CCNA – Switch Questions 3
Here you will find answers to Switch Questions – Part 3
Question 1
Which of the following are true regarding bridges and switches? (Choose two)
A. Bridges are faster than switches because they have fewer ports.
B. A switch is a multiport bridge.
C. Bridges and switches learn MAC addresses by examining the source MAC address of each frame received.
D. A bridge will forward a broadcast but a switch will not.
E. Bridges and switches increase the size of a collision domain.
Answer: B C
Question 2
Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two)
A. SW1# show switchport port-security interface FastEthernet 0/12
B. SW1# show switchport port-secure interface FastEthernet 0/12
C. SW1# show port-security interface FastEthernet 0/12
D. SW1# show running-config
Answer: C D
Explanation
We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:
Question 3
Assuming the default switch configuration which vlan range can be added modified and removed on a Cisco switch?
A. 2 through 1001
B. 1 through 1001
C. 1 through 1002
D. 2 through 1005
Answer: A
Explanation
VLAN 1 is the default VLAN on Cisco switch. It always exists and can not be added, modified or removed.
VLANs 1002-1005 are default VLANs for FDDI & Token Ring and they can’t be deleted or used for Ethernet.
Question 4
Refer to the exhibit. This command is executed on 2960Switch:
2960Switch(config)# mac-address-table static 0000.00aa.aaaa vlan 10 interface fa0/1
Which two of these statements correctly identify results of executing the command? (Choose two)
A. Port security is implemented on the fa0/1 interface.
B. MAC address 0000.00aa.aaaa does not need to be learned by this switch.
C. Only MAC address0000.00aa.aaaa can source frames on the fa0/1 segment.
D. Frames with a Layer 2 source address of 0000.00aa.aaaa will be forwarded out fa0/1.
E. MAC address 0000.00aa.aaaa will be listed in the MAC address table for interface fa0/1 only.
Answer: B E
Explanation
The above command adds the MAC address 0000.00aa.aaaa to the MAC address table of the switch. This is called static MAC address. Static addresses have the following characteristics:
* Static addresses will not be removed from the address table when a given interface link is down.
* Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
* A static address cannot be learned on another port until the address is removed with the no form of this command.
Static MAC address is not a Port Security feature -> A is not correct.
If the MAC address 0000.00aa.aaaa is seen again (on fa0/1 or other ports), it does not need to be learned because it already exists in the MAC address table of the switch -> B is correct.
Although configured with a static MAC address, switch can still learn other MAC addresses dynamically -> C is not correct.
Frames with a Layer 2 destination address (not source address) of 0000.00aa.aaaa will be forwarded out fa0/1 -> D is not correct.
Question 5
Which set of commands is recommended to prevent the use of a hub in the access layer?
A.
switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1
B.
switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C.
switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1
D.
switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1
Answer: C
Explanation
Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.
Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.
Question 6
A Catalyst 2950 needs to be reconfigured. What steps will ensure that the old configuration is erased? (Choose three)
A. Erase flash.
B. Restart the switch.
C. Delete the VLAN database.
D. Erase the running configuration.
E. Erase the startup configuration.
F. Modify the configuration register.
Answer: B C E
Question 7
The network administrator has discovered that the power supply has failed on a switch in the company LAN and that the switch has stopped functioning. It has been replaced with a Cisco Catalyst 2950 series switch. What must be done to ensure that this new switch becomes the root bridge on the network?
A. Lower the bridge priority number.
B. Change the MAC address of the switch.
C. Increase the VTP revision number for the domain.
D. Lower the root path cost on the switch ports.
E. Assign the switch an IP address with the lowest value.
Answer: A
Question 8
Which two of these are characteristics of the 802.1Q protocol? (Choose two)
A. It is a layer 2 messaging protocol which maintains vlan configurations across network.
B. It includes an 8-bit field which specifies the priority of a frame.
C. It is used exclusively for tagging vlan frames and dose not address network reconvergence following switched network topology changes.
