[PART 8] CCNA 200-125 Dumps Questions and Answers Latest (VCE + PDF)

[PART 8] CCNA 200-125 Dumps Questions and Answers Latest (VCE + PDF)

491. Which PPP subprotocol negotiates authentication options?

  • NCP
  • LCP*
  • ISDN
  • DLCI
  • SLIP

492. Which two statements describe characteristics of IPv6 unicast addressing? (Choose two.)

  • Global addresses start with 2000::/3.*
  • Link-local addresses start with FE00:/12.
  • Link-local addresses start with FF00::/10.
  • There is only one loopback address and it is ::1.*
  • If a global address is assigned to an interface, then that is the only allowable address for the interface.
Show (Hide) Explanation/Reference
Below is the list of common kinds of IPv6 addresses:

Loopback address ::1
Link-local address FE80::/10
Site-local address FEC0::/10
Global address 2000::/3
Multicast address FF00::/8

From the above table, we learn that A and D are correct while B and C are incorrect. Notice that the IPv6 unicast loopback address is equivalent to the IPv4 loopback address, The IPv6 loopback address is 0:0:0:0:0:0:0:1, or ::1.

E is not correct because of anycast addresses which are indistinguishable from normal unicast addresses. You can think of anycast addresses like this: “send it to nearest one which have this address”. An anycast address can be assigned to many interfaces and the first interface receives the packet destined for this anycast address will proceed the packet. A benefit of anycast addressing is the capability to share load to multiple hosts. An example of this benefit is if you are a Television provider with multiple servers and you want your users to use the nearest server to them then you can use anycast addressing for your servers. When the user initiates a connection to the anycast address, the packet will be routed to the nearest server (the user does not have to specify which server they want to use).

493. While troubleshooting a DHCP client that is behaving erratically, you discover that the client has been assigned the same IP address as a printer that is a staticIP address. Which option is the best way to resolve the problem?

  • Configurea static route to the client.
  • Assign the client the same IP address as the router.
  • Move the client to another IP subnet
  • Move the printer to another IP subnet.
  • Reserve the printer IP address.*
Show (Hide) Explanation/Reference
In this case the printer is statically assigned an IP address so we have to make sure DHCP server does not assign the same IP address to another device. We can configure the DHCP server with the command “ip dhcp excluded-address <ip-address>” (suppose it is a Cisco device).

494. Under which circumstance is a router on a stick most appropriate?

  • When a router have multiple subnets on a single physical link.*
  • When a router have single subnet on multiple physical links.
  • When a router have multiple interface on single physical links.
  • When a router have single interface on multiple physical links.

495. Refer to the exhibit. Given the output from the show ip eigrp topology command, which router is the feasible successor?

  • (Serial0), from, Send flag is 0x0
    Composite metric is (46152000/41640000), Route is Internal
    Vector metric:
    Minimum bandwidth is 64 Kbit
    Total delay is 45000 Microseconds
    Reliability is 255/255
    Load is 1/255
    Minimum MTU is 1500
    Hop count is 2
  • (Serial0.1), from, Send flag is 0x0
    Composite metric is (53973248/128256), Route is Internal
    Vector Metric:
    Minimum bandwidth is 48 Kbit
    Total delay is 25000 Microseconds
    Reliability is 255/255
    Load is 1/255
    Minimum MTU is 1500
    Hop count is 1
  • (Serial0), from, Send flag is 0x0
    Composite metric is (46866176/46354176), Route is Internal
    Vector metric:
    Minimum bandwidth is 56 Kbit
    Total delay is 45000 microseconds
    Reliability is 255/255
    Load is 1/255
    Minimum MTU is 1500
    Hop count is 2
  • (Serial0.1), from, Send flag is 0x0
    Composite metric is (46763776/46251776), Route is External
    Vector metric:
    Minimum bandwidth is 56 Kbit
    Total delay is 41000 microseconds
    Reliability is 255/255
    Load is 1/255
    Minimum MTU is 1500
    Hop count is 2

496. Which symptom can cause duplex mismatch problem?

  • no earner
  • collisions on interface*
  • giants
  • CRC errors

497. Which of the port is not part of STP protocol.

  • Listening
  • Learning
  • Forwarding
  • Discarding*

498. which port security violation mode allows traffic from valid mac address to pass but block traffic from invalid mac address?

  • protect*
  • shutdown
  • shutdown vlan
  • restrict
Show (Hide) Explanation/Reference
In fact both “protect” and “restrict” mode allows traffic from passing with a valid MAC address so this question is not good. This is a quote from Cisco for these two modes:

protect: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.

restrict: drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/port_sec.pdf

Therefore the only difference between these two modes is “restrict” mode causes the SecurityViolation counter to increment (only useful for statistics).

499. Which type of routing protocol operates by exchanging the entire routing information ?

  • distance vector protocols*
  • link state protocols
  • path vector protocols
  • exterior gateway protocols
Show (Hide) Explanation/Reference
Distance vector protocols (like RIP) exchanges the entire routing information each time the routers send the updates.

