface S0/0/1.
If RouterB receives a packet that is destined for 10.5.27.15, it will
be forwarded out interface S0/0/1.

From what location can a router load the Cisco IOS during the
boot process? (Choose two.)
TFTP server
Flash memory

After host 2 is connected to the switch on the LAN, host 2 is

unable to communicate with host 1. What is the cause of this
problem?
Host 1 and host 2 are on different networks.

Passwords can be used to restrict access to all or parts of the

Cisco IOS. Select the modes and interfaces that can be protected
with passwords. (Choose three.)
VTY interface
console interface

privileged EXEC mode

Which two statements describe characteristics of load balancing?

(Choose two.)
Load balancing allows a router to forward packets over multiple
paths to the same destination network.
Unequal cost load balancing is supported by EIGRP.

Which two statements correctly describe the components of a

router? (Choose two.)
ROM contains diagnostics executed on hardware modules.
Flash memory does not lose its contents during a reboot.

The network administrator needs to connect two routers directly

via their FastEthernet ports. What cable should the network
administrator use?
cross-over
What are the layers of the 3-tier campus hierarchical network
model?
Access - connects end devices to network
Distribution - filtering & apply network policies
Core - backbone of the network

Describe the Access layer of the 3-tier campus network model:

* provides direct switch network connectivity to the user
* network edge where traffic enters/exits
* allows/controls which devices can communicate on the network

Describe the Distribution layer of the 3-tier campus network

model:
* provides redundancy
* controls the flow of network to the backbone
* adds routing functions between VLANs
* supports layer 2 broadcast domains & layer 3 routing boundaries
* provides intelligent switching and security

Describe the Core layer of the 3-tier campus network model:

* provides fault isolation & high-speed switch
* connectivity - usually fiber optic
* connects to the ISP
* contains major routers & switches with redundancy

What are the characteristics of a borderless switched network?

* hierarchical - every device on every tier has a specific role and
reduces fault domains
* modular - allows network expansion & provides on-demand
services
* resilient - network is always accessible
* flexible - all available network resources share data traffic load

What are the characteristics of a modular configuration switch?

scalable
expensive
provides for future expansion
fault tolerant
* different #s of modular line cards containing
ports can be installed

Define port ingress:

where a frame enters the device

Define port egress:

frames leaving the device from a particular port - a message with a
given destination address always exits the same egress port

How is a switch intelligent?

its ability to use its table to forward traffic based on the ingress port
and the destination address of a message

How do Cisco LAN switches forward Ethernet frames?

based on the destination MAC address of the frame

How does a switch build its MAC table?

by recording the MAC address of every device connected to each
of its ports

What happens when a switch receives an incoming frame with a

destination MAC address that is not found in the MAC address
table?
it forwards the frame out of all ports (flooding) except for ingress
port of the frame - when the destination device responds, the switch
adds the source frame MAC address & the port where the frame
was received to the table

What is a store-and-forward switching method?

* receives entire frame on ingress port
* conserves bandwidth, slower

* does not forward invalid frames

* computes CRC to compare with CRC value in the last (FCS) field
of the datagram - if CRC is valid the switch looks up the destination
address - the frame is then forwarded out the correct port - invalid
frames are dropped
* the ingress port buffering process supports any mix of Ethernet
speeds
** Cisco's primary LAN switching method

What is a cut-through switching method?

* Forwards the frame before it is entirely received - must read the
MAC destination address of frame 1st - known as Rapid Frame
Forwarding - at 1st 14 bytes
* no FCS error check is performed, so it might forward invalid
frames
* destination NIC discards any incomplete frames
* faster, more errors, consumes more bandwidth

Describe a fragment free modified cut-through method:

switch waits for collision window (64 bytes) to pass before
forwarding frame - ensures no fragmentation has occurred - better
error checking with almost no increase in latency

What are the characteristics of a stackable configuration switch?