D. It modifies the 802.3 frame header and thus requires that the FCS be recomputed.
E. It is a trunking protocol capable of earring untagged frames.
Answer: D E
Explanation
IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network. It is a protocol that allows VLANs to communicate with one another using a router. 802.1Q trunks support tagged and untagged frames.
If a switch receives untagged frames on a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native VLAN are not tagged when exiting the switch via a trunk port.
The 802.1q frame format is same as 802.3. The only change is the addition of 4 bytes fields. That additional header includes a field with which to identify the VLAN number. Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.
Note: Frame Check Sequence (FCS) is a four-octet field used to verify that the frame was received without loss or error. FCS is based on the contents of the entire frame.
Question 9
What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two)
A. decreasing the number of collision domains
B. filtering frames based on MAC addresses
C. allowing simultaneous frame transmissions
D. increasing the size of broadcast domains
E. increasing the maximum length of UTP cabling between devices
Answer: B C
Explanation
Hub is considered a layer 1 device. When a packet arrives at one port, it is copied to the other ports without checking the content of that packet.
Switch operates at layer 2. When a packet arrives at one port, it checks in its database (based on MAC address) to see which port it should forward that packet out -> B is correct.
Remember that hubs can only communicate in half duplex mode, which means that a computer can only send data when it is not receiving. Switches can run in full duplex mode, which allows data to be sent and received at the same time. Switches effectively double the speed of the network when compared to hubs -> C is correct.
Switch increases the number of collision domains (which is better) -> A is not correct.
Switch does not have any effect on the size of broadcast domains. When using switch, the size of broadcast domains remain the same -> D is not correct.
Both hub and switch increase the maximum length of UTP cabling between devices so it is not an advantage of switch over hub -> E is not correct.
Question 10
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport
Answer: B
Explanation
There is no “show mac-address” command. But notice the “show mac-address-table” and “show mac address-table” do exist.
If option A is “show mac-address-table” then both A & B are correct!
ohh sorry i forgot to give choices
choices are
A–>192.168.1.2 is local to the router
B–>192.168.3.1 is local to the router
C–>192.168.1.2 will age out in less than one minute
D–>192.168.3.1 has aged out and is marked for deletion
ans. is given B
Kushal, I believe this question is on this site as well. The answer given was the “-” for the age. Meaning it didn’t learn it from somebody else.
I have a C2960 with IOS v12.2 and “show arp” won’t work, only “show ip arp” displays arp table with IP address, age, MAC address, and interface ID.
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport
Answer: B
Explanation
There is no “show mac-address” command. But notice the “show mac-address-table” and “show mac address-table” do exist.
If option A is “show mac-address-table” then both A & B are correct!
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport
which one is true show arp or show mac-address
in 9tut ans is B but in prepking ans is A
plz help me!
I want to crack VCE for do dumps from examcollection.com!
how to crack it, if any one know plz send link or key at jainal.soni@gmail.com
friends, in case, if somebody fails ccna at first attempt, the re-exam will be after 5 days///
my question is ‘ do we have to pay the exam fee again for re-exam ?
thanks
yes (i wanna know)
show mac-address-table would be true
Q. 10. Pls help clarify. Is ‘show mac address’ (B) not a short form for ‘show mac address-table’ command? Like you will use ‘sh’ for show. Hence it should be a correct answer, taking into consideration that the ‘show arp’ command is specifically to find out the mapping of mac addresses to ip addresses.
I think the answer to the question “Can arp request pass through a switch?” will help clarify. If the answer is ‘yes’ as I think, then the ‘show arp’ will not only display mac addresses of connected stations, but those of all the arp address can get to. Hence B should be a more appropriate answer.
9tut got an exam 19 December.any idea SIMs to expect?
TY 9tut.
Today I have passed the CCNA. (860/825)
50 questions 3 labs (VTP, EIGRP, ACL). 35 from 9tut.
