ccnp switching questions and answers

CHAPTER 2

1. Which of the following devices performs transparent bridging?

a. Ethernet hub

b. Layer 2 switch

c. Layer 3 switch

d. Router

2. When a PC is connected to a Layer 2 switch port, how far does the collision domain

spread?

a. No collision domain exists.

b. One switch port.

c. One VLAN.

d. All ports on the switch.

3. What information is used to forward frames in a Layer 2 switch?

a. Source MAC address

b. Destination MAC address

c. Source switch port

d. IP addresses

4. What does a switch do if a MAC address cannot be found in the CAM table?

a. The frame is forwarded to the default port.

b. The switch generates an ARP request for the address.

c. The switch floods the frame out all ports (except the receiving port).

d. The switch drops the frame.

5. In the Catalyst 6500, frames can be filtered with access lists for security and QoS

purposes. This filtering occurs according to which of the following?

a. Before a CAM table lookup

b. After a CAM table lookup

c. Simultaneously with a CAM table lookup

d. According to how the access lists are configured

6. Access list contents can be merged into which of the following?

a. CAM table

b. TCAM table

c. FIB table

d. ARP table

7. Multilayer switches using CEF are based on which of these techniques?

a. Route caching

b. Netflow switching

c. Topology-based switching

d. Demand-based switching

8. Which answer describes multilayer switching with CEF?

a. The first packet is routed and then the flow is cached.

b. The switch supervisor CPU forwards each packet.

c. The switching hardware learns station addresses and builds a routing database.

d. A single database of routing information is built for the switching hardware.

9. In a switch, frames are placed in which buffer after forwarding decisions are made?

a. Ingress queues

b. Egress queues

c. CAM table

d. TCAM

10. What size are the mask and pattern fields in a TCAM entry?

a. 64 bits

b. 128 bits

c. 134 bits

d. 168 bits

11. Access list rules are compiled as TCAM entries. When a packet is matched against an

access list, in what order are the TCAM entries evaluated?

a. Sequentially in the order of the original access list.

b. Numerically by the access list number.

c. Alphabetically by the access list name.

d. All entries are evaluated in parallel.

12. Which Catalyst IOS command can you use to display the addresses in the CAM table?

a. show cam

b. show mac address-table

c. show mac

d. show cam address-table

CHAPTER 3

1. What does the IEEE 802.3 standard define?

a. Spanning Tree Protocol

b. Token Ring

c. Ethernet

d. Switched Ethernet

2. At what layer are traditional 10-Mbps Ethernet, Fast Ethernet, and Gigabit Ethernet

the same?

a. Layer 1

b. Layer 2

c. Layer 3

d. Layer 4

3. At what layer are traditional 10-Mbps Ethernet, Fast Ethernet, and Gigabit Ethernet

different?

a. Layer 1

b. Layer 2

c. Layer 3

d. Layer 4

4. What is the maximum cable distance for a Category 5 100BASE-TX connection?

a. 100 feet

b. 100 m

c. 328 m

d. 500 m

5. Ethernet autonegotiation determines which of the following?

a. Spanning-tree mode

b. Duplex mode

c. Quality of service mode

d. Error threshold

6. Which of the following cannot be automatically determined and set if the far end of

a connection doesn’t support autonegotiation?

a. Link speed

b. Link duplex mode

c. Link media type

d. MAC address

7. Which of these is not a standard type of gigabit interface converter (GBIC) or small

form factor pluggable (SFP) module?

a. 1000BASE-LX/LH

b. 1000BASE-T

c. 1000BASE-FX

d. 1000BASE-ZX

8. What type of cable should you use to connect two switches back to back using their

Fast Ethernet 10/100 ports?

a. Rollover cable

b. Transfer cable

c. Crossover cable

d. Straight-through cable

9. Assume that you have just entered the configure terminal command. To configure

the speed of the first Fast Ethernet interface on Cisco Catalyst switch module number

one to 100 Mbps, which one of these commands should you enter first?

a. speed 100 mbps

b. speed 100

c. interface fastethernet 1/0/1

d. interface fast ethernet 1/0/1

10. If a switch port is in the errdisable state, what is the first thing you should do?

a. Reload the switch.

b. Use the clear errdisable port command.

c. Use the shut and no shut interface-configuration commands.

d. Determine the cause of the problem.

11. Which of the following show interface output information can you use to diagnose a

switch port problem?

a. Port state.

b. Port speed.

c. Input errors.

d. Collisions.

e. All these answers are correct.

Chapter 4

1. A VLAN is which of the following?

a. Collision domain

b. Spanning-tree domain

c. Broadcast domain

d. VTP domain

2. Switches provide VLAN connectivity at which layer of the OSI model?

a. Layer 1

b. Layer 2

c. Layer 3

d. Layer 4

3. Which one of the following is needed to pass data between two PCs, each connected

to a different VLAN?

a. Layer 2 switch

b. Layer 3 switch

c. Trunk

d. Tunnel

4. Which Catalyst IOS switch command is used to assign a port to a VLAN?

a. access vlan vlan-id

b. switchport access vlan vlan-id

c. vlan vlan-id

d. set port vlan vlan-id

5. Which of the following is a standardized method of trunk encapsulation?

a. 802.1d

b. 802.1Q

c. 802.3z

d. 802.1a

6. What is the Cisco proprietary method for trunk encapsulation?

a. CDP

b. EIGRP

c. ISL

d. DSL

7. Which of these protocols dynamically negotiates trunking parameters?

a. PAgP

b. STP

c. CDP

d. DTP

8. How many different VLANs can an 802.1Q trunk support?

a. 256

b. 1024

c. 4096

d. 32,768

e. 65,536

9. Which of the following incorrectly describes a native VLAN?

a. Frames are untagged on an 802.1Q trunk.

b. Frames are untagged on an ISL trunk.

c. Frames can be interpreted by a nontrunking host.

d. The native VLAN can be configured for each trunking port.