* Interconnected- special cable stacks up to 9 switches with
StackWise technology in a daisy chain
* fault tolerant - high bandwidth
* acts a single large switch - if a single switch fails - recovers quick

What do you use at the TCP/IP model network access layer to

divide a network into segments and reduce the # of devices that
compete for bandwidth?
switches & routers

What is a collision domain?

network segments that share the same bandwidth between devices
- when the devices try to communicate at the same time collisions
may occur

What is used to segment both collision & broadcast domains?

routers can divide a layer 2 broadcast domain

What is a layer 2 broadcast domain known as?

a MAC broadcast domain

What happens to the broadcast domain when 2 switches are

connected together?
the broadcast domain is increased

How can LAN switches alleviate network congestion?

they can segment the LAN into separate collision domains - each
switch port represents a separate collision domain & provides full
bandwidth to devices connected to that port

Characteristics of layer 2 switches:

have multiple collision domains
high-port densities
large frame buffers
send traffic based on destination MAC address
a mixture of port speeds

What stops a broadcast?

a router
Which type of cable does a network administrator need to
connect a PC to a switch to recover it after the Cisco IOS
software fails to load?
a console cable

Which two basic functions are performed by network security

tools?
~revealing the type of information an attacker is able to gather from
monitoring network traffic
~simulating attacks against the production network to determine
any existing vulnerabilities

While troubleshooting a connectivity problem, a network

administrator notices that a switch port status LED is alternating
between green and amber. What could this LED indicate?
the port is experiencing errors

Refer to the exhibit. The network administrator wants to configure

Switch1 to allow SSH connections and prohibit Telnet
connections. How should the network administrator change the
displayed configuration to satisfy the requirement?
Modify the transport input command

Open the PT Activity. Perform the tasks in the activity instructions

and then answer the question.
Fill in the blank.
Do not use abbreviations. What is the missing command on S1?

ip address 192.168.99.2 255.255.255.0

Which three statements are true about using full-duplex Fast

Ethernet?
~Performance is improved with bidirectional data flow
~Full-duplex Fast Ethernet offers 100 percent efficiency in both
directions
~Performance is improved because the collision detect function is
disabled on the service

In which type of attack does a malicious node request all

available IP addresses in the address pool of a DHCP server in
order to prevent legitimate hosts from obtaining network access?
DHCP starvation

Which protocol or service sends broadcasts containing the Cisco

IOS software version of the sending device, and the packets of
which can be captured by malicious hosts on the network?
CDP

Which two statements are true regarding switch port security?

~Dynamically learned secure MAC addresses are lost when the
switch reboots
~If fewer than the maximum number of MAC addresses for a port
are configure statically, dynamically learned addresses are added to
CAM until the maximum number is reached

The network administrator enter the following commands on a

Cisco switch:
Switch(config)# interface vlan1
Switch(config-if)# ip address 192.168.1.2 255.255.255.0
Switch(config-if)# no shutdown
What is the effect of entering these commands?
Users on the 192.168.1.0/24 subnet are able to ping the switch at
IP address 192.168.1.2

Refer to the exhibit. Port Fa0/2 has already been configured

appropriately. The IP phone and PC work properly. Which switch
configuration would be most appropriate for port Fa0/2 if the
network administrator has the following goals?
No one is allowed to disconnect the IP phone or the PC and
connect some other wired device.
If a different device is connected, port Fa0/2 is shut down. The
switch should automatically detect the MAC address of the IP

phone and the PC and add those addresses to the running

configuration.
SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky

Refer to the exhibit. Which even will take place if there is a port
security violation on switch S1 interface Fa0/1
Packets with unknown source addresses will be dropped

Which method would mitigate a MAC address flooding attack?

configuring port security

Refer to the exhibit. What media issue might exist on the kink
connected to Fa0/1 based on the show interface command?
There could be too much electrical interference and noise on the
link.

Fill in the blank.

____________ communication allows both ends of a connection
to transmit and receive data simultaneously.
Full-duplex

Which interface is the default location that would contain the IP

address used to manage a 24-port Ethernet switch?
VLAN 1

Which action will bring an error-disabled switch port back to an

operational state?
Issue the shutdown and then no shutdown interface commands

Refer to the exhibit. What can be determined about port security

from the information that is shown?
The port violation mode is the default for any port that has port
security enabled.

First switch boot sequence?

execute POST

Second switch boot sequence?

load the boot loader from ROM

Third switch boot sequence?

CPU register initializations

Fourth switch boot sequence?

flash file system initialization

Fifth switch boot sequence?

load the IOS

Sixth switch boot sequence?

transfer switch control to the IOS

Fill in the blank.