Note: EIGRP is considered an advanced distance vector protocol so it does not send the whole routing table for each update.

500. Which IPsec security protocol should be used when confidentiality is required?

  • MD5
  • PSK
  • AH
  • ESP*
Show (Hide) Explanation/Reference
IPsec is a pair of protocols, Encapsulating Security Payload (ESP) and Authentication Header (AH), which provide security services for IP datagrams.

ESP can provide the properties authentication, integrity, replay protection, and confidentiality of the data (it secures everything in the packet that follows the IP header).

AH provides authentication, integrity, and replay protection (but not confidentiality) of the sender.

501. Which IPv6 routing protocol uses multicast group FF02::9 to send updates?

  • static
  • RIPng*
  • OSPFv3
  • IS-IS for IPv6
Show (Hide) Explanation/Reference
Below lists some reserved and well-known IPv6 multicast address in the reserved multicast address range:

FF01::1 All IPv6 nodes within the node-local scope
FF01::2 All IPv6 routers within the node-local scope
FF02::1 All IPv6 nodes within the link-local scope
FF02::2 All IPv6 routers within the link-local scope
FF02::5 All OSPFv3 routers within the link-local scope
FF02::6 All OSPFv3 designated routers within the link-local scope
FF02::9 All RIPng routers within the link-local scope
FF02::A All EIGRP routers within the link-local scope
FF02::D All PIM routers within the link-local scope
FF02::1:2 All DHCPv6 agents (servers and relays) within the link-local scope
FF05::2 All IPv6 routers within the site-local scope
FF02::1:FF00:0/104 IPv6 solicited-node multicast address within the link-local scope

502. which definition of a host route is true ?

  • A route that is manually configured
  • A route used when a destination route is missing.
  • A route to the exact /32 destination address*
  • Dynamic route learned from the server.
Show (Hide) Explanation/Reference
A host route for IPv4 has the mask /32, and a host route for IPv6 has the mask /128. If an IPv4 address is configured with a mask of /32 on an interface of the router, which is typical for loopback interfaces, the host route appears in the routing table only as connected (for example in the routing table we will see this line: “C is directly connected, Loopback0”.

Reference: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/116264-technote-ios-00.html

503. which statement about upgrading a cisco IOS device with TFTP server ?

  • the operation is performed in active mode
  • the operation is performed in unencrypted format
  • the operation is performed in passive mode
  • the cisco IOS device must be on the same LAN as the TFTP server*
Show (Hide) Explanation/Reference
Verify that the TFTP or RCP server has IP connectivity to the router. If you cannot successfully ping between the TFTP or RCP server and the router, do one of the following:
– Configure a default gateway on the router.
– Make sure that the server and the router each have an IP address in the same network or subnet.

Reference: https://www.cisco.com/c/en/us/td/docs/routers/access/1900/software/configuration/guide/Software_Configuration/upgrade.html

The first option implies the router can be in a different subnet from the TFTP server -> D is not correct.

TFTP has no encryption process so answer B is correct.

504. Which statement about DHCP snooping is true?

  • it blocks traffic from DHCP servers on untrusted interfaces.*
  • it can be configured on switches and routers.
  • it allows packets from untrusted ports if their source MAC address is found in the binding table.
  • it uses DHCPDiscover packets to identify DHCP servers.

505. Which three commands are required to enable NTP authentication on a Cisco router? (Choose three)

  • ntp peer
  • ntp max-associations
  • ntp authenticate*
  • ntp trusted-key*
  • ntp authentication-key*
  • ntp refclock
Show (Hide) Explanation/Reference
+ The “ntp authenticate” command is used to enable the NTP authentication feature (NTP authentication is disabled by default).

+ The “ntp trusted-key” command specifies one or more keys that a time source must provide in its NTP packets in order for the device to synchronize to it. This command provides protection against accidentally synchronizing the device to a time source that is not trusted.

+ The “ntp authentication-key” defines the authentication keys. The device does not synchronize to a time source unless the source has one of these authentication keys and the key number is specified by the “ntp trusted-key number” command.

506. Which functionality does an SVI provide?

  • OSI Layer 2 connectivity to switches
  • remote switch administration
  • traffic routing for VLANs*
  • OSI Layer 3 connectivity to switches

507.Which three statements about IPv6 address fd14:920b:f83d:4079::/64 are true? (Choose two)

  • A. The subnet ID is 14920bf83d
  • B. The subnet ID is 4079*
  • C. The global ID is 14920bf83d
  • D. The address is a link-local address
  • E. The global ID is 4079
  • F. The address is a unique local address*
Show (Hide) Explanation/Reference
Let’s see an example of IPv6 prefix: 2001:0A3C:5437:ABCD::/64:

In this example, the RIR has been assigned a 12-bit prefix. The ISP has been assigned a 32-bit prefix and the site is assigned a 48-bit site ID. The next 16-bit is the subnet field and it can allow 216, or 65536 subnets. This number is redundant for largest corporations on the world!