10. If two switches each support all types of trunk encapsulation on a link between

them, which one will be negotiated?

a. ISL

b. 802.1Q

c. DTP

d. VTP

11. Which VLANs are allowed on a trunk link by default?

a. None

b. Only the native VLAN

c. All active VLANs

d. Only negotiated VLANs

12. Which command configures a switch port to form a trunk without using negotiation?

a. switchport mode trunk

b. switchport mode trunk nonegotiate

c. switchport mode dynamic auto

d. switchport mode dynamic desirable

13. Two hosts are connected to switch interfaces Fast Ethernet 0/1 and 0/33, but they

cannot communicate with each other. Their IP addresses are in the 192.168.10.0/24

subnet, which is carried over VLAN 10. The show vlan id 10 command generates the

following output:

Switch# show vlan id 10

VLAN Name Status Ports

—— ———————————————— ————- ———————————————

-

Users active Fa0/1, Fa0/2, Fa0/3, Fa0/4,

Fa0/5, Fa0/6, Fa0/7, Fa0/8,

Fa0/9, Fa0/10, Fa0/11,FA0/12,Fa0/13, Fa0/14, Fa0/15, Fa0/16,

Fa0/17, Fa0/18, Fa0/19, Fa0/20,

Fa0/21, Fa0/22, Fa0/23, Fa0/25,

Fa0/26, Fa0/27, Fa0/28, Fa0/31,

Fa0/32, Fa0/34, Fa0/35, Fa0/36,

Fa0/37, Fa0/39, Fa0/40, Fa0/41,

Fa0/42, Fa0/43, Fa0/46

The hosts are known to be up and connected. Which of the following reasons might

be causing the problem?

a. The two hosts are assigned to VLAN 1.

b. The two hosts are assigned to different VLANs.

c. Interface FastEthernet0/33 is a VLAN trunk.

d. The two hosts are using unregistered MAC addresses.

14. A trunk link between two switches did not come up as expected. The configuration

on Switch A is as follows:

Switch A# show running-config interface gigabitethernet0/1

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-10

switchport mode dynamic auto

no shutdown

The interface configuration on Switch B is as follows:

Switch B# show running-config interface gigabitethernet0/1

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode dynamic auto

switchport access vlan 5

no shutdown

Which one of the following reasons is probably causing the problem?

a. The two switches don’t have matching switchport trunk allowed vlan

commands.

b. Neither switch has a native VLAN configured.

c. Both switches are configured in the dynamic auto mode.

d. Switch B is configured to use access VLAN 5.

Chapter 5

1. Which of the following is not a Catalyst switch VTP mode?

a. Server

b. Client

c. Designated

d. Transparent

2. A switch in VTP transparent mode can do which one of the following?

a. Create a new VLAN

b. Only listen to VTP advertisements

c. Send its own VTP advertisements

d. Cannot make VLAN configuration changes

3. Which one of the following is a valid VTP advertisement?

a. Triggered update

b. VLAN database

c. Subset

d. Domain

4. Which one of the following is needed for VTP communication?

a. A Management VLAN

b. A Trunk link

c. An Access VLAN

d. An IP address

5. Which one of the following VTP modes does not allow any manual VLAN configuration

changes?

a. Server

b. Client

c. Designated

d. Transparent

6. Select all the parameters that decide whether to accept new VTP information:

a. VTP priority

b. VTP domain name

c. Configuration revision number

d. VTP server name

7. How many VTP management domains can a Catalyst switch participate in?

a. 1

b. 2

c. Unlimited

d. 4096

8. Which IOS command configures a Catalyst switch for VTP client mode?

a. set vtp mode client

b. vtp client

c. vtp mode client

d. vtp client mode

9. What is the purpose of VTP pruning?

a. Limit the number of VLANs in a domain

b. Stop unnecessary VTP advertisements

c. Limit the extent of broadcast traffic

d. Limit the size of the virtual tree

10. Which VLAN number is never eligible for VTP pruning?

a. 0

b. 1

c. 1000

d. 1001

11. Which of the following might present a VTP problem?

a. Two or more VTP servers in a domain

b. Two servers with the same configuration revision number

c. A server in two domains

d. A new server with a higher configuration revision number

12. If a VTP server is configured for VTP version 2, what else must happen for successful

VTP communication in a domain?

a. A VTP version 2 password must be set.

b. All other switches in the domain must be version 2 capable.

c. All other switches must be configured for VTP version 2.

d. The VTP configuration revision number must be reset.