When port security is enabled, a switch port uses the default
violation mode of _________ until specifically configured to use a
different violation mode.
shutdown

Refer to the exhibit. Which S1 switch port interface or interfaces

should be configured with the ip dhcp snooping trust command if
best practices are implemented?
only the G0/1 and G0/24 ports

What impact does the use of the mdix auto configuration

command have on a n Ethernet interface on a switch?
automatically detects copper cable type

Which command displays information about the auto-MDIX

setting for a specific interface?
show controllers

A production switch is reloaded and finished with a Switch>

prompt. What two facts can be determined?
~A full version of the Cisco IOS was located and loaded
~POST occurred normally

Which two statements are true about using full-duplex Fast

Ethernet?
~Performance is improved with bidirectional data flow.
~Full-duplex Fast Ethernet offers 100 percent efficiency in both
directions.
Describe the boot sequence for a Cisco switch:
1st - loads POST program stored in ROM
2nd - loads boot loader software stored in ROM
3rd - boot loader performs low-level CPU initialization & initializes
the CPU registers

4th - boot loader initializes flash file system on the system board
5th - boot loader locates & loads a default IOS operating system
software image into memory and transfers control of the switch over
to IOS

Where is the startup configuration stored?

NVRAM

Where is the running configuration stored?

RAM

How can you access the switch OS if there are missing or

damaged filed systems?
use the boot loader - connect via a console cable to a PC and use
terminal emulation software

What do you need to do for remote switch management?

configure the switch with an IP address and subnet mask - if
managing the switch from a remote network - also configure the
switch with the default gateway

For security purposes, should you use VLAN 1 for the

management VLAN?
NO

Which ports are assigned to VLAN 1 by default?

ALL of them

What 6 steps are needed to configure basic switch settings?

1 - erase and reload the switch
2 - assign hostname
3 - configure password encryption
4 - assign secret password
5 - prevent DNS lookups
6 - create MOTD

What steps are needed to create a new VLAN on a switch to be

managed remotely?
S1(config)# vlan 99
S1(config-vlan)# name Management
S1(config-vlan)# exit
S1(config)# interface vlan 99
S1(config-if)# ip address 172.16.1.15 255.255.0.0
S1(config-if)# no shutdown
S1(config-if)# switchport access vlan 99

S1(config-if)# exit
S1(config)# ip default-gateway 172.16.1.1
S1(config)# end
S1#copy running-config startup-config

What should be looked at when troubleshooting switch port

issues?
duplex and speed settings

In full-duplex mode, what should be disabled?

the NIC collision detection circuit

To use auto-MDIX on an interface, what must the interface speed

and duplex be set to so auto-MDIX operates correctly?
auto detect

Define input errors:

the sum of all errors in datagrams received on the interface

Define runts (input error):

less than 64-byte minimum allowed length - usually caused by
malfunctioning NICs

Define giants (input error):

longer than the maximum allowed length

Define output errors:

the sum of all errors that prevented the final transmission of
datagrams out of the interface

Define late collisions (output error):

after 512 bits of the frame - the preamble - have been transmitted usually caused by excessive cable lengths or duplex
misconfiguration

What 4 things should you look for if an interface is down?

* check for proper or damaged cables/connectors
* a mismatch in speed setting
* excessive noise
* late colissions

What causes a CRC input error?

usually a media or cable error

What is a MAC address table overflow attack?

flooding attacks make use of limited size in a MAC address table to
overwhelm the switch with fake source MAC addresses until the
switch MAC address table is full

What is a DHCP starvation attack?

attacker floods the DHCP server with requests to use up all
available IP addresses the DHCP server can issue - leads to DoS

What is DHCP spoofing?

attacker configures a fake DHCP server to issue DHCP address to
clients - forces clients to use false DNS servers - makes clients use
the attacker as their default gateway - caused DHCP address pool
to become depleted

What is included in CDP information?

IP address, software version, and the native VLAN - which
attackers can use - DoS

Define a brute force attack:

attacker uses a dictionary to find common passwords to initiate a
Telnet session

How do you secure a network?

use a written security policy, shut down unused services & ports,
use strong passwords & change them often, control physical
access to devices, use HTTPS, perform backups, develop policies
to validate identities (over the phone, via email, and in person),
encrypt & password-protect sensitive data, implement security
hardware & software (firewalls), install security patches often, and
use network security auditing tools.