Also thanks a lot Brar and Sekhar (still valid from examcollection)
Ty again 9tut
from here none
i m planning to attend ccna exam on 24th Dec. Any advice from ccna crackers??????
@9tut
I am going to give exam in next month,will these be valid for that time,plz confirm me
Thanks in advance
@TDy11
Congrats on passing CCNA! But how did u study the questions on here? Did memorization help you?
can anyone send vce program on tshons@gmx.com
Hi there, in fact both commands works on packet tracer …… and its supoused to packet tracer to be more “basic” than a real device….bot i tested it and it worked the sme way than show mac addres table….try it.
what is the answer for Q.10
Show mac-address or Show arp
I checked in packet tracer Show mac-address is correct
and Show arp only shows ip address of VLan
Show arp is mainly associated with Router
can anybody help me with this questions ???????
hello all, Q10 been answered as show mac-address by testking, which one is correct?
It depends on which hardware platform you are using. The 6500′s accept ‘show mac-address-table’ but not 3750′s. 3750′s will only accept ‘show mac address-table’.
Valid Que :D
Q:3
Q:7
C3560e#show mac-address
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
200 000c.76fd.e227 DYNAMIC Gi0/12
200 0014.5e46.11ce DYNAMIC Gi0/17
200 0019.e7ca.8d67 DYNAMIC Po1
200 001b.38b2.7cfc DYNAMIC Gi0/13
200 0080.d410.0cbe DYNAMIC Gi0/15
200 307c.301a.cb08 DYNAMIC Po1
200 f025.72df.d418 DYNAMIC Gi0/13
100 0817.35d5.d3a7 DYNAMIC Gi0/13
100 108c.cf74.112c DYNAMIC Gi0/13
100 1cdf.0f50.ee67 DYNAMIC Po1
100 1cdf.0f50.efe7 DYNAMIC Po1
100 503d.e58d.2ff8 DYNAMIC Gi0/11
100 8cb6.4f81.f819 DYNAMIC Gi0/11
100 ecc8.82b1.f89f DYNAMIC Gi0/11
100 ecc8.82b1.f908 DYNAMIC Gi0/13
100 f025.72df.d418 DYNAMIC Gi0/13
1 000b.857e.b2d0 DYNAMIC Gi0/9
1 000b.8581.e3c0 DYNAMIC Gi0/4
1 000b.8581.f760 DYNAMIC Gi0/3
1 000b.8582.c630 DYNAMIC Gi0/7
1 000b.8585.58a0 DYNAMIC Gi0/6
1 000b.8585.5bb0 DYNAMIC Gi0/5
1 000b.8585.5c50 DYNAMIC Gi0/8
1 000b.8591.7d40 DYNAMIC Gi0/13
1 0019.e7ca.8d60 DYNAMIC Po1
1 0019.e7ca.8d63 DYNAMIC Po1
1 0019.e7ca.8d64 DYNAMIC Po1
1 0019.e7ca.8d67 DYNAMIC Po1
1 f025.72df.d418 DYNAMIC Gi0/13
10 0019.e7ca.8d67 DYNAMIC Po1
10 0022.fac7.b948 DYNAMIC Po1
10 4ced.de0c.9d14 DYNAMIC Po1
10 4ced.de0c.9d19 DYNAMIC Po1
10 4ced.de0c.9e03 DYNAMIC Po1
10 4ced.de0c.a4d0 DYNAMIC Po1
10 4ced.de11.3388 DYNAMIC Po1
10 4ced.de11.3393 DYNAMIC Po1
10 4ced.de11.34af DYNAMIC Po1
C3560e#
@9tut
Q10: Correct answer is A – show mac-address
See printouts below.