The 64-bit left (which is not shown the above example) is the Interface ID or host part and it is much more bigger: 64 bits or 264 hosts per subnet!

Therefore in this question 4079 is the subnet ID. The FD14 prefix belongs to FC00::/7 which is an IPv6 Unique Local Address (The address block fc00::/7 is divided into two /8 groups which are FC00::/8 & FD00::/8)

508. Which type of cable must you use to connect two device with mdi interfaces ?

  • rolled
  • crossover*
  • crossed
  • straight through
Show (Hide) Explanation/Reference
Use an Ethernet straight-through cable to connect an medium dependent interface (MDI) to an MDI-X port. Use a <strong>cross-over cable</strong> to connect an MDI to an MDI port, or an MDI-X to an MDI-X port.

Reference: <a href=”https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5505guide/ASA5505HIG/pinouts.html” target=”_blank” rel=”noopener noreferrer”>https://www.cisco.com/c/en/us/td/docs/security/asa/hw/maintenance/5505guide/ASA5505HIG/pinouts.html</a>

Note: MDI/MDIX is a type of Ethernet port connection using twisted pair cabling.

509. Which of the following is true about spanning-tree root-bridge election

  • It happens automatically. (something like that)*
  • Every root bridge has the same VLAN.
  • Every VLAN has its own root bridge.
  • i forgot the last

510. how is MPLS implemented (like this) :

  • on LAN
  • must be on redundant links
  • can be on redundant or nonredundant links*
  • can’t remember

511. Question about HTTP API :

  • Rest*
  • OpenFlow
  • COpflex
  • OpenStack

512. What two state that lacp forwarding (something like this)

  • Passive *
  • Active*
  • Auto
  • Desirable

513. On which type of device is every port in the same collision domain?

  • A. a router
  • B. a Layer 2 switch
  • C. a hub*

514. Which MTU size can cause a baby giant error?

  • A. 1500
  • B. 9216
  • C. 1600
  • D. 1518*
Show (Hide) Explanation/Reference
Ethernet frame size refers to the whole Ethernet frame, including the header and the trailer while MTU size refers only to Ethernet payload. Baby giant frames refer to Ethernet frame size up to 1600 bytes, and jumbo frame refers to Ethernet frame size up to 9216 bytes (according to this link: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/29805-175.html)

For example, standard Ethernet frame MTU is 1500 bytes. This does not include the Ethernet header and Cyclic Redundancy Check (CRC) trailer, which is 18 bytes in length, to make the total Ethernet frame size of 1518.

So according to strict definition, MTU size of 1600 cannot be classified as baby giant frames as the whole Ethernet frames will surely larger than 1600 -> Answer C is not correct.

Answer D is a better choice as the MTU is 1518, so the whole Ethernet frame would be 1536 (1518 + 18 Ethernet header and CRC trailer). This satisfies the requirement of baby giant frames “Baby giant frames refer to Ethernet frame size up to 1600 bytes”.

515. A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network. From this statement, what is known about the network interface port?

  • A. This is a 10 Mb/s switch port.
  • B. This is a 100 Mb/s switch port.
  • C. This is an Ethernet port operating at half duplex.*
  • D. This is an Ethernet port operating at full duplex.
  • E. This is a port on a network interface card in a PC.
Show (Hide) Explanation/Reference
Modern Ethernet networks built with switches and full-duplex connections no longer utilize CSMA/CD. CSMA/CD is only used in obsolete shared media Ethernet (which uses repeater or hub).

516. Which two statements about fiber cable are true? (Choose two)

  • A. Single-mode fiber supports SC and LC connectors only
  • B. Single-mode cable is most appropriate for installations longer 10 km*
  • C. Fiber cable is relatively inexpensive and supports a higher data rate than coaxial cable
  • D. Multimode cable supports speeds between 100 Mbps and 100 Gbps*
  • E. Multimode cable supports speeds between 100 Mbps and 9.92 Gbps
Show (Hide) Explanation/Reference
Single-mode fiber allows only one mode of light to propagate. Because of this, the number of light reflections created as the light passes through the core decreases, lowering attenuation and creating the ability for the signal to travel further. This application is typically used in long distance, higher bandwidth.

Because of the high dispersion and attenuation rate with multimode fiber cable, the quality of the signal is reduced over long distances.

Reference: https://www.multicominc.com/training/technical-resources/single-mode-vs-multi-mode-fiber-optic-cable/

In fact it is difficult to say what the maximum distance of single-mode or multimode fiber but according to this link (table 1):


Single-mode cable is good for installations longer than 10km.

At present, there are four kinds of multi-mode fibers: OM1, OM2, OM3 and OM4. The letters “OM” stand for optical multi-mode. OM3 and OM4 fibers will support upcoming 40 and 100 Gb/s speeds.

517. Two routers named Atlanta and Brevard are connected by their serial interfaces as illustrated, but there is no connectivity between them. The Atlanta router is known to have a correct configuration.
Given the partial configurations, identify the problem on the Brevard router that is causing the lack of connectivity.