Chapter 6

1. If Fast Ethernet ports are bundled into an EtherChannel, what is the maximum

throughput supported on a Catalyst switch?

a. 100 Mbps

b. 200 Mbps

c. 400 Mbps

d. 800 Mbps

e. 1600 Mbps

2. Which of these methods distributes traffic over an EtherChannel?

a. Round robin

b. Least-used link

c. A function of address

d. A function of packet size

3. What type of interface represents an EtherChannel as a whole?

a. Channel

b. Port

c. Port channel

d. Channel port

4. Which of the following is not a valid method for EtherChannel load balancing?

a. Source MAC address

b. Source and destination MAC addresses

c. Source IP address

d. IP precedence

e. UDP/TCP port

5. How can the EtherChannel load-balancing method be set?

a. Per switch port

b. Per EtherChannel

c. Globally per switch

d. Can’t be configured

6. What logical operation is performed to calculate EtherChannel load balancing as a

function of two addresses?

a. OR

b. AND

c. XOR

d. NOR

7. Which one of the following is a valid combination of ports for an EtherChannel?

a. Two access links (one VLAN 5, one VLAN 5)

b. Two access links (one VLAN 1, one VLAN 10)

c. Two trunk links (one VLANs 1 to 10, one VLANs 1, 11 to 20)

d. Two Fast Ethernet links (both full duplex, one 10 Mbps)

8. Which of these is a method for negotiating an EtherChannel?

a. PAP

b. CHAP

c. LAPD

d. LACP

9. Which of the following is a valid EtherChannel negotiation mode combination between

two switches?

a. PAgP auto, PAgP auto

b. PAgP auto, PAgP desirable

c. on, PAgP auto

d. LACP passive, LACP passive

10. When is PAgP’s “desirable silent” mode useful?

a. When the switch should not send PAgP frames

b. When the switch should not form an EtherChannel

c. When the switch should not expect to receive PAgP frames

d. When the switch is using LACP mode

11. Which of the following EtherChannel modes does not send or receive any negotiation

frames?

a. channel-group 1 mode passive

b. channel-group 1 mode active

c. channel-group 1 mode on

d. channel-group 1 mode desirable

e. channel-group 1 mode auto

12. Two computers are the only hosts sending IP data across an EtherChannel between

two switches. Several different applications are being used between them. Which of

these load-balancing methods would be more likely to use the most links in the

EtherChannel?

a. Source and destination MAC addresses.

b. Source and destination IP addresses.

c. Source and destination TCP/UDP ports.

d. None of the other answers is correct.

13. Which command can be used to see the status of an EtherChannel’s links?

a. show channel link

b. show etherchannel status

c. show etherchannel summary

d. show ether channel status

Chapter 7

1. How is a bridging loop best described?

a. A loop formed between switches for redundancy

b. A loop formed by the Spanning Tree Protocol

c. A loop formed between switches where frames circulate endlessly

d. The round-trip path a frame takes from source to destination

2. Which of these is one of the parameters used to elect a root bridge?

a. Root path cost

b. Path cost

c. Bridge priority

d. BPDU revision number

3. If all switches in a network are left at their default STP values, which one of the following

is not true?

a. The root bridge will be the switch with the lowest MAC address.

b. The root bridge will be the switch with the highest MAC address.

c. One or more switches will have a bridge priority of 32,768.

d. A secondary root bridge will be present on the network.

4. Configuration BPDUs are originated by which of the following?

a. All switches in the STP domain

b. Only the root bridge switch

c. Only the switch that detects a topology change

d. Only the secondary root bridge when it takes over

5. Which of these is the single most important design decision to be made in a network

running STP?

a. Removing any redundant links

b. Making sure all switches run the same version of IEEE 802.1D

c. Root bridge placement

d. Making sure all switches have redundant links

6. What happens to a port that is neither a root port nor a designated port?

a. It is available for normal use.

b. It can be used for load balancing.

c. It is put into the Blocking state.

d. It is disabled.

7. What is the maximum number of root ports that a Catalyst switch can have?

a. 1

b. 2

c. Unlimited

d. None

8. What mechanism is used to set STP timer values for all switches in a network?

a. Configuring the timers on every switch in the network.

b. Configuring the timers on the root bridge switch.

c. Configuring the timers on both primary and secondary root bridge

switches.

d. The timers can’t be adjusted.

9. MAC addresses can be placed into the CAM table, but no data can be sent or received

if a switch port is in which of the following STP states?

a. Blocking

b. Forwarding

c. Listening

d. Learning

10. What is the default “hello” time for IEEE 802.1D?

a. 1 second

b. 2 seconds

c. 30 seconds

d. 60 seconds

11. Which of the following is the Spanning Tree Protocol defined in the IEEE 802.1Q

standard?

a. PVST

b. CST

c. EST

d. MST

12. If a switch has 10 VLANs defined and active, how many instances of STP will run using

PVST+ versus CST?

a. 1 for PVST+, 1 for CST

b. 1 for PVST+, 10 for CST

c. 10 for PVST+, 1 for CST

d. 10 for PVST+, 10 for CST

Chapter 8

1. Where should the root bridge be placed on a network?

a. On the fastest switch

b. Closest to the most users

c. Closest to the center of the network

d. On the least-used switch

2. Which of the following is a result of a poorly placed root bridge in a network?

a. Bridging loops form.

b. STP topology can’t be resolved.

c. STP topology can take unexpected paths.

d. Root bridge election flapping occurs.