SW2#show mac-address
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0001.4386.2e0b DYNAMIC Fa0/1
1 0002.4a23.bbde DYNAMIC Fa0/2
1 000b.bed4.0301 DYNAMIC Fa0/1
1 0050.0fdd.ba2c DYNAMIC Fa0/3
1 00e0.f9a8.d801 DYNAMIC Fa0/1
10 00e0.f9a8.d801 DYNAMIC Fa0/1
20 0090.0c7c.a367 DYNAMIC Fa0/8
20 00e0.f9a8.d801 DYNAMIC Fa0/1
SW2#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.11 – 0001.4270.69D6 ARPA Vlan1
@Eydz: We know show mac-address is a better answer if the switch accept that command. As we said in the explanation:
There is no “show mac-address” command. But notice the “show mac-address-table” and “show mac address-table” do exist.
Question 10
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport
A is the correct answer….
show arp works fine in routers but didn’t bring anything in switch
Router1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.4 0 0060.7019.A3E9 ARPA FastEthernet0/0.1
Switch>
Switch>en
Switch#sh arp
Switch#sh mac-a
Switch#sh mac-address-table
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0001.434b.4b9d DYNAMIC Gig1/1
1 0060.7019.a3e9 DYNAMIC Fa0/8
1 00d0.bae9.6201 DYNAMIC Gig1/1
2 0001.434b.4b9d DYNAMIC Gig1/1
2 00d0.bae9.6201 DYNAMIC Gig1/1
3 0001.434b.4b9d DYNAMIC Gig1/1
3 00d0.bae9.6201 DYNAMIC Gig1/1
im so confused which one to select if it poped up on my exam!! I’m planning to do the exam next week on 15of feb or 16th.
Switch#sh mac-address
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0001.434b.4b9d DYNAMIC Fa0/24
1 0001.6427.1101 DYNAMIC Gig1/2
1 0001.c738.ba0f DYNAMIC Fa0/14
1 0010.1160.6301 DYNAMIC Gig1/1
1 0060.5c46.5e11 DYNAMIC Fa0/15
2 0001.434b.4b9d DYNAMIC Fa0/24
3 0001.434b.4b9d DYNAMIC Fa0/24
sh mac-address works fine too!
q10 -
Dont believe this answer is correct. Got to be Show mac-address.
The Show Mac command works on switches so no reason why this command wouldnt.
Show arp doesnt show all mac address connected. I have tested in real life enviroment.
show “mac-address” works fine on packet tracer…
Please anyone can explain me this question y e,f are correct
A network administrator is configuring ACLs on a Cisco router, to allow IP access from the
192.168.146.0/24, 192.168.147.0/24, 192.168.148.0/2,. and 192.168.149.0/24 networks only.
Which two ACLs, when combined, should be used?
A. access-list 10 permit ip 192.168.146.0 0.0.0.255
B. access-list 10 permit ip 192.168.146.0 255 255.255.0
C. access-list 10 permit ip 192.168.147.0 0.0.255 255
D. access-list 10 permit ip 192.168.149.0 0.0.255.255.0
E. access-list 10 permit ip 192.168.148.0 0.0.1.255
F. access-list 10 permit ip 192.168.146.0 0.0.1.255
Answer: E,F
#usman it is kind of tricky question but dont confuse .
yes correct answer is E and F
answer E: this access list just permit 192.168.148.0/23 network.
this network address is summarized address of 192.168.148.0/24 and 192.168.149.0/24
longest prefix match of this 2 network is 192.168.148.0/23
answer F
this access list just permit 192.168.146.0/23 network.
this network address is summarized address of 192.168.146.0/24 and 192.168.147.0/24
longest prefix match of this 2 network is 192.168.146.0/23
because of this reason answer E and F are correct..
Question 8 on CCNA 2nd try today
Other countries censor content and not just rogue regimes such as the Iranian mullocracy. Poor people! http://www.baidu.com baidu censor http://www.baidu.com
NOTE:When configuring port security violation modes, note the following information:
• protect—Drops packets with unknown source addresses until you remove a sufficient number of
secure MAC addresses to drop below the maximum value.