Describe penetration testing:

a simulated attack against the network to determine how vulnerable
it would be in a real attack - admin can identify weaknesses

What is DCHP snooping?

a Cisco Catalyst feature that determines which switch ports can
respond to DHCP requests - ports are identified as trusted &
untrusted

Which ports can source all DHCP messages?

trusted

Which ports can source DHCP source requests only?

untrusted

What happens if a rouge device on an untrusted port tries to send

a DHCP response packet into the network?
the port is shut down

If you disable sticky learning, what happens to sticky secure MAC

addresses?
they remain part of the MAC address table, but are removed from
the running configuration

What is the factory default interface violation mode?

shutdown - interface becomes error disabled

What is Network Time Protocol (NTP)?

synchronizes the clocks of computer systems over packet-switched,
variable-latency data networks

Which command configures basic port security?

S1(config-if)# switchport mode access
S1(config-if)# switchport port-security

Which command verifies which switch ports are up?

S1# show ip interface brief

Which command disables a range of switch ports?

S1(config-if-range)# shutdown
S1(config-if-range)# int range f0/4 - 24

Which 3 commands enable DHCP Snooping?

S1(config)# ip dhcp snooping
S1(config)# ip dhcp snooping vlan ?
S1(config)# ip dhcp snooping trust

Which command configures the violation mode on a switch port?

S1(config-if)# switchport port-security violation
* after violation type protect, restrict, or shutdown

Which command enables sticky learning for a switch port?

S1(config-if)# switchport port-security mac-address sticky

Which command sets the maximum # of secure MAC addresses

allowed on a switch port?
S1(config-if)# switchport port-security maximum 50

Which command verifies port security settings?

S1# show port-security int f0/1

Which command displays all secure MAC addresses configured

on all switch interfaces?
S1# show port-security address

If a network admin enters these commands on a switch, what will

be the result?
Switch1(config-line)# line console 0
Switch1(config-line)# password cisco
Switch1(config-line)# login
to secure console port access with password cisco

Which command line interface (CLI) mode allows users to

configure switch parameters, such as the hostname and
password?
global configuration mode

What happens when the transport input ssh command is entered

on the switch vty lines?
Communication between the switch and remote users is encrypted.

A network administrator uses the CLI to enter a command that

requires several parameters. The switch responds with "%
Incomplete command". The administrator cannot remember the
missing parameters. What can the administrator do to get the
parameter information?
append a space and then ? to the last parameter

When a switch receives a frame and the source MAC address is

not found in the switching table, what action will be taken by the
switch to process the incoming frame?
The switch will map the source MAC address to the port on which it
was received.

The switch and workstation are administratively configured for

full-duplex operation. What will or won't happen on this link?
No collisions will occur on this link.

The partial output of the show running-config command. The

enable password on this switch is "cisco." What can be
determined from the output shown?

Any configured line mode passwords will be encrypted in this

configuration.

What 2 important characteristics about Layer 2 Ethernet switches

are true?
* Layer 2 switches have multiple collision domains
* Layer 2 switches can send traffic based on the destination MAC
address

What happens whent the command banner login "Authorized

personnel Only" is issued on a switch?
The command will cause the message Authorized personnel Only
to display before a user logs in.

When a collision occurs in a network using CSMA/CD, how do

hosts with data to transmit respond after the backoff period has
expired?
The hosts return to a listen-before-transmit mode.

Compare EXEC mode commands enable password and enable

secret password.
*The enable secret password command provides better security
than the enable password.
* The enable password and enable secret password protect access
to privileged EXEC mode.

If a switch has 2 ports, how many collision domains can it have?

2

Which 2 statements are true regarding switch port security?

* Dynamically learned secure MAC addresses are lost when the
switch reboots
* If fewer than the maximum number of MAC addresses for a port
are configured statically, dynamically learned addresses are added
to CAM until the maximum number is reached.

What are 2 ways to make a switch less vulnerable to attacks like

MAC address flooding, CDP attacks, and Telnet attacks?.
Change passwords regularly.
Turn off unnecessary services.

What action does SW1 take on a frame sent from PCA to PCC if
the MAC address table of SW1 is empty?
SW1 floods the frame on all ports on SW1, except for the port that
received the frame.

The network admin has decided to allow only SSH connections to

Switch1. After the commands are applied, the admin is able to
connect to Switch1 using both SSH and Telnet. What is most
likely the problem?
missing transport input ssh command

Where is the startup configuration stored?