  • A. transmission unit size too large
  • B. no loopback set
  • C. an incorrect subnet mask
  • D. incompatible encapsulation at each end
  • E. an incorrect IP address*
  • F. incompatible bandwidth between routers

518. Which two pieces of information are provided by the “show controllers serial 0” command? (Choose two)

  • A. the type of cable that is connected to the interface.*
  • B. The uptime of the interface
  • C. the status of the physical layer of the interface*
  • D. the full configuration of the interface
  • E. the interface‟s duplex settings
Show (Hide) Explanation/Reference
Below is an example of the output of this command:

The “show controllers serial …” command tells us about the type of the cable (in the case V.35 DTE cable) and the status of the physical layer of the interface. In above output we learn that there is an cable attached on S0/0 interface. If no cable is found we will see the line “No DTE cable” instead.

519. What is the benefit of point-to-point leased line?

  • A. Low cost
  • B. Full-mesh capability
  • C. Flexibility of design
  • D. Simply configuration*
Show (Hide) Explanation/Reference
Point-to-point leased line is the most expensive interconnection between two ends as the line is dedicated to a single user, the user should still pay for all available bandwidth, including those unused. -> A is not correct.

With the cost of point-to-point leased line, the full-mesh capability is only achieved when your company has very very strong budget to pay all the bills. To create a full-mesh topology for n sites, we need n*(n-1)/2 leased line connections. For example if we have 6 sites then we need 6*5/2 = 15 leased line connections -> It is nearly impossible for a normal company to achieve full-mesh topology -> B is not correct.

Flexibility is not an advantage of leased line connection -> C is not correct.

Point-to-point leased line simplifies the configuration as the circuit is available on a permanent basis and does not require a connection to be set up before traffic is passed. It does not require to define a permanent virtual circuit (PVC) in the configuration either -> D is correct.

520. Which statement about QoS default behavior is true?

  • A. Ports are untrusted by default.
  • B. VoIP traffic is passed without being tagged.
  • C. Video traffic is passed with a well-known DSCP value of 46.
  • D. Packets are classified internally with an environment.
  • E. Packets that arrive with a tag are untagged at the edge of an administrative domain.*

521. Which function does traffic shaping perform?

  • A. It buffers and queues excess packets*
  • B. It buffers traffic without queuing it
  • C. It queues traffic without buffering it
  • D. It drops packets to control the output rate
Show (Hide) Explanation/Reference
The following diagram illustrates the key difference between traffic policing and traffic shaping. Traffic policing propagates bursts. When the traffic rate reaches the configured maximum rate (or committed information rate), excess traffic is dropped (or remarked). The result is an output rate that appears as a saw-tooth with crests and troughs. In contrast to policing, traffic shaping retains excess packets in a queue and then schedules the excess for later transmission over increments of time. The result of traffic shaping is a smoothed packet output rate.

522. Which QoS tool can you use to optimize voice traffic on a network that is primarily intended for data traffic?

  • A.WRED
  • B. FIFO
  • C. PQ*
  • D.WFQ
Show (Hide) Explanation/Reference
With Priority Queueing (PQ), traffic is classified into high, medium, normal, and low priority queues. The high priority traffic is serviced first, then medium priority traffic, followed by normal and low priority traffic.  -> Therefore we can assign higher priority for voice traffic.

Also with PQ, higher priority traffic can starve the lower priority queues of bandwidth. No bandwidth guarantees are possible -> It is still good because this network is mostly used for data traffic so voice traffic amount is small.

With First In First Out (FIFO) or Weighted Fair Queueing (WFQ), there is no priority servicing so they are not suitable here.

Reference: https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/qos_solutions/QoSVoIP/QoSVoIP.html

Weighted Random Early Detection (WRED) is just a congestion avoidance mechanism. WRED measures the size of the queues depending on the Precedence value and starts dropping packets when the queue is between the minimum threshold and the maximum threshold -> It does not have priority servicing either.

523. Which type of interface can negotiate an IP address for a PPPoE client?

  • A. Ethernet
  • B. dialer*
  • C. serial
  • D. Frame Relay
Show (Hide) Explanation/Reference
In the Dialer interface, we can use the “ip address negotiated” command to ask for an IP address from the PPPoE Server.

524. Which statement about MPLS is true?

  • A. It operates in Layer 1.
  • B. It operates between Layer 2 and Layer 3.*
  • C. It operates in Layer 3.
  • D. It operates in Layer 2.
Show (Hide) Explanation/Reference
MPLS operates at a layer that lies between traditional definitions of Layer 2 (data link layer) and Layer 3 (network layer), and thus is often referred to as a “layer 2.5” protocol.

525. Which type of topology is required by DMVPN?

  • A. ring
  • B. full mesh
  • C. hub-and-spoke*
  • D. partial mesh
Show (Hide) Explanation/Reference
The topology of DMVPN is always hub-and-spoke as all Spokes are required to connect to the Hub router directly.