• restrict—Drops packets with unknown source addresses until you remove a sufficient number of
secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter
to increment.
• shutdown—Puts the interface into the error-disabled state immediately and sends an SNMP trap
notification
Which wild card mask will enable a network administrator to permit access to the Internet for only hosts that are assigned an address in the range of 192.168.8.0 through 192.168.15.255?
A. 0.0.0.0
B. 0.0.0.255
C. 0.0.255.255
D. 0.0.7.255
E. 0.0.3.255
Correct Answer:D
any body can explain about this question
the answer is D
as you can see
192.168.8.0 -192.168.15.255 with subnet mask of 255.255.255.248
what is the increment if we have this subnet mask? it’s 8 right?
That’s why we choose the wild card mask of 0.0.7.255
It will satisfy the condition
Q3 WAS ON MY EXAM TODAY
q-10
a is the correct
q8 in today exam
About Question 10
I have been reading posts/comments about the argument for question 10.
Analyze the question and all the given choices.
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport
Let’s talk about the choices.
A. show mac-address -> working command but incomplete
B. show arp -> working and complete command
C. show table -> incorrect command
D. show switchport -> incorrect command
(based on Packet Tracer, not sure about real life devices or other simulators)
So if you will base your answer on the given choices then “B. show arp” is the best answer.
But, like any other, you have to clearly consider the question.
- Which command will show the “MAC addresses of STATIONS CONNECTED to switch ports”?
This would start to get confusing because “show arp” will not provide that condition.
So the question is, what would cisco/author wants us to consider in this specific question?
A. The complete/exact command
B. The condition of the question
This is very important because the purpose of exams is to ready/sharpen us in real life scenarios.
Any insights for this one is greatly appreciated and if I may had indicated wrong information kindly correct me.
Thank you so much and God bless.
Q10 tested on real hardware – 3550, 3560, 3750 12.2(50)SE3
show mac-address – working
show mac address-table – working
show arp – it gives only IP/MAC/Age/Vlan devices in mgmt vlan
so definitely answer A is correct, B is incorrect
Q5 – unfortunately all answers are wrong – tested on real hardware – Cisco 3550 IOS 12.2(46)SE ! In Packet Tracker the same result in 2960, 3550 in PT hasn’t “show port-security” command
To enable port-security on interface you have to add additional command after
switchport mode access. This command below:
3550(config-if)#switchport port-security
then next command is unnecessary, because default max mac is 1
3550(config-if)#switchport port-security maximum 1
if you add only switchport port-security maximum 1, port security is still disabled
If this question is from real exam, then it is a shame for Cisco question author – probably CCIE ;-)
Pliz i will sit for the exam next month, can someone send me the latest dumps on email: olesimbe@yahoo.com
@9TUT
Q 10….The answer A is correct.
B is not correct because , he is asking about switchport not routed port. show arp , command work for only routed port.
@9tut Q10 answer is definitely A, b is wrong
Q 10
Show mac-address is the writ choise without using tab in writng command
SwitchC#show mac address
Mac Address Table
——————————————-
Vlan Mac Address Type Ports
—- ———– ——– —–
1 0001.c9a3.bc01 DYNAMIC Fa0/2
SwitchC#
q4 in exam today
Show arp – Why a layer 2 switch will keep an ARP table ? This does not seem to be a right answer.
This does not populate anything on the switch though this is a valid command.
sh mac-address
is working
hello guys,
Don’t depend most of your answers from 9tut. if you not sure, you can search the other cisco site..
Regarding Question no.9 I have read an explanation states that option A is better than C.The explanation goes like this-the whole point of a switch over a hub is to reduce the number of collision domains, so answer “decreasing the number of collision domains” is a far better one than the very amibiguous answer “To allow simultaneous frame transmissions”.
which one is true -A or C ?