3. Which of these parameters should you change to make a switch become a root bridge?

a. Switch MAC address

b. Path cost

c. Port priority

d. Bridge priority

4. What is the default 802.1D STP bridge priority on a Catalyst switch?

a. 0

b. 1

c. 32,768

d. 65,535

5. Which of the following commands is most likely to make a switch become the root

bridge for VLAN 5, assuming that all switches have the default STP parameters?

a. spanning-tree root

b. spanning-tree root vlan 5

c. spanning-tree vlan 5 priority 100

d. spanning-tree vlan 5 root

6. What is the default path cost of a Gigabit Ethernet switch port?

a. 1

b. 2

c. 4

d. 19

e. 1000

7. What command can change the path cost of interface Gigabit Ethernet 3/1 to a

value of 8?

a. spanning-tree path-cost 8

b. spanning-tree cost 8

c. spanning-tree port-cost 8

d. spanning-tree gig 3/1 cost 8

8. What happens if the root bridge switch and another switch are configured with different

STP Hello timer values?

a. Nothing—each sends hellos at different times.

b. A bridging loop could form because the two switches are out of sync.

c. The switch with the lower Hello timer becomes the root bridge.

d. The other switch changes its Hello timer to match the root bridge

9. What network diameter value is the basis for the default STP timer calculations?

a. 1

b. 3

c. 7

d. 9

e. 15

10. Where should the STP PortFast feature be used?

a. An access-layer switch port connected to a PC

b. An access-layer switch port connected to a hub

c. A distribution-layer switch port connected to an access layer switch

d. A core-layer switch port

11. Where should the STP UplinkFast feature be enabled?

a. An access-layer switch.

b. A distribution-layer switch.

c. A core-layer switch.

d. All these answers are correct.

12. If used, the STP BackboneFast feature should be enabled on which of these?

a. All backbone- or core-layer switches

b. All backbone- and distribution-layer switches

c. All access-layer switches

d. All switches in the network

13. Which one of the following commands can be used to verify the current root bridge

in VLAN 10?

a. show root vlan 10

b. show root-bridge vlan 10

c. show spanning-tree vlan 10 root

d. show running-config

Chapter 9

1. Why is it important to protect the placement of the root bridge?

a. To keep two root bridges from becoming active

b. To keep the STP topology stable

c. So all hosts have the correct gateway

d. So the root bridge can have complete knowledge of the STP topology

2. Which of the following features protects a switch port from accepting superior BPDUs?

a. STP Loop Guard

b. STP BPDU Guard

c. STP Root Guard

d. UDLD

3. Which of the following commands can you use to enable STP Root Guard on a

switch port?

a. spanning-tree root guard

b. spanning-tree root-guard

c. spanning-tree guard root

d. spanning-tree rootguard enable

4. Where should the STP Root Guard feature be enabled on a switch?

a. All ports

b. Only ports where the root bridge should never appear

c. Only ports where the root bridge should be located

d. Only ports with PortFast enabled

5. Which of the following features protects a switch port from accepting BPDUs when

PortFast is enabled?

a. STP Loop Guard

b. STP BPDU Guard

c. STP Root Guard

d. UDLD

6. To maintain a loop-free STP topology, which one of the following should a switch uplink

be protected against?

a. A sudden loss of BPDUs

b. Too many BPDUs

c. The wrong version of BPDUs

d. BPDUs relayed from the root bridge

7. Which of the following commands can enable STP Loop Guard on a switch port?

a. spanning-tree loop guard

b. spanning-tree guard loop

c. spanning-tree loop-guard

d. spanning-tree loopguard enable

8. STP Loop Guard detects which of the following conditions?

a. The sudden appearance of superior BPDUs

b. The sudden lack of BPDUs

c. The appearance of duplicate BPDUs

d. The appearance of two root bridges

9. Which of the following features can actively test for the loss of the receive side of a

link between switches?

a. POST

b. BPDU

c. UDLD

d. STP

10. UDLD must detect a unidirectional link before which of the following?

a. The Max Age timer expires.

b. STP moves the link to the Blocking state.

c. STP moves the link to the Forwarding state.

d. STP moves the link to the Listening state.

11. What must a switch do when it receives a UDLD message on a link?

a. Relay the message on to other switches

b. Send a UDLD acknowledgment

c. Echo the message back across the link

d. Drop the message

12. Which of the following features effectively disables spanning-tree operation on a

switch port?

a. STP PortFast

b. STP BPDU filtering

c. STP BPDU Guard

d. STP Root Guard

13. To reset switch ports that have been put into the errdisable mode by UDLD, which

one of the following commands should be used?

a. clear errdisable udld

b. udld reset

c. no udld

d. show udld errdisable

Chapter 10

1. Which one of the following commands enables the use of RSTP?

a. spanning-tree mode rapid-pvst

b. no spanning-tree mode pvst

c. spanning-tree rstp

d. spanning-tree mode rstp

e. None. RSTP is enabled by default.