526. Which command would you configure globally on a Cisco router that to re-enable CDP if it was disabled by the administrator?

  • A. enable cdp
  • B. cdp enable
  • C. cdp run*
  • D. run cdp

527. Which statement about Cisco Discovery Protocol is true?

  • A. It is Cisco-proprietary Protocol*
  • B. It can discover information from routers, firewalls and switches
  • C. It runs on the network layer
  • D. It runs on the physical layer and the data link layer.

528. What two statements about CDP are true? (Choose two)

  • A. CDP runs on the data link layer only *
  • B. CDP uses SNMP to share device information to an external server
  • C. CDP runs on the network layer and the data link layer
  • D. CDP uses TLVs to share device information*
  • E. CDP used to initiate a VTP server and client relationship

529. Which destination IP address can a host use to send one message to multiple devices across different subnets?

  • A.
  • B.
  • C.
  • D.*
Show (Hide) Explanation/Reference
In order to send traffic to multiple devices (not all) across different subnets we need to use multicast addresses, which are in the range through -> D is correct.

530. Which two statements are true for multicast MAC address directions?

  • A. 01:00:5E:xx:xx:xx*
  • B. one to one
  • C. 01 00 xx xxxxxxx
  • D. 02 xx xxxxxxx
  • E. one to many*
Show (Hide) Explanation/Reference
The Internet authorities have reserved the multicast address range of 01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF for Ethernet and Fiber Distributed Data Interface (FDDI) media access control (MAC) addresses.

531. Which command can you use to set the hostname on a switch?

  • A. switch-mdf-c1(config)#hostname switch-mdf1*
  • B. switch-mdf-c1>hostname switch-mdf1
  • C. switch-mdf-c1#hostname switch-mdf1
  • D. switch-mdf-c1(config-if)#hostname switch-mdf1

532. Refer to the exhibit. What is the effect of the given configuration?

Switch#configuration terminal
Switch#interface VLAN 1
Switch(config-if)#ip address
  • A. It configures an inactive switch virtual interface.*
  • B. It configures an active management interface.
  • C. It configures the native VLAN.
  • D. It configures the default VLAN.
Show (Hide) Explanation/Reference
In the configuration above, the “no shutdown” command was missing so interface Vlan 1 is still inactive. Notice that only the loopback command does not need the “no shutdown” command to work.

533. Which statement about switch access ports is true?

  • A. They drop packets with 802.1Q tags.*
  • B. A VLAN must be assigned to an access port before it is created.
  • C. They can receive traffic from more than one VLAN with no voice support
  • D. By default, they carry traffic for VLAN 10.
Show (Hide) Explanation/Reference
A VLAN does not need to be assigned to any port -> B is not correct.

An access port can only receive traffic from one VLAN -> C is not correct.

If not assigned to a specific VLAN, an access port carries traffic for VLAN 1 by default -> D is not correct.

An access port will drop packets with 802.1Q tags -> A is correct. Notice that 802.1Q tags are used to packets moving on trunk links.

534. Which feature allows a device to use a switch port that is configured for half-duplex to access the network?

  • A. CSMA/CD*
  • B. IGMP
  • C. port security
  • D. split horizon
Show (Hide) Explanation/Reference
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is the LAN access method used in Ethernet. When a device wants to gain access to the network, it checks to see if the network is free. If the network is not free, the device waits a random amount of time before retrying. If the network is free and two devices access the line at exactly the same time, their signals collide. When the collision is detected, they both back off and wait a random amount of time before retrying.

CSMA/CD is used with devices operating in half-duplex mode only. CSMA/CD helps devices connecting to half-duplex switch ports operate correctly.

535. Which option is a invalid hostname for a switch?

  • A. 5witch-Cisco
  • B. Switch-Cisco!*
  • C. 5witchCisc0
  • D. SwitchCisc0
Show (Hide) Explanation/Reference
The “!” is a special character which is not allowed in the hostname of Cisco device.


A technician has installed SwitchB and needs to configure it for remote access from the management workstation connected SwitchA. Which set of commands is required to accomplish this task?

  • A.
    SwitchB(config)#interface FastEthernet 0/1
    SwitchB(config-if)#ip address
    SwitchB(config-if)#no shutdown
  • B.
    SwitchB(config)#ip default-gateway
    SwitchB(config)#interface vlan 1
    SwitchB(config-if)#ip address
    SwitchB(config-if)#no shutdown
  • C.
    SwitchB(config)#interface vlan 1
    SwitchB(config-if)#ip address
    SwitchB(config-if)#ip default-gateway
    SwitchB(config-if)#no shutdown
  • D.
    SwitchB(config)#ip default-network
    SwitchB(config)#interface vlan 1
    SwitchB(config-if)#ip address
    SwitchB(config-if)#no shutdown
Show (Hide) Explanation/Reference
To remote access to SwitchB, it must have a management IP address on a VLAN on that switch. Traditionally, we often use VLAN 1 as the management VLAN (but in fact it is not secure).

