CCNA – Switch Questions 2
Here you will find answers to Switch Questions – Part 2
Question 1
In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?
A. after broken links are re-established
B. in an improperly implemented redundant topology
C. when upper-layer protocols require high reliability
D. during high traffic periods
E. when a dual ring topology is in use
Answer: B
Explanation
If we connect two switches via 2 or more links and do not enable STP on these switches then a loop (which creates multiple copies of the same unicast frame) will occur. It is an example of an improperly implemented redundant topology.
Question 2
An administrator would like to configure a switch over a virtual terminal connection from locations outside of the local LAN. Which of the following are required in order for the switch to be configured from a remote location? (Choose two)
A. The switch must be configured with an IP address, subnet mask, and default gateway.
B. The switch must be connected to a router over a VLAN trunk.
C. The switch must be reachable through a port connected to its management VLAN.
D. The switch console port must be connected to the Ethernet LAN.
E. The switch management VLAN must be created and have a membership of at least one switch port.
F. The switch must be fully configured as an SNMP agent.
Answer: A C
Explanation
In order to remote access to a switch from outside of the local LAN (in a different subnet) we have to:
+ Configure an IP address on a VLAN on that switch, this VLAN is known as the management VLAN (it is usually VLAN 1)
+ Specify the default gateway for that switch so that it can send traffic to this gateway
Below shows an example of configuring remote access for a switch (suppose the management VLAN on the switch is 192.168.1.10/24 and the default-gateway IP address is 192.168.1.254)
Switch(config)#ip default-gateway 192.168.1.254
Switch(config)#interface vlan 1
Switch(config)#ip address 192.168.1.10 255.255.255.0
Switch(config)#no shutdown
Question 3
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.
Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two)
A. Port security needs to be globally enabled.
B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command.
F. The port security configuration needs to be saved to NVRAM before it can become active.
Answer: B D
Explanation
As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:
SwitchA(config-if)#switchport port-security
-> B is correct.
Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.
Question 4
A company implements video conferencing over IP on their Ethernet LAN. The users notice that the network slows down, and the video either stutters or foils completely. What is the most likely reason for this?
A. minimum cell rate (MCR)
B. quality of service (QoS)
C. modulation
D. packet switching exchange (PSE)
E. reliable transport protocol (RTP)
Answer: B
Explanation
If the QoS is not configured correctly on the network, video traffic can slow down all your traffic. That company implemented video traffic and the network slows down -> maybe they don’t configure QoS so video traffic (which is very high and bursty) and data traffic have the same priority and video traffic eats all the bandwidth. QoS can solve this problem by giving higher priority for data (or voice) traffic over video traffic.
Question 5
Computer 1 is consoles into switch A. Telnet connections and pings run from the command prompt on switch A fail. Which of the following could cause this problem?
A. switch A does not have a cdp entry for switch B or router JAX
B. switch A does not have an IP address
C. port 1 on switch A should be an access port rather than a trunk port
D. switch A is not directly connected to router JAX
E. switch A does not have a default gateway assigned
Answer: B
Explanation
It’s a hard question to answer although it looks simple! From the output above we are sure that switch A does not have an IP address (on both Fa0/1 and on VLAN 1) so it can not ping or telnet to any other device -> B is correct.
Another answer seems to be correct is answer E – switch A does not have a default gateway assigned. We know that Switch A can not telnet to other device outside its subnet without having a default gateway. But the question only says “Telnet connections and pings run from the command prompt on switch A fail” without telling us where Switch A is trying to telnet or ping to. If it tries to connect to the outside network then E is correct. If it only want to connect to a device inside its subnet then a default gateway is not necessary.
So the best answer for this question is B!
Question 6
Refer to the exhibit. Give this output for SwitchC, what should the network administrator’s next action be?