NVRAM

The switch and the hub have default configurations, and the
switch has built its CAM table. Which of the hosts will capture a
copy of the frame when workstation A sends a unicast packet to
workstation C?
workstation C

What happens when Host 1 attempts to send data?

Frames from Host 1 cause the interface to shut down.

Which hosts will receive a broadcast frame sent from Host A?

hosts B, C, D, and E

What is SVI (switched virtual interface)?

a special IP address Cisco switches can be configured with - used
for remote access to the switch

Using the command switchport port-security - sets the maximum

MAC addresses to what? And, the violation action to what?
Maximum 1 MAC address
Violation action to shutdown

VLAN 99 has been configured as the management VLAN with an

IP address and subnet mask. Show interface VLAN99 output
display shows the line protocol is down? Which action can
change the state of the line?
Connect a host to an interface associated with VLAN 99

What would be an ideal environment to carry out penetration

tests?
an off-line test bed network that mimics the actual production
network

A network technician wants to implement SSH as the means by

which a router may be managed remotely. What are 2 procedures
that the technician should use to use SSH?
configure authentication
define the asymmetrical keys

What refers to a protocol that provides an encrypted connection?

The protocol replaces the clear text Telnet protocol for Cisco
device management.
SSH
Vlan Benefits: Security
Groups with sensitive information are separate from the rest of the
network

Vlan Benefits: Cost Reduction

Reduces need for expensive network upgrades

Vlan Benefits: Better Performance

Reduce unnecessary traffic by dividing network into logical
workgroups

Vlan Benefits: Shrink Broadcast Domains

Vlans create new broadcast domains only allowing broadcast traffic
from the same Vlans

Vlan Benefits: Improved IT Staff Efficiency

Easier for IT Staff to manage the network because of logical
addressing and design

Vlan Types: Data Vlan

Carries user-generated data traffic

Vlan Types: Default Vlan

All switchports are part of the default Vlan in default switch
configuration

Vlan Types: Native Vlan

Assigned to an IEEE 802.1Q trunk port, any untagged traffic is
placed on the native Vlan

Vlan Types: Management Vlan

Any Vlan configured to access the management capabilities of a
switch

Vlan Types: Voice Vlan

A separate Vlan configured to support VoIP traffic, ensures
appropriate QoS for phone calls, receives transmission priority over
other types of network traffic, can be routed around congested
areas on the network, has a delay of less than 150ms

What is a Vlan trunk and what does it do?

A point-to-point link between two network devices. Allows Vlan
traffic to be propagated between two switches.

How are Broadcast Domains controlled using Vlans?

When a Vlan is configured, a switch will only send broadcast
frames from one host to other hosts in the same Vlan.

How is the standard Ethernet header altered when traffic is

moving between Vlans?
A separate 32 bit Vlan tag with four unique fields is added to the
Ethernet frame header to identify what Vlan the traffic is destined
for. In order the fields are: Type, User Priority, Canonical Format
Identifier, Vlan ID.

Ethernet Vlan Tag: Type field

2 bytes, tag protocol ID value, set to 0x8100 for Ethernet

Ethernet Vlan Tag: User Priority

3 bits, supports level or service implementation

Ethernet Vlan Tag: Canonical Format Identifier

1 bit, enables token ring frames to be carried across Ethernet links

Ethernet Vlan Tag: Vlan ID

12 bits, Identifies which Vlan the frame belongs to, supports up to
4096 Vlan ID's

Is Control traffic on a Native Vlan tagged or untagged?

Any Control traffic on a Native Vlan should be untagged.

What will an 802.1Q Trunk port do with traffic tagged for the
Native Vlan?
Any traffic received by the Trunk port that is tagged for the Native
Vlan will be dropped.

Where is all untagged traffic on an 802.1Q Trunk port sent?

Any untagged traffic on the Trunk port is sent to the Native Vlan. If
no devices are associated with the Native Vlan, the untagged traffic
will be dropped.

True/False: Access ports for Voice Vlans can be configured for a

Data traffic Vlan at the same time
True

The normal Vlan Ranges are:

1-1005

The reserved Vlans are:

1, 1002-1005. These Vlans cannot be deleted.

Which range of Vlans does the Dynamic Trunking Protocol use?

The normal range are the only Vlan Id's used by the Dynamic
trunking Protocol.

The extended Vlan Ranges are:

1006-4094

What is the purpose of a Vlan Hopping attack?