In the exhibit, we can recognize that the Management Workstation is in a different subnet from the SwitchB. For intersubnetwork communication to occur, you must configure at least one default gateway. This default gateway is used to forward traffic originating from the switch only, not to forward traffic sent by devices connected to the switch.

537. Which of the three options are switchbox configurations that can always avoid duplex mismatch errors between two switches? (Choose three)

  • A. Set one side of the connection to the full duplex and the other side to half duplex
  • B. Set both sides of the connection to full duplex*
  • C. Set one side of the connection to auto-negotiate and the other side to half duplex
  • D. Set one side of the connection to auto-negotiate and the other side to full duplex
  • E. Set both sides of the connection to auto-negotiate*
  • F. Set both sides of the connection to half duplex*

538. Which two circumstances can cause collision domain issues on VLAN domain? (Choose two)

  • A. duplex mismatches on Ethernet segments in the same VLAN*
  • B. multiple errors on switchport interfaces
  • C. congestion on the switch inband path*
  • D. a failing NIC in an end device
  • E. an overloaded shared segment
Show (Hide) Explanation/Reference
On an Ethernet connection, a duplex mismatch is a condition where two connected devices operate in different duplex modes, that is, one operates in half duplex while the other one operates in full duplex. Duplex mismatch can easily cause collision domain issue as the device that operates in full duplex mode turns off CSMA/CD. So it is eager to send data immediately without checking if the link is free to use -> A is correct.

An “inband path” is the path which provides path for management traffic (like CDP, VTP, PAgP…) but we are not sure why congestion on the switch inband path can cause collision domain issues. Maybe congestion on inband path prevents the JAM signal (sent when a collision occurs on the link) to be sent correctly on the link.

539. What is the default VLAN on an access port?

  • A. 0
  • B. 1*
  • C. 10
  • D. 1024
Show (Hide) Explanation/Reference
If we configure an access port as follows:

Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access

Then this interface, by default, will belong to VLAN 1. Of course we can assign another VLAN to this port via the “switchport access vlan {vlan-number}” command. 

540. Which statement about DTP is true?

  • A. It uses the native VLAN.
  • B. It negotiates a trunk link after VTP has been configured.
  • C. It uses desirable mode by default.
  • D. It sends data on VLAN 1.*
Show (Hide) Explanation/Reference
Control traffic like CDP, DTP, PAgP, and VTP uses VLAN 1 to operate, even if you change the native VLAN.

541. Refer to the topology shown in the exhibit. Which ports will be STP designated ports if all the links are operating at the same bandwidth? (Choose three)

  • A. Switch A – Fa0/0
  • B. Switch A – Fa0/1 *
  • C. Switch B – Fa0/0 *
  • D. Switch B – Fa0/1 *
  • E. Switch C – Fa0/0
  • F. Switch C – Fa0/1
Show (Hide) Explanation/Reference
First by comparing their MAC addresses we learn that switch B will be root bridge as it has lowest MAC. Therefore all of its ports are designated ports -> C & D are correct.

On the link between switch A & switch C there must have one designated port and one non-designated (blocked) port. We can figure out which port is designated port by comparing their MAC address again. A has lower MAC so Fa0/1 of switch A will be designated port while Fa0/1 of switch C will be blocked -> B is correct.

542. Which IEEE standard does PVST+ use to tunnel information?

  • A. 802.1x
  • B. 802.1q*
  • C. 802.1w
  • D. 802.1s
Show (Hide) Explanation/Reference
Cisco developed PVST+ to allow strolling numerous STP instances, even over an 802.1Q network via the use of a tunneling mechanism. PVST+ utilizes Cisco gadgets to hook up with a Mono Spanning Tree area to a PVST+ region. No particular configuration is needed to attain this. PVST+ affords assist for 802.1Q trunks and the mapping of a couple of spanning trees to the single spanning tree of popular 802.1Q switches strolling Mono Spanning Tree.

543. Which spanning-tree feature places a port immediately into a forwarding stated?

  • A. BPDU guard
  • B. PortFast*
  • C. loop guard
  • D. UDLD
  • E. Uplink Fast
Show (Hide) Explanation/Reference
When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states.

544. Which type of port role does not participate in STP calculation?

  • A. Listening
  • B. Learning
  • C. Forwarding
  • D. Discarding*

545. A question about BPDU. What would a PortFast BPDU guard port do when it is configured on a port? (Choose two)

  • A. err-disabled when port receives BPDUs*
  • B. supported only on nontrunking access ports*
  • C. forward when port receives BPDUs
  • D. supported on trunk ports
Show (Hide) Explanation/Reference
PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html

546. Which two switch states are valid for 802.1w? (Choose two)

  • A. listening
  • B. backup
  • C. disabled
  • D. learning*
  • E. discarding*
Show (Hide) Explanation/Reference
IEEE 802.1w is Rapid Spanning Tree Protocol (RSTP). There are only three port states left in RSTP that correspond to the three possible operational states. The 802.1D disabled, blocking, and listening states are merged into the 802.1w discarding state.

