CCNA – Switch Questions
Here you will find answers about Switch Questions – Part 1
Question 1
Which two commands can be used to verify a trunk link configuration status on a Cisco switch? (choose two)
A. show interfaces trunk
B. show interfaces switchport
C. show ip interface brief
D. show interfaces vlan
Answer: A B
Explanation
The “show interfaces trunk” command and “show interfaces switchport” command can be used to verify the status of an interface (trunking or not). The outputs of these commands are shown below (port Ethernet 1/0 has been configured as trunk):
The “show ip interface brief” command only gives us information about the IP address, the status (up/down) of an interface:
The “show interfaces vlan” command only gives us information about that VLAN, not about which ports are the trunk links:
Question 2
Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)#switchport port-security
2950Switch(config-if)#switchport port-security mac-address sticky
2950Switch(config-if)#switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
Answer: B D
Explanation
Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations
Question 3
Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?
A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filter
Answer: D
Explanation
We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.
With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.
Question 4
Why will a switch never learn a broadcast address?
A. Broadcast frames are never sent to switches.
B. Broadcast addresses use an incorrect format for the switching table.
C. A broadcast address will never be the source address of a frame.
D. Broadcasts only use network layer addressing.
E. A broadcast frame is never forwarded by a switch.
Answer: C
Question 5
Which three statements accurately describe layer 2 Ethernet switches? (choose three)
A. Microsegmentation decreases the number of collisions on the network.
B. If a switch receives a frame for an unknown destination, it uses ARP to resolve the address.
C. Spanning Tree Protocol allows switches to automatically share vlan information.
D. In a property functioning network with redundant switched paths, each switched segment will contain one root bridge with all its ports in the forwarding state. All other switches in that broadcast domain will have only one root port.
E. Establishing vlans increases the number of broadcast domains.
F. Switches that are configured with vlans make forwarding decisions based on both layer 2 and layer 3 address information.
Answer: A D E
Explanation
Microsegmentation is a network design (functionality) where each workstation or device on a network gets its own dedicated segment (collision domain) to the switch. Each network device gets the full bandwidth of the segment and does not have to share the segment with other devices. Microsegmentation reduces and can even eliminate collisions because each segment is its own collision domain -> A is correct.
Note: Microsegmentation decreases the number of collisions but it increases the number of collision domains.
D and E are correct based on the theory of STP and VLAN.
Question 6
Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choose two)
A. alternate
B. backup
C. designated
D. disabled
E. root
Answer: C E
Explanation
IEEE 802.1w is the standard of Rapid Spanning Tree Protocol (RSTP). There are 5 port roles in this standard: Root port, Designated port, Alternative port, Backup port and Disabled port. In these 5 port roles, only Root port and Designated port can forward traffic.
Question 7
Select the action that results from executing these commands:
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
A. A dynamically learned MAC address is saved in the startup-configuration file.
B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.
Answer: B
Explanation
The full syntax of the second command is:
switchport port-security mac-address sticky [MAC]
If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.
Question 8
What is valid reason for a switch to deny port access to new devices when port security is enabled?
A. The denied MAC addresses have already been learned or configured on another secure interface in the same VLAN.
B. The denied MAC address are statically configured on the port.
C. The minimum MAC threshold has been reached.
D. The absolute aging times for the denied MAC addresses have expired.
Answer: A
Explanation
A security violation occurs in either of these situations:
* When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode.
* If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.
From the second statement we can figure out A is the correct answer. But for your information we will discuss other answers as well.
Answer B is not correct because we can’t configured which MAC address will be denied. We can only configure which MAC is allowed.
We can only configure the maximum MAC threshold, not the minimum threshold -> C is not correct.
The aging times are only configured for allowed MAC addresses, not for denied MAC -> D is correct.
For your information about aging time:
When the aging type is configured with the absolute keyword, all the dynamically learned secure addresses age out when the aging time expires
This is how to configure the secure MAC address aging type on the port:
Router(config-if)# switchport port-security aging type absolute
and configure the aging time (aging time = 120 minutes)
Router(config-if)# switchport port-security aging time 120
When this command is used, all the dynamically learned secure addresses age out when the aging time expires
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html)
Question 9
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two)
A. The network administrator can apply port security to dynamic access ports
B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
D. The network administrator can apply port security to EtherChannels.
E. When dynamic mac address learning is enabled on an interface, the switch can learn new addresses up to the maximum defined.