A. Check the trunk encapsulation mode for SwitchC’s fa0/1 port.
B. Check the duplex mode for SwitchC’s fa0/1 port.
C. Check the duplex mode for SwitchA’s fa0/2 port.
D. Check the trunk encapsulation mode for SwitchA’s fa0/2 port.
Answer: C
Question 7
Refer to the graphic
A host is connected to switch port Fa0/3 with a crossover cable. However, the port indicator on switch port Fa0/3 is not on, and the host can not communicate with hosts that belong to VLAN2 on the same switch. Based on the information given, where is the problem?
A. The switch has been assigned an incorrect subnet mask T1
B. Switch port Fa0/3 is not configured as a trunk port
C. Switch port Fa0/3 has been blocked by STP
D. The switch and the hosts must be in the same subnet
E. The cable type is wrong
Answer: E
Explanation
To specify when we use crossover cable or straight-through cable, we should remember:
Group 1: Router, Host, Server
Group 2: Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable
In this case we connect a switch and a host so we need a straight-through cable -> E is correct.
Question 8
Refer to the exhibit. Some 2950 series switches are connected to the conference area of the corporate headquarters network. The switches provide two to three jacks per conference room to host laptop connections for employees who visit the headquarters office. When large groups of employees come from other locations, the network administrator often finds that hubs have been connected to wall jacks in the conference area although the ports on the access layer switches were not intended to support multiple workstations.
What action could the network administrator take to prevent access by multiple laptops through a single switch port and still leave the switch functional for its intended use?
A. Configure static entries in the switch MAC address table to include the range of addresses used by visiting employees.
B. Configure an ACL to allow only a single MAC address to connect to the switch at one time.
C. Use the mac-address-table 1 global configuration command to limit each port to one source MAC address.
D. Implement Port Security on all interfaces and use the port-security maximum 1 command to limit port access to a single MAC address
E. Implement Port Security on all interfaces and use the port-security mac-address sticky command to limit access to a single MAC address
F. Implement Port Security at global configuration mode and use the port-security maximum 1 command to allow each switch only one attached hub
Answer: D
Explanation
The Port Security filters frames based on its MAC so it can effectively prevent people connecting to the switch via hubs.
Question 9
Which of the following statements are true regarding bridges and switches? (Choose 3)
A. Switches are primarily software based while bridges are hardware based.
B. Both bridges and switches forward Layer 2 broadcasts.
C. Bridges are frequently faster than switches.
D. Switches have a higher number of ports than most bridges.
E. Bridges define broadcast domains while switches define collision domains.
F. Both bridges and switches make forwarding decisions based on Layer 2 addresses.
Answer: B D F
Question 10
A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?
A. Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.
B. Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.
C. Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them.
D. Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security.
Answer: C
Explanation
We can use the “interface range” command (for example “interface range FastEthernet 0/1 – 48″) to configure many ports as the same time and use the “port-security MAC address sticky” command (without a specific MAC address) to dynamically learn the attached MAC Address and place it into the switch’s running-configuration -> C is correct.
@sunil
no, they dont. they remain in the running-config (by default) till the device gets rebooted
@xallax
Thank you so much.
thanks for q6 explanation — this is the first time I have seen anything like that!!
your explanations make this so much more interesting
Q7 in exam.
I have a question. Suppose we have one router that is connected to a switch and a pc that is also connected to a switch. Means both the router and pc is connected to a same switch. My question is, what address will be the default gateway for pc. The ip address of Router or the ip address of switch that i give to a vlan.
Please clear my doubt with an example or an explanation.
I have a question. Suppose we have one router that is connected to a switch and a pc that is also connected to a switch. Means both the router and pc is connected to a same switch. My question is, what address will be the default gateway for pc. The ip address of Router or the ip address of switch that i give to a vlan.
Please clear my doubt with an example or an explanation.
please reply me on sarabjit.bhatia@gmail.com
@sarabjit
the default gateway IP address will be that of the Layer3 device that routes. could be the switch if and only if the switch is a multilayer switch.
at the ccna level we refer to “switch” as to the Layer2 device.
the default gateway is the router on this scenario
whenever i use
switchport port-security
it always show
command rejected. fa 0/1 is a dynamic port
& also when i use full command like
switchport port-security max 1
it also dont work
i practice on packet tracer 5.3
gec.bits@gmail.com
@naresh
try this
set the port as static access: “switchport mode access”
port-security works on access ports (ports on which you connect PCs)
In Q6
What is encapsulation ARPA?