* Discarding – the port does not forward frames, process received frames, or learn MAC addresses – but it does listen for BPDUs (like the STP blocking state)
* Learning – receives and transmits BPDUs and learns MAC addresses but does not yet forward frames (same as STP).
* Forwarding – receives and sends data, normal operation, learns MAC address, receives and transmits BPDUs (same as STP).

547. Which option describes how a switch in rapid PVST+ mode responds to a topology change?

  • A. It immediately deletes dynamic MAC addresses that were learned by all ports on the switch.
  • B. It sets a timer to delete all MAC addresses that were learned dynamically by ports in the same STP instance.*
  • C. It sets a timer to delete dynamic MAC addresses that were learned by all ports on the switch.
  • D. It immediately deletes all MAC addresses that were learned dynamically by ports in the same STP instance.
Show (Hide) Explanation/Reference
For PVST and PVST+, any change in the STP topology will result in a Topology Change Notification (TCN) BPDU. The TCN tells the switches that a change in the topology table has occurred, and they must therefore flush their Content-Addressable Memory (CAM) tables. Switches will set their CAM tables to age out after ForwardDelay seconds, which is 15 seconds by default. In other words, if a host doesn’t send traffic within 15 seconds to update the CAM table, the switch will have to begin flooding traffic to that host. This can lead to excessive amounts of flooded traffic.

For more information please read: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/12013-17.html

548. Which protocol supports sharing the VLAN configuration between two or more switches?

  • A. multicast
  • B. STP
  • C. VTP*
  • D. split-horizon
Show (Hide) Explanation/Reference
With VTP, switches can learn VLAN configuration of other switches dynamically.

549. To configure the VLAN trunking protocol to communicate VLAN information between two switches, what two requirements must be met? (Choose two)

  • A. Each end of the trunk line must be set to IEEE 802.1E encapsulation.
  • B. The VTP management domain name of both switches must be set the same.*
  • C. All ports on both the switches must be set as access ports.
  • D. One of the two switches must be configured as a VTP server.*
  • E. A rollover cable is required to connect the two switches together.
  • F. A router must be used to forward VTP traffic between VLANs.
Show (Hide) Explanation/Reference
In Cisco switches there are two encapsulations: 802.1q and ISL so we can set two ends to ISL instead -> A is not correct.

The ports between two switches must be set to trunk ports so that they can exchange VLAN information through VTP -> C is not correct.

To connect two switches we can use cross-over cable or straight-through cable (because modern Cisco switches can “auto-sense”) but not rollover cable -> E is not correct.

To forward traffic in the same VLAN (between two or more switches) we can use switches only. If we want to forward VTP traffic between different VLANs we can use either a router or a Layer 3 switch -> F is not correct.

Two switches can only communicate when they are set to the same VTP domain name (and the same VTP password) -> B is correct.

One of the two switches must be set to VTP Server so that it can create VTP updates and advertise its VLAN information.

550. Which feature can you use to monitor traffic on a switch by replicating it to another port or ports on the same switch?

  • A. copy run start
  • B. traceroute
  • C. the ICMP Echo IP SLA
  • D. SPAN*
Show (Hide) Explanation/Reference
Switched Port Analyzer (SPAN) is used to analyze network traffic passing through ports on a switch. For example we can configure the Switch to monitor its interface Fa0/0, which connects to the Core, by sending all traffic to/from Fa0/0 to its Fa0/1 interface. At Fa0/1 interface we connect to a computer and use such a software like Wireshark to capture the packets.

551. Refer to the exhibit. While troubleshooting a switch, you executed the “show interface port-channel 1 etherchannel” command and it returned this output. Which information is provided by the Load value?

  • A. the percentage of use of the link
  • B. the preference of the link
  • C. the session count of the link
  • D. the number source-destination pairs on the link*
Show (Hide) Explanation/Reference
The way EtherChannel load balancing works is that the switch assigns a hash result from 0-7 based on the configured hash method ( load balancing algorithm ) for the type of traffic. This hash result is commonly called as Result Bundle Hash (RBH).

Now we need to convert Load value from Hexadecimal to Binary numbers. Therefore:
+ Gi1/1: 36 (Hex) = ‭00110110‬ (Bin) -> Bits 3, 4, 6, 7 are chosen
+ Gi1/2: 84 (Hex) = ‭10000100‬ (Bin) -> Bits 1, 6 are chosen
+ Gi1/3: 16 (Hex) = ‭00010110‬ (Bin) -> Bits 4, 6, 7 are chosen

Therefore if the RBH is 3, it will choose Gi1/1. If RBH is 4, it will choose Gi1/1 and Gi1/3 interfaces. If RBH is 6 it will choose all three above interfaces. And the bit sharing ratio is 3:3:2 (from “No of bits” column) hence two links has higher probability of getting utilized as compared to the third link.