Answer: C E
Explanation
Follow these guidelines when configuring port security:
+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.
+ When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.
Question 10
Refer to the exhibit. Which statement is true?
A. The Fa0/11 role confirms that SwitchA is the root bridge for VLAN 20.
B. VLAN 20 is running the Per VLAN Spanning Tree Protocol.
C. The MAC address of the root bridge is 0017.596d.1580.
D. SwitchA is not the root bridge, because not all of the interface roles are designated.
Answer: D
Explanation
Only non-root bridge can have root port. Fa0/11 is the root port so we can confirm this switch is not the root bridge -> A is not correct.
From the output we learn this switch is running Rapid STP, not PVST -> B is not correct.
0017.596d.1580 is the MAC address of this switch, not of the root bridge. The MAC address of the root bridge is 0017.596d.2a00 -> C is not correct.
All of the interface roles of the root bridge are designated. SwitchA has one Root port and 1 Alternative port so it is not the root bridge -> D is correct.
Question 11
A technician has installed SwithchB and needs to configure it for remote access from the management workstation connected SwitchA. Which set of commands is required to accomplish this task?
A.
SwitchB(config)#interface FastEthernet 0/1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#no shutdown
B.
SwitchB(config)#ip default-gateway 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#no shutdown
C.
SwitchB(config)#interface vlan 1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#ip default-gateway 192.168.8.254 255.255.255.0
SwitchB(config)#no shutdown
D.
SwitchB(config)#ip default-network 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#no shutdown
Answer: B
Explanation
To remote access to SwitchB, it must have a management IP address on a VLAN on that switch. Traditionally, we often use VLAN 1 as the management VLAN (but in fact it is not secure).
In the exhibit, we can recognize that the Management Workstation is in a different subnet from the SwitchB. For intersubnetwork communication to occur, you must configure at least one default gateway. This default gateway is used to forward traffic originating from the switch only, not to forward traffic sent by devices connected to the switch.
Question 12
A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1? (Choose two)
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C. Configure the MAC address of the server as a static entry associated with port Fa0/1.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
Answer: C E
Explanation
We can”configure the MAC address of the server as a static entry associated with port Fa0/1″ with this command:
Switch(config-if)#switchport port-security mac-address sticky 0000.00AA.AAAA.AAAA
and “configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server” with these commands:
Switch(config-if)#switchport port-security maximum 1 (only allow 1 MAC address and that is the static MAC address)
Also we often define what will the switch do if the security is violated:
Switch(config-if)#switchport port-security violation shutdown
Question 13
The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two)
A. Switch1(config-if)#switchport port-security maximum 1
B. Switch1(config)#mac-address-table secure
C. Switch1(config)#access-list 10 permit ip host
D. Switch1(config-if)#switchport port-security violation shutdown
E. Switch1(config-if)#ip access-group 10
Answer: A D
Q.10: confused!
B. VLAN 20 is running the Per VLAN Spanning Tree Protocol.
The reason B is wrong is that VLAN 20 cannot run PSTP but the switch! Please correct me if I am wrong!
@dat
Third line is showing that switch is running RSTP therefore it is wrong.
Question 9,11 on CCNA 2nd try today
Hey, Anybody who has latest CCNA Dumps kindly mail at gauriwalinjkar@gmail.com
Exam scheduled next week.
Thank You ! :)
@9tut
Plz correct choice B for question #11; u forgot to put -if (config-if) after interface vlan 1 command
the correct answer is:
SwitchB(config)#ip default-gateway 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#no shutdown
Sucha a great website. I’ve been studying hardly for a couple of weeks from here. I’m taking my CCNA exam second week of May.
Q5 AND Q7 WAS ON THE EXAM TODAY
Hi everyone I am taking my CCNA exam in 17th of May could you send me the latest CCNA Dumps please , Jazakallahw Khair
I also need the latest dump! please help me…….
I want it too.. LATEST DUMP help me ashen.susl@gmail.com
Hi can you send me one please. richolawale@yahoo. Com
HI,
Can some please explain what is voice vlan
for q.11
You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. any reason why we cant configure mentioned above on voice vlan
q4 , q9 n q11 in today exam..