ARPA -> Ethernet
Reg Q6, i still don’t get it. I understand the concept of MTU, errors and unmatched duplex mode (by xallax) , But how to choose the answer between switch C’s fao/1 and Switch A’s fa0/2 ?
Can some1 help plz. I might sound dumb, just cant figure out :(
@jo
look at the exhibit. you will see that SwitchC is already set to full duplex (“Full-duplex”). that can lead you to only 1 logical conclusion: there’s something wrong on SwitchA
Oh yes! Thanks a lot xallax :)
Kiran Undurthi,
you can telnet to a switch with just the IP.
Regarding Question 2
why option B ” B. The switch must be connected to a router over a VLAN trunk. ” is not correct ?
the question states that the administrator want to configure the switch from outside the local LAN m also we configured a default gateway , so its logical that the switch must be connected to a router for inter VLAN communications , so why option B is not valid ? thx
@xallax
Can you explain this question?
http://s17.postimage.org/mzacpmlz3/Switch.jpg
I don’t see how hub is determined for Fa 0/5.
@raj
you can tell its a trunk because many VLANs go out that port AND from the show cdp nei output you see the neighbor to port fa0/1 is a switch
you see nothing regarding the neighbor out port fa0/5, but you see that 2 MACs passed traffic through it. it must be a hub.
can someone send me latest dumps at spivy66@gmail.com
Thanks 9tut =D
Need 2nd attempt foru exam can anyone send me the latest dumps pls Thks! adainsiu@gmail.com
In Question 2 why the option E is NOT correct and C is correct ???? Somebody pls explain.
thank you very much 9tut! I just got 1000/1000 this day!=D
Hi 9tut, Hi Guys, can you send me the latest dumps at ariari176@hotmai.com. pppplleeease Thanks!
Q3,5,8 were in my exam today
Hi all, I am taking CCNA 640-802 exam first time on 30/05/2012. Could anyone please send me latest dumps which are valid for UK? My e-mail address is puneet_gill84@yahoo.co.uk. Many thanks.
I PASSED CCNA EXAM TODAY THANKS TO ALL MIGHTY ALLAH
960/1000
@xallax
Regarding Q6, good analysis. thx.
but why should you check the remote switch ? not the local ? the local sw may be configured with manual FULL instead of auto-negotiation.
@odysius
nevertheless, the local switch is on full-duplex.
full-duplex is the way it should act on any modern network. this would lead you to check if SwitchA’s duplex mode is full or half
@xallax
“full-duplex is the way it should act on any modern network. this would lead you to check if SwitchA’s duplex mode is full or half” exactly!
But I don’t think that it have a big thing with Giants errors. It’s a result of CRC errors.
Cisco gives us a hint by marking it in yellow !
So, I’m gonna summarize the troubleshooting steps as follows:
input errors –> CRC errors –> collisions during the transmission –> duplex mismatch –> check which end is Half Duplex
b r,
Odysiuos
@xallax
“full-duplex is the way it should act on any modern network. this would lead you to check if SwitchA’s duplex mode is full or half” exactly!
But I don’t think that it have a big thing to do with Giants errors. It’s a result of CRC errors.
Cisco gives us a hint by marking it in yellow !
So, I’m gonna summarize the troubleshooting steps as follows:
input errors –> CRC errors –> collisions during the transmission –> duplex mismatch –> check which end is Half Duplex
b r,
Odysiuos
Regarding Q2, the good answer is A and B.
C is definitely a bad choice.
“The switch must be reachable through a port connected to its management VLAN.” means the following:
“you MUST access the switch (for management) through a port belongs to the management VLAN”
and that’s wrong. the right is:
“you CAN access the switch ……..”