552. Which configuration can you apply to enable encapsulation on a subinterface?

  • A. interface FastEthernet 0/0
    encapsulation dot1Q 30
    ip address
  • B. interface FastEthernet 0/0.30
    ip address
  • C. interface FastEthernet 0/0.30
    description subinterface vlan 30
  • D. interface FastEthernet 0/0.30
    encapsulation dot1Q 30
    ip address*
Show (Hide) Explanation/Reference
To enabe encapsulation on a subinterface we have type the “encapsulation” command under that subinterface, not the main interface. An example of configuring encapsulation on subinterface of Fa0/1 is shown below:

Router(config)#interface f0/0
Router(config-if)#no shutdown

(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)

Router(config)#interface f0/0.0
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address
Router(config-subif)#interface f0/0.1
Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address

Note: In the “encapsulation dot1q 10”, number 10 is the VLAN applied to that subinterface. Or you can understand that the subinterface belongs to that VLAN.

553. Which statement about slow inter VLAN forwarding is true?

  • A. The VLAN is experiencing slowness in the point-to-point collisionless connection.
  • B. The VLANs are experiencing slowness because multiple devices are connected to the same hub.
  • C. The local VLAN is working normally, but traffic to the alternate VLAN is forwarded slower than expected.
  • D. The entire VLAN is experiencing slowness.
  • E. The VLANs are experiencing slowness due to a duplex mismatch.*
Show (Hide) Explanation/Reference
The causes of slow interVLAN are usually duplex mismatch or collision domain issues, user misconfiguration. For more information please read: http://www.cisco.com/c/en/us/support/docs/lan-switching/virtual-lans-vlan-trunking-protocol-vlans-vtp/23637-slow-int-vlan-connect.html#troubleshoot_slow_interv

554. Which function enables an administrator to route multiple VLANs on a router?

  • A. IEEE 802.1X
  • B. HSRP
  • C. port channel
  • D. router on a stick*

555. How is master redundancy provided on a stacked switches?

  • A. 1:N*
  • B. N:1
  • C. 1:1
  • D. 1+N
  • E. N+1
Show (Hide) Explanation/Reference
1:N master redundancy: Every switch in the stack can act as the master. If the current master fails, another master is elected from the stack.

1:N master redundancy allows each stack member to serve as a master, providing the highest reliability for forwarding. Each switch in the stack can serve as a master, creating a 1:N availability scheme for network control. In the unlikely event of a single unit failure, all other units continue to forward traffic and maintain operation.

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/prod_white_paper09186a00801b096a.html


N+1 simply means that there is a power backup in place should any single system component fail. The ‘N’ in this equation stands for the number of components necessary to run your system. The ‘+1’ means there is one independent backup should a component of that system fail. An example of “N+1” is your family has 5 members, so you need 5 cups to drink. But you have one extra cup for redundancy (6 cups in total) so that if any cup breaks, you still have enough cups for the family.

556. Which identification number is valid for an extended ACL?

  • A. 1
  • B. 64
  • C. 99
  • D. 100*
  • E. 299
  • F. 1099
Show (Hide) Explanation/Reference
Below is the range of standard and extended access list:

Access list type Range
Standard 1-99, 1300-1999
Extended 100-199, 2000-2699

In most cases we only need to remember 1-99 is dedicated for standard access lists while 100 to 199 is dedicated for extended access lists.

557. If host Z needs to send data through router R1 to a storage server, which destination MAC address does host Z use to transmit packets?

  • A. the host Z MAC address
  • B. the MAC address of the interface on R1 that connects to the storage server
  • C. the MAC address of the interface on R1 that connects to host Z*
  • D. the MAC address of the storage server interface
Show (Hide) Explanation/Reference
Host Z will use ARP to get the MAC address of the interface on R1 that connects to it and use this MAC as the destination MAC address. It use the IP address of the storage server as the destination IP address.

For example in the topology below, host A will use the MAC address of E0 interface of the router as its destination MAC address to reach the Email Server.

558. Which routing protocol has the smallest default administrative distance?

  • A. IBGP
  • B. OSPF
  • C. IS-IS
  • D. EIGRP*
  • E. RIP
Show (Hide) Explanation/Reference
The Administrative Distance (AD) of popular routing protocols is shown below. You should learn them by heart:

Note: The AD of iBGP is 200

The smaller the AD is, the better it is. The router will choose the routing protocol with smallest AD.

In this case EIGRP with AD of 90 is the smallest one.

559. Which statement about static routes is true?

  • A. The source interface can be configured to make routing decisions.
  • B. A subnet mask is entered for the next-hop address.
  • C. The subnet mask is 255.255 255.0 by default
  • D. The exit interface can be specified to indicate where the packets will be routed.*

560. When a router makes a routing decision for a packet that is received from one network and destined to another, which portion of the packet does if replace?

  • A. Layer 2 frame header and trailer*
  • B. Layer 3 IP address
  • C. Layer 5 session
  • D. Layer 4 protocol
Show (Hide) Explanation/Reference
The Layer 2 information (source and destination MAC) would be changed when passing through each router. The Layer 3 information (source and destination IP addresses) remains unchanged.

Download PDF File below:

Related Articles

Leave a Reply