2. On which standard is RSTP based?

a. 802.1Q

b. 802.1D

c. 802.1w

d. 802.1s

3. Which of the following is not a port state in RSTP?

a. Listening

b. Learning

c. Discarding

d. Forwarding

4. When a switch running RSTP receives an 802.1D BPDU, what happens?

a. The BPDU is discarded or dropped.

b. An ICMP message is returned.

c. The switch begins to use 802.1D rules on that port.

d. The switch disables RSTP.

5. When does an RSTP switch consider a neighbor to be down?

a. After three BPDUs are missed

b. After six BPDUs are missed

c. After the Max Age timer expires

d. After the Forward timer expires

6. Which process is used during RSTP convergence?

a. BPDU propagation

b. Synchronization

c. Forward timer expiration

d. BPDU

7. What causes RSTP to view a port as a point-to-point port?

a. Port speed

b. Port media

c. Port duplex

d. Port priority

8. Which of the following events triggers a topology change with RSTP on a nonedge

port?

a. A port comes up or goes down.

b. A port comes up.

c. A port goes down.

d. A port moves to the Forwarding state.

9. Which of the following is not a characteristic of MST?

a. A reduced number of STP instances

b. Fast STP convergence

c. Eliminated need for CST

d. Interoperability with PVST+

10. Which of the following standards defines the MST protocol?

a. 802.1Q

b. 802.1D

c. 802.1w

d. 802.1s

11. How many instances of STP are supported in the Cisco implementation of MST?

a. 1

b. 16

c. 256

d. 4096

12. What switch command can be used to change from PVST+ to MST?

a. spanning-tree mst enable

b. no spanning-tree pvst+

c. spanning-tree mode mst

d. spanning-tree mst

Chapter 11

1. Which of the following arrangements can be considered interVLAN routing?

a. One switch, two VLANs, one connection to a router.

b. One switch, two VLANs, two connections to a router.

c. Two switches, two VLANs, two connections to a router.

d. All of these answers are correct.

2. How many interfaces are needed in a “router on a stick” implementation for inter-

VLAN routing among four VLANs?

a. 1

b. 2

c. 4

d. Cannot be determined

3. Which of the following commands configures a switch port for Layer 2 operation?

a. switchport

b. no switchport

c. ip address 192.168.199.1 255.255.255.0

d. no ip address

4. Which of the following commands configures a switch port for Layer 3 operation?

a. switchport

b. no switchport

c. ip address 192.168.199.1 255.255.255.0

d. no ip address

5. Which one of the following interfaces is an SVI?

a. interface fastethernet 0/1

b. interface gigabit 0/1

c. interface vlan 1

d. interface svi 1

6. What information must be learned before CEF can forward packets?

a. The source and destination of the first packet in a traffic flow

b. The MAC addresses of both the source and destination

c. The contents of the routing table

d. The outbound port of the first packet in a flow

7. Which of the following best defines an adjacency?

a. Two switches connected by a common link.

b. Two contiguous routes in the FIB.

c. Two multilayer switches connected by a common link.

d. The MAC address of a host is known.

8. Assume that CEF is active on a switch. What happens to a packet that arrives needing

fragmentation?

a. The packet is switched by CEF and kept intact.

b. The packet is fragmented by CEF.

c. The packet is dropped.

d. The packet is sent to the Layer 3 engine.

9. Suppose that a host sends a packet to a destination IP address and that the CEFbased

switch does not yet have a valid MAC address for the destination. How is the

ARP entry (MAC address) of the next-hop destination in the FIB obtained?

a. The sending host must send an ARP request for it.

b. The Layer 3 forwarding engine (CEF hardware) must send an ARP request

for it.

c. CEF must wait until the Layer 3 engine sends an ARP request for it.

d. All packets to the destination are dropped.

10. During a packet rewrite, what happens to the source MAC address?

a. There is no change.

b. It is changed to the destination MAC address.

c. It is changed to the MAC address of the outbound Layer 3 switch interface.

d. It is changed to the MAC address of the next-hop destination.

11. What command can you use to view the CEF FIB table contents?

a. show fib

b. show ip cef fib

c. show ip cef

d. show fib-table

12. Which one of the following answers represents configuration commands needed to

implement a DHCP relay function?

a. interface vlan 5

ip address 10.1.1.1 255.255.255.0

ip helper-address 10.1.1.10

b. interface vlan 5

ip address 10.1.1.1 255.255.255.0

ip dhcp-relay

c. ip dhcp pool staff

network 10.1.1.0 255.255.255.0

default-router 10.1.1.1

exit

d. hostname Switch

ip helper-address 10.1.1.10

Chapter 12

1. Where does a collision domain exist in a switched network?

a. On a single switch port

b. Across all switch ports

c. On a single VLAN

d. Across all VLANs

2. Where does a broadcast domain exist in a switched network?

a. On a single switch port

b. Across all switch ports

c. On a single VLAN

d. Across all VLANs

3. What is a VLAN primarily used for?

a. To segment a collision domain

b. To segment a broadcast domain

c. To segment an autonomous system

d. To segment a spanning-tree domain

4. How many layers are recommended in the hierarchical campus network design model?

a. 1

b. 2

c. 3

d. 4

e. 7

5. What is the purpose of breaking a campus network into a hierarchical design?

a. To facilitate documentation

b. To follow political or organizational policies

c. To make the network predictable and scalable

d. To make the network more redundant and secure

6. End-user PCs should be connected into which of the following hierarchical layers?

a. Distribution layer

b. Common layer

c. Access layer

d. Core layer

7. In which OSI layer should devices in the distribution layer typically operate?

a. Layer 1

b. Layer 2

c. Layer 3

d. Layer 4

8. A hierarchical network’s distribution layer aggregates which of the following?

a. Core switches

b. Broadcast domains

c. Routing updates

d. Access-layer switches

9. In the core layer of a hierarchical network, which of the following are aggregated?

a. Routing tables

b. Packet filters

c. Distribution switches

d. Access-layer switches

10. In a properly designed hierarchical network, a broadcast from one PC is confined

to what?