Vlan Hopping allows traffic from one Vlan to be seen by an
unauthorized Vlan.

How does Switch Spoofing facilitate Vlan Hopping?

Switch Spoofing takes advantage of the default switchport
configuration of dynamic-auto to create an unauthorized trunk port
which accepts all Vlan traffic, allowing it to view any frames sent by
the switch.

What is a Double-Tagging attack and how does it work?

Double-Tagging allows a frame to be forwarded to an unauthorized
Vlan by evading Trunk port security. The three steps are:
1. An attacker on a Vlan sends a frame tagged for the Native Vlan
and includes a secondary tag with the Vlan ID of the intended victim
2. The first switch on the trunk strips off the initial Vlan tag and
sends the frame across the trunk port
3. The 2nd switch sees the secondary tag and forwards the frame
to the corresponding Vlan

What is the Private Vlan Edge protocol?

Ensures that there is no exchange of unicast, broadcast, or
multicast traffic between switchports with the protocol enabled.

What is a "black hole Vlan"?

A "black hole" Vlan is a Vlan that any unused switchport is assigned
to and is not used for any other purpose.
C
What type of IPv6 address is required as a minimum on IPv6
enabled interfaces?
A. static
B. global unicast
C. link-local
D. loopback
E. unique local

A, E, F
In order for packets to be sent to a remote destination, what three
pieces of information must be configured on a host? (Choose
three.)
A. default gateway
B. hostname
C. DNS server address
D. DHCP server address
E. IP address
F. subnet mask

B, C
What two pieces of information are displayed in the output of the
show ip interface brief command? (Choose two.)
A. MAC addresses
B. Layer 1 statuses
C. IP addresses
D. next-hop addresses
E. interface descriptions
F speed and duplex settings

C, E
Which two items are used by a host device when performing an
ANDing operation to determine if a destination address is on the
same local network? (Choose two.)
A. destination MAC address
B. network number
C. destination IP address

D. source MAC address

E. subnet mask

D, E
Which two statements correctly describe the concepts of
administrative distance and metric? (Choose two.)
A. The metric varies depending which Layer 3 protocol is being
routed, such as IP.
B. A router first installs routes with higher administrative distances.
C. The value of the administrative distance can not be altered by
the network administrator.
D. Routes with the smallest metric to a destination indicate the best
path.
E. Administrative distance refers to the trustworthiness of a
particular route.
F. The metric is always determined based on hop count.

D, E
What are two functions of a router? (Choose two.)
A. It manages the VLAN database.
B. It increases the size of the broadcast domain.
C. It controls the flow of data via the use of Layer 2 addresses.
D. It determines the best path to send packets.
E. It connects multiple IP networks.

C, D
A packet moves from a host on one network to a device on a
remote network within the same company. If NAT is not performed
on the packet, which two items remain unchanged during the
transfer of the packet from source to destination? (Choose two.)
A. destination MAC address
B. source ARP table
C. source IP address
D. destination IP address
E. source MAC address
F. Layer 2 header

A
A network administrator configures the interface fa0/0 on the router
R1 with the command ip address 172.16.1.254 255.255.255.0.
However, when the administrator issues the command show ip
route, the routing table does not show the directly connected
network. What is the possible cause of the problem?

A. The interface fa0/0 has not been activated.

B. No packets with a destination network of 172.16.1.0 have been
sent to R1.
C. The subnet mask is incorrect for the IPv4 address.
D. The configuration needs to be saved first.

A
A network administrator configures a router by the command ip
route 0.0.0.0 0.0.0.0 209.165.200.226. What is the purpose of this
command?
A. to provide a route to forward packets for which there is no route
in the routing table
B. to forward packets destined for the network 0.0.0.0 C. to the
device with IP address 209.165.200.226
D. to add a dynamic route for the destination network 0.0.0.0 to the
routing table
E. to forward all packets to the device with IP address
209.165.200.226

A
What address changes as a packet travels across multiple Layer 3
Ethernet hops to its final destination?
A. source Layer 2 address
B. source IP
C. destination port
D. destination IP

A
A network administrator is implementing dynamic routing protocols
for a company. Which command can the administrator issue on a
router to display the supported routing protocols?
A. Router(config)# router ?
B. Router(config)# ip forward-protocol ?
C. Router(config)# service ?
D. Router(config)# ip route ?