You can manage the switch from a port which is not a member of the management VLAN.
Recall the fact that the switch has only one IP address (per switch, not per interface). So, It doesn’t matter from which port you access the management.
I think the answer for Question 1 the answer should be :” A. after broken links are re-established “
Regarding Q2,
I made a big stupid mistake and I want to retreat from my view.
The correct answer is as 9tut said: A and C.
I apologize to you
@xallax: I know you wrote about this, but one more time – Q5, you think B is the right answer? Is there anyone who had 100% on the exam and had this question? MY exam is this week, so I just wanted to be sure…
@mariah
look carefully at:
“interface Vlan1
no ip address”
and
“Telnet connections and pings run from the command prompt on switch A fail”
telnet… ping… those run using something very important: an IP address so that the receiver can tell who is contacting it and to whom should it reply.
no IP address, no operation on layers above datalink.
B is correct.
@xallax: great! thank you so much!!
Hi 9tut… Hi Guys! Can you please help me… I will take exam after 5 days. Please send me latest dump so that I will have an idea for the exam.. bido._love41@yahoo.com
i want test inside or path of sure
I passed my ccna exam today Praise be to God! Thank you Jesus! and thanks to 9TUT for the tutorials and explanations, great site and thanks to xallax for your explanations to questions and thanks to http://www.examcollection.com for the dumps. Pls guys lets donate and help to keep this site up!
48 ques for exams including 3 simulation, I had EIGRP, Acesslist2 and VTP. Make sure the practice the simulation, use packet tracer or gns3. Best wishes to all!
Q6
switch trunk encapsulation dot1q for Q6
dot1q its trunk encaps.
God’s Grace
I am going to take exam 16/7/12 and you said about simulation can you explain whether we have to just configure the protocols or troubleshyotheroot , is dumps from examcollection.com is enough or any other sources required because each and every dumps like similar only pls anybody who took the exam pls help me
Q2
Isn’t E also correct. To me this is effectively saying the same thing as answer C.
If answer C is true then this implies that “the management VLAN must be created and have a membership of at least one switch port” is also a true statement. Can someone please explain the difference because I must be missing something here?
@xallax @9tut
Q2. Can u explain
C. The switch must be reachable “THROUGH A PORT” connected to its management VLAN.
thanks . !
hi 9tut.. I have one 3750 Switch and I want to limit bandwidth per host.. port1 must have 1mb, port2 2mb and port3 5mb.. how I can set that?… all ports of Switch is Gigabytes.
please Help me..
Hi to All, I am going to write CCNA paper,
Can anyone provide me latest dumps ,
thanks in advance..
my email id is – sanjeev_someone1@yahoo.co.in
Qn2. I thought management Vlan is the virtual interface, that doesnt neccesarily need port assigned to work….i tried this n my packet tracer, just changed the management vlan from its default (vlan 1) to vlan 50, i ddnt assign any ports to vlan 50 ….but then i can telnet and ping to and from the switch!
I am tryng so hard to understand this answ by 9tut..”C. The switch must be reachable through a port connected to its management VLAN.” management Vlan can be reached even without no port assigned to it, all you need is the default gateway on the switch, the ip address on the management vlan interface (vlan 1 by default) and a correctly configured trunk to the router!
somebody clear my doubts please!!!
the answer to question one can’t be B, this is because STP is on by default on Cisco switches. You don’t have to enable it, meaning no matter how badly you configure your network, the redundancies will not cause retransmissions of data. A) seems a more viable answer than B)
In Q2: why donot need subnetmask for default-gateway? “Switch(config)#ip default-gateway 192.168.1.254″
In Q6: I don’t understand ” 741 input errors, 738 CRC”?
Pls help me.
Question 6
When I recreate this in packet tracer the port goes down completely when I have set one end to half duplex and the other to full.
I don’t understand the answer because I can’t change the encapsulation in packet tracer.