a. One access-layer switch port

b. One access-layer switch

c. One switch block

d. The entire campus network

11. Which one or more of the following are the components of a typical switch block?

a. Access-layer switches

b. Distribution-layer switches

c. Core-layer switches

d. E-commerce servers

e. Service provider switches

12. What are two types of core, or backbone, designs?

a. Collapsed core

b. Loop-free core

c. Dual core

d. Layered core

13. What is the maximum number of access-layer switches that can connect into a single

distribution-layer switch?

a. 1

b. 2

c. Limited only by the number of ports on the access-layer switch

d. Limited only by the number of ports on the distribution-layer switch

e. Unlimited

14. A switch block should be sized according to which two of the following parameters?

a. The number of access-layer users

b. A maximum of 250 access-layer users

c. A study of the traffic patterns and flows

d. The amount of rack space available

e. The number of servers accessed by users

15. What evidence can be seen when a switch block is too large? (Choose all that apply.)

a. IP address space is exhausted.

b. You run out of access-layer switch ports.

c. Broadcast traffic becomes excessive.

d. Traffic is throttled at the distribution-layer switches.

e. Network congestion occurs.

16. How many distribution switches should be built into each switch block?

a. 1

b. 2

c. 4

d. 8

17. What are the most important aspects to consider when designing the core layer in a

large network? (Choose all that apply.)

a. Low cost

b. Switches that can efficiently forward traffic, even when every uplink is at

100 percent capacity

c. High port density of high-speed ports

d. A low number of Layer 3 routing peers

Chapter 13

1. Which one of the following do multilayer switches share when running HSRP?

a. Routing tables

b. ARP cache

c. CAM table

d. IP address

2. What HSRP group uses the MAC address 0000.0c07.ac11?

a. Group 0

b. Group 7

c. Group 11

d. Group 17

3. Two routers are configured for an HSRP group. One router uses the default HSRP priority.

What priority should be assigned to the other router to make it more likely to

be the active router?

a. 1

b. 100

c. 200

d. 500

4. How many routers are in the Standby state in an HSRP group?

a. 0

b. 1

c. 2

d. All but the active router

5. A multilayer switch is configured as follows:

interface fastethernet 1/1

no switchport

ip address 192.168.199.3 255.255.255.0

standby 1 ip 192.168.199.2

Which IP address should a client PC use as its default gateway?

a. 192.168.199.1

b. 192.168.199.2

c. 192.168.199.3

d. Any of these

6. Which one of the following is based on an IETF RFC standard?

a. HSRP

b. VRRP

c. GLBP

d. STP

7. What VRRP group uses the virtual MAC address 0000.5e00.01ff?

a. Group 0

b. Group 1

c. Group 255

d. Group 94

8. Which one of the following protocols is the best choice for load balancing redundant

gateways?

a. HSRP

b. VRRP

c. GLBP

d. GVRP

9. Which one of the following GLBP functions answers ARP requests?

a. AVF

b. VARP

c. AVG

d. MVR

10. By default, which of the following virtual MAC addresses will be sent to the next

client that looks for the GLBP virtual gateway?

a. The GLBP interface’s MAC address

b. The next virtual MAC address in the sequence

c. The virtual MAC address of the least-used router

d. 0000.0c07.ac00

11. Which one of these features is used to reduce the amount of time needed to rebuild

the routing information after a supervisor module failure?

a. NFS

b. NSF

c. RPR+

d. SSO

12. Which one of the following features provides the fastest failover for supervisor or

route processor redundancy?

a. SSL

b. SSO

c. RPR+

d. RPR

Chapter 14

1. For a Catalyst switch to offer Power over Ethernet to a device, what must occur?

a. Nothing; power always is enabled on a port.

b. The switch must detect that the device needs inline power.

c. The device must send a CDP message asking for power.

d. The switch is configured to turn on power to the port

2. Which one of these commands can enable Power over Ethernet to a switch interface?

a. inline power enable

b. inline power on

c. power inline on

d. power inline auto

3. What does a Cisco IP Phone contain to allow it to pass both voice and data packets?

a. An internal Ethernet hub

b. An internal two-port switch

c. An internal three-port switch

d. An internal four-port switch

4. How can voice traffic be kept separate from any other data traffic through an IP Phone?

a. Voice and data travel over separate links.

b. A special-case 802.1Q trunk is used to connect to the switch.

c. Voice and data can’t be separated; they must intermingle on the link.

d. Voice and data packets both are encapsulated over an ISL trunk.