C
What is one feature that distinguishes routers from Layer 2
switches?
A. Switches use tables of information to determine how to process
data traffic. Routers do not.
B. Switches move packets from one physical interface to another.
Routers do not.

C. Routers support a variety of interface types. Switches typically

support Ethernet interfaces.
D. Routers can be configured with IP addresses. Switches cannot.

B
Which statement describes a route that has been learned
dynamically?
A. It is identified by the prefix C in the routing table.
B. It is automatically updated and maintained by routing protocols.
C. It is unaffected by changes in the topology of the network.
D. It has an administrative distance of 1.

B
When a computer is pinging another computer for the first time,
what type of message does it place on the network to determine the
MAC address of the other device?
A. an RFI (Request for Information) message
B. an ARP request
C. an ICMP ping
D. a multicast to any Layer 3 devices that are connected to the local
network

B, E
Which two network parameters are used by EIGRP as metrics to
select the best path to reach a network? (Choose Two.)
A. jitter
B. bandwidth
C. resiliency
D. hop count
E. delay
F. confidentiality

B
What route would have the lowest administrative distance?
A. a route received through the EIGRP routing protocol
B. a directly connected network
C. a route received through the OSPF routing protocol
D. a static route

bandwidth, delay
Which two parameters are used by EIGRP as metrics to select the
best path to reach a network?

A,C
What are two common types of static routes in routing tables?
(Choose two)
A. a default static route
B. a static route shared between two neighboring routers
C. a static route to a specific network
D. a built-in static route by IOS
E. a static route converted from a route that is learned through a
dynamic routing protocol

A
Which software is used for a network administrator to make the
initial router configuration securely?
A. terminal emulation client software
B. HTTPS client software
C. SSH client software
D. Telnet client software

B
Consider the following routing table entry for R1:
D 10.1.1.0/24 [90/2170112] via 209.165.200.226, 00:00:05,
Serial0/0/0
What is the significance of the Serial0/0/0?
A. It is the R1 interface through which the EIGRP update was
learned.
B. It is the interface on R1 used to send data that is destined for
10.1.1.0/24.
C. It is the interface on the next-hop router when the destination IP
address is on the 10.1.1.0/24 network.
D. It is the interface on the final destination router that is directly
connected to the 10.1.1.0/24 network.

C
Refer to the exhibit. PC A sends a request to Server B. What IPv4
address is used in the destination field in the packet as the packet
leaves PC A?
A. 192.168.10.1
B. 192.168.11.1
C. 192.168.12.16
D. 192.168.10.10

D
What command will enable a router to begin sending messages
that allow it to configure a link-local address without using an IPv6
DHCP server?
A. the ipv6 route ::/0 command
B. a static route
C. the ip routing command
D. the ipv6 unicast-routing command

A, C
What are two types of static routes in routing tables? (choose two)
A. default static route
B. built in static route by IOS
C. static route to specific network
D. static route converted from a route that is learned through a
dynamic routing protocol.
E. static route shared btween two neighboring routers.

C
what is a characteristic of an IPv4 interface on a Cisco IOS router?
A. it is assigned to a physical port and can be connected to other
devices.
B. only one loopback int can be enable on a router
C. it is a logical int internal to the router
D. the no shut command is required to place this in UP

C
What is a characteristic of an IPv4 loopback interface on a Cisco
IOS router?
A. The no shutdown command is required to place this interface in
an UP state.
B. Only one loopback interface can be enabled on a router.
C. It is a logical interface internal to the router.
D. It is assigned to a physical port and can be connected to other
devices.

D
What is one feature that distinguishes routers from Layer 2
switches?
A. Switches use tables of information to determine how to process
data traffic. Routers do not.

B. Switches move packets from one physical interface to another.

Routers do not.
C. Routers support a variety of interface types.
D. Switches typically support Ethernet interfaces.
E. Routers can be configured with IP addresses. Switches cannot.

B
Which command is used to configure an IPv6 address on a router
interface so that the router will combine a manually specified
network prefix with an automatically generated interface identifier?
A. ipv6 enable
B. ipv6 address ipv6-address/prefix-length eui-64
C. ipv6 address ipv6-address/prefix-length link-local
D. ipv6 address ipv6-address/prefix-length

routing table
Fill in the blank.
When a router receives a packet, it examines the destination
address of the packet and looks in the _________ table to
determine the best path to use to forward the packet.