HI
I am planning to take exam in 2 weeks can anyone send the latest dumps jhansi.115@gmail.com please
Pliz i will sit for the exam next month, can someone send me the latest dumps on email: olesimbe@yahoo.com
am having exam on monday 3rd june, plz can any 1 send me the latest dumps, and 1 more thing where ill get VCE new version software?? plz guide me…my mail id ruchibk043@gmail.com…..thanks in advance…:)
the following question(ccna) is valid for all country?
Qn 10 in yesterday’s exam…i made my certification with 828 marks… thank god.. i did wrong in ACL sim…bt still passed..very happy..:)
, plz can any 1 send me the latest dumps, and 1 more thing where ill get VCE new version software?? plz guide me…my mail id falhomis@gmail.com…..thanks in advance…:)
Hi everyone,
I am going to take my ccna exam on july first week. plz, send the latest dumps to email pratheepk02@gmail.com. Thanks for your help.
Hi all, I pass my CCNA exam next week and I’d like to have some advice please. I’d also like to have the latest dumps please. my email is vanessameav@gmail.com
I failed exam yesterday, timed out on Q40. Can someone send the latest dumps please- contact1arh@hotmail.
Hi to all
I am going to give my CCNA this month can you please send the latest dumps at my email ID
bhanu.kothari20@gmail.com
Thanks in advanced
Hi,
I have a CCNA exam 5 days after. Can you please send the valid dump for me via y.aleh@yahoomail.com
Thanks in advance.
Can someone send the latest dumps please? mutalip.k@hotmail.com
I want to take the same exam before it expires on 30th Sep. Can anyone please send me the valid and latest dump to benmwelwa@yahoo.com
Thanks in advance.
Can anyone send to me the valid and latest dump to ibrahim_commu@yahoo.com as I want to take the exam before 30/8
Q11
B and D are identical.
B.
SwitchB(config)#ip default-gateway 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#no shutdown
D.
SwitchB(config)#ip default-network 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#no shutdown
If you check closely for the answers B And D they are not similar , one is talking about default-network which would mean you are allowing the whole network while the other one is talking about default-gateway
@user
how come that ip default-gateway is identical to ip default-network.
Hello Guys I hope you will be fine there. I have CCNA (640-802) and CCNA security (640-554) Vouchers on special discount of 58% for World wide, with six months expiry date till you purchase. Each voucher cost 70USD.
Details Required For CCNA Voucher For Discount Processing:
1-Full Name. 1st Name & Last Name (as you want to appear on certificate & documents)
2-Country.
3-City.
4-State.
5-Pin Code (or Area Code)
6-Residential Address (or where you can collect your Certificate or further correspondence
can be received)
7-Date of birth
Add me on Skype through this information which is written below:
Skype Name: rockon660
you can also email me at this email address which is written below:
madeelqaiser@gmail.com
If you have any Questions feel free to contact me.
Thanks,
Best regards,
Adeel
Q8, I think the answer is A because the logic is not only was limited to port security, but also resulted by combined port security and how mac address table works.
If you configure MAC address of device statically or dynamically sticky to mac address table. Then the address will be entered to the table as ‘statically’. If then, the device will be jailed and locked to the port. If the device is trying to connect to the switch to another port than the port it’s statically configured, switch will drop frames from the device.
9tut, please correct me if I’m wrong.
confused with Q8, please advice
in question 11, why cant C be the right answer also? the only difference is they set a subnet mask of 255.255.255.0 on the default gateway configuration. please elaborate on the explanation im a little slow!! thanks
Please can I have latest dumps. I am going to site for a exams next week
jayamayuran@gmail.com
Thanks 9tut. I made it. I passed my CCNA 200-120 today. The sim is Access-list 1 , Access-list 2 & EIGRP. A lot of new questions like Netflow, Syslog, SNMP, VRRP, and GLBP.
what’s the passing score for 640-802?
hey q5 why is option b wrong ?
ARP is the address resolution protocol for IP used by nodes. Before you can send an IP packet, you need to build a frame with a destination ethernet address. If you don’t know what the destination MAC address is, you use ARP to get it You broadcast a packet at layer 2 asking who has a certain IP, and what MAC address it belongs to The owner of the IP (if present) sends back a unicast packet to you with the answer (this means only you get the result of that arp query).
download latest dumps from
9
t
u
t
.
c
o
m
x
a
.
c
o
m
yoohoo…Passed it :-) 986/1000