5. What command configures an IP Phone to use VLAN 9 for voice traffic?

a. switchport voice vlan 9

b. switchport voice-vlan 9

c. switchport voice 9

d. switchport voip 9

6. What is the default voice VLAN condition for a switch port?

a. switchport voice vlan 1

b. switchport voice vlan dot1p

c. switchport voice vlan untagged

d. switchport voice vlan none

7. If the following interface configuration commands have been used, what VLAN numbers

will the voice and PC data be carried over, respectively?

interface gigabitethernet1/0/1

switchport access vlan 10

switchport trunk native vlan 20

switchport voice vlan 50

switchport mode access

a. VLAN 50, VLAN 20

b. VLAN 50, VLAN 1

c. VLAN 1, VLAN 50

d. VLAN 20, VLAN 50

e. VLAN 50, VLAN 10

8. What command can verify the voice VLAN used by a Cisco IP Phone?

a. show cdp neighbor

b. show interface switchport

c. show vlan

d. show trunk

9. When a PC is connected to the PC switch port on an IP Phone, how is QoS trust

handled?

a. The IP Phone always trusts the class of service (CoS) information coming

from the PC.

b. The IP Phone never trusts the PC and always overwrites the CoS bits.

c. QoS trust for the PC data is handled at the Catalyst switch port, not the

IP Phone.

d. The Catalyst switch instructs the IP Phone how to trust the PC QoS information.

10. An IP Phone should mark all incoming traffic from an attached PC to have CoS 1.

Complete the following switch command to make that happen:

switchport priority extend __________

a. untrusted

b. 1

c. cos 1

d. overwrite 1

11. What command can verify the Power over Ethernet status of each switch port?

a. show inline power

b. show power inline

c. show interface

d. show running-config

12. Which DSCP codepoint name usually is used for time-critical packets containing

voice data?

a. 7

b. Critical

c. AF

d. EF

Chapter 15

1. Which one of the following standard sets is used in wireless LANs?

a. IEEE 802.1

b. IEEE 802.3

c. IEEE 802.5

d. IEEE 802.11

2. Which one of the following methods is used to minimize collisions in a wireless LAN?

a. CSMA/CD

b. CSMA/CA

c. LWAPP

d. LACP

3. A wireless scenario is made up of five wireless clients and two APs connected by a

switch. Which one of the following correctly describes the wireless network?

a. BSS

b. ESS

c. IBSS

d. CBS

4. If a wireless access point is connected to a switch by a trunk port, which one of the

following is mapped to a VLAN?

a. Channel

b. Frequency

c. BSS

d. SSID

5. Which of the following terms represents a Cisco wireless access point that cannot operate

independently?

a. Autonomous AP

b. Roaming AP

c. Lightweight AP

d. Dependent AP

6. Suppose that an autonomous AP is used to support wireless clients. Which one of the

following answers lists the devices that traffic must take when passing from one wireless

client to another?

a. Through the AP only.

b. Through the AP and its controller.

c. Through the controller only.

d. None of these answers is correct; traffic can go directly over the air.

7. Suppose that a lightweight AP is used to support wireless clients. Which one of the

following answers lists the device path that traffic must take when passing from one

wireless client to another?

a. Through the AP only.

b. Through the AP and its controller.

c. Through the controller only.

d. None of these answers is correct; traffic can go directly over the air

8. A lightweight access point is said to have which one of the following architectures?

a. Proxy MAC

b. Tunnel MAC

c. Split-MAC

d. Fat MAC

9. How does a lightweight access point communicate with a wireless LAN controller?

a. Through an IPsec tunnel

b. Through an LWAPP or CAPWAP tunnel

c. Through a GRE tunnel

d. Directly over Layer 2

10. Which one of the following types of traffic is sent securely over an LWAPP tunnel?

a. Control messages

b. User data

c. DHCP requests

d. 802.11 beacons

11. Which one of the following must be consistent for a wireless client to roam between

lightweight APs that are managed by the same WLC?

a. SSID

b. Mobility group

c. VLAN ID

d. AP management VLAN

12. Which one of the following must be consistent for a wireless client to roam between

lightweight APs that are managed by two different WLCs?

a. VLAN ID

b. SSID

c. AP management VLAN

d. Mobility group

13. Which one of the following locations is appropriate for an LAP?

a. Access-layer switch port

b. Distribution-layer switch port

c. Core-layer switch port

d. Data center switch port

14. Which one of the following locations is appropriate for a WLC?

a. Access-layer switch port

b. Distribution-layer switch port

c. Core-layer switch port

d. Data center switch port

15. Which one of the following is the correct switch configuration for a port connected

to an LAP?

a. switchport mode trunk

b. switchport mode lap

c. switchport mode access

d. switchport mode transparent

16. Suppose an LAP/WLC combination is used to provide connectivity from SSID “staff’’

to VLAN 17. Which one of the following is the correct extent for the VLAN?

a. VLAN 17 exists on the LAP only.

b. VLAN 17 extends from the LAP to the access switch only.

c. VLAN 17 extends from the LAP to the WLC.

d. VLAN 17 extends from the LAP to the access switch and from the distribution

switch to the WLC.

Chapter 16

1. Which switch feature can grant access through a port only if the host with MAC address

0005.0004.0003 is connected?

a. SPAN

b. MAC address ACL

c. Port security

d. Port-based authentication

2. Port security is being used to control access to a switch port.Which one of these commands

will put the port into the errdisable state if an unauthorized station connects?

a. switchport port-security violation protect

b. switchport port-security violation restrict

c. switchport port-security violation errdisable

d. switchport port-security violation shutdown

3. If port security is left to its default configuration, how many different MAC addresses

can be learned at one time on a switch port?

a. 0

b. 1

c. 16

d. 256

4. The following commands are configured on a Catalyst switch port. What happens

when the host with MAC address 0001.0002.0003 tries to connect?

switchport port-security

switchport port-security maximum 3

switchport port-security mac-address 0002.0002.0002

switchport port-security violation shutdown

a. The port shuts down.

b. The host is allowed to connect.

c. The host is denied a connection.

d. The host can connect only when 0002.0002.0002 is not connected.

5. What protocol is used for port-based authentication?

a. 802.1D

b. 802.1Q

c. 802.1x

d. 802.1w

6. When 802.1x is used for a switch port, where must it be configured?

a. Switch port and client PC

b. Switch port only

c. Client PC only

d. Switch port and a RADIUS server

7. When port-based authentication is enabled globally, what is the default behavior for

all switch ports?

a. Authenticate users before enabling the port.

b. Allow all connections without authentication.

c. Do not allow any connections.

d. There is no default behavior.

8. When port-based authentication is enabled, what method is available for a user to

authenticate?

a. Web browser

b. Telnet session

c. 802.1x client

d. DHCP

9. The users in a department are using a variety of host platforms, some old and some

new. All of them have been approved with a user ID in a RADIUS server database.

Which one of these features should be used to restrict access to the switch ports in

the building?

a. AAA authentication

b. AAA authorization

c. Port security

d. Port-based authentication

10. With DHCP snooping, an untrusted port filters out which one of the following?

a. DHCP replies from legitimate DHCP servers

b. DHCP replies from rogue DHCP servers

c. DHCP requests from legitimate clients

d. DHCP requests from rogue clients

11. Which two of the following methods does a switch use to detect spoofed addresses

when IP Source Guard is enabled?

a. ARP entries

b. DHCP database

c. DHCP snooping database

d. Static IP source binding entries

e. Reverse path-forwarding entries

12. Which one of the following should be configured as a trusted port for dynamic ARP

inspection?

a. The port where the ARP server is located.

b. The port where an end-user host is located.

c. The port where another switch is located.

d. None; all ports are untrusted.

13. Which two of the following methods should you use to secure inbound CLI sessions

to a switch?

a. Disable all inbound CLI connections.

b. Use SSH only.

c. Use Telnet only.

d. Apply an access list to the vty lines.

14. Suppose you need to disable CDP advertisements on a switch port so that untrusted

devices cannot learn anything about your switch. Which one of the following interface

configuration commands should be used?

a. cdp disable

b. no cdp

c. no cdp enable

d. no cdp trust

Chapter 17

1. Which one of the following can filter packets even if they are not routed to another

Layer 3 interface?

a. IP extended access lists

b. MAC address access lists

c. VLAN access lists

d. Port-based access lists

2. In what part of a Catalyst switch are VLAN ACLs implemented?

a. NVRAM

b. CAM

c. RAM

d. TCAM

3. Which one of the following commands can implement a VLAN ACL called test?

a. access-list vlan test

b. vacl test

c. switchport vacl test

d. vlan access-map test

4. After a VACL is configured, where is it applied?

a. Globally on a VLAN

b. On the VLAN interface

c. In the VLAN configuration

d. On all ports or interfaces mapped to a VLAN

5. Which of the following private VLANs is the most restrictive?

a. Community VLAN

b. Isolated VLAN

c. Restricted VLAN

d. Promiscuous VLAN

6. The vlan 100 command has just been entered. What is the next command needed to

configure VLAN 100 as a secondary isolated VLAN?

a. private-vlan isolated

b. private-vlan isolated 100

c. pvlan secondary isolated

d. No further configuration necessary

7. What type of port configuration should you use for private VLAN interfaces that

connect to a router?

a. Host

b. Gateway

c. Promiscuous

d. Transparent

8. Promiscuous ports must be ______________ to primary and secondary VLANs, and

host ports must be ________________.

a. Mapped, associated

b. Mapped, mapped

c. Associated, mapped

d. Associated, associated

9. In a switch spoofing attack, an attacker makes use of which one of the following?

a. The switch management IP address

b. CDP message exchanges

c. Spanning Tree Protocol

d. DTP to negotiate a trunk

10. Which one of the following commands can be used to prevent a switch spoofing attack

on an end-user port?

a. switchport mode access

b. switchport mode trunk

c. no switchport spoof

d. spanning-tree spoof-guard

11. Which one of the following represents the spoofed information an attacker sends in a

VLAN hopping attack?

a. 802.1Q tags

b. DTP information

c. VTP information

d. 802.1x information

12. Which one of the following methods can be used to prevent a VLAN hopping attack?

a. Use VTP throughout the network.

b. Set the native VLAN to the user access VLAN.

c. Prune the native VLAN off a trunk link.

d. Avoid using EtherChannel link bundling