Thursday 21 February 2013

CCNA – Hotspot

Here you will find answers to CCNA hotspot Questions

Hotspot Routing Question

hotspotquestion1a
hotspotquestion1
Question 1:
If the router R1 has a packet with a destination address 192.168.1.255, what describes the operation of the network?
A – R1 will forward the packet out all interfaces
B – R1 will drop this packet because it is not a valid IP address
C – As R1 forwards the frame containing this packet, Sw-A will add 192.168.1.255 to its MAC table
D – R1 will encapsulate the packet in a frame with a destination MAC address of FF-FF-FF-FF-FF-FF
E – As R1 forwards the frame containing this packet, Sw-A will forward it ti the device assigned the IP address of 192.168.1.255

Answer: B
Question 2:
Users on the 192.168.1.0/24 network must access files located on the Server 1. What route could be configured on router R1 for file requests to reach the server?
A – ip route 0.0.0.0 0.0.0.0 s0/0/0
B – ip route 0.0.0.0 0.0.0.0 209.165.200.226
C – ip route 209.165.200.0 255.255.255.0 192.168.1.250
D – ip route 192.168.1.0 255.255.255.0 209.165.100.250

Answer: A
Quetion 3:
When a packet is sent from Host 1 to Server 1, in how many different frames will the packet be encapsulated as it is sent across the internetwork?
A – 0
B – 1
C – 2
D – 3
E – 4

Answer: C or D(depending on your understand, please read the comments to understand why)
Question 4:
What must be configured on the network in order for users on the Internet to view web pages located on Web Server 2?
A – On router R2,configure a default static route to the 192.168.1.0 network
B – On router r2, configure DNS to resolve the URL assigned to Web Server 2 to the 192.168.1.10 address
C – On router R1, configure NAT to translate an address on the 209.165.100.0/24 network to 192.168.1.10
D – On router R1, configure DHCP to assign a registered IP address on the 209.165.100.0/24 network to Web Server 2

Answer: C
Question 5:
The router address 192.168.1.250 is the default gateway for both the Web Server 2 and Host 1. What is the correct subnet mask for this network?
A – 255.255.255.0
B – 255.255.255.192
C – 255.255.255.250
D – 255.255.255.252

Answer: A

Hotspot Frame-relay Question

hotspotquestion2
hotspotframerelay
(In the old days, this question was a multi-choice question but Cisco upgraded it into a lab-sim question. Therefore, instead of listing all the configuration as above, you have to type show frame-relay map and show running-config to get its configuration)
Note: If you are not sure about Frame-Relay, please read my Frame Relay tutorial.
Question 1:
What destination Layer 2 address will be used in the frame header containing a packet for host 172.30.0.4?
A – 704
B – 196
C – 702
D – 344

Answer: C
Question 2:
A static map to the S-AMER location is required. Which command should be used to create this map?
A – frame-relay map ip 172.30.0.3 704 broadcast
B – frame-relay map ip 172.30.0.3 196 broadcast
C – frame-relay map ip 172.30.0.3 702 broadcast
D – frame-relay map ip 172.30.0.3 344 broadcast

Answer: B
Question 3:
Which connection uses the default encapsulation for serial interfaces on Cisco routers?
A – The serial connection to the MidEast branch office
B – The serial connection to the DeepSouth branch office
C – The serial connection to the NorthCentral branch office
D – The serial connection to the Multinational Core

Answer: A
Question 4:
If required, what password should be configured on the router in the MidEast branch office to allow a connection to be established with the Dubai router?
A – No password is required
B – Enable
C – Scr
D – Telnet
E – Console

Answer: A or D (because maybe there are 2 versions of this question, depending on the output of “show running-config” command, please read the explanation below)
Explanation
This question is not clear for a long time but now maybe the trick was solved. What Cisco wants to ask is the word used as password, not the type of connection, so in the exam you might see some strange words for answers like “En8ble”, “T1net”, “C0nsole”. All you have to do is to use the command “show running-config” as wx4 mentioned below to find the answer.
wx4 commented:
Q4: if password required which?
in my example it was connection to North!
How to figure out which pw is required?
#show running-config
1. check the interface to the router you need connection to. If there is “ppp authentication” you need a password!
2. you will find the password on the top of your running-config output
check the area:
username North password c0nsole
username xxxxx yyyyy
username…
in my case it was c0nsole, in your case it can be no password needed or a different password.
If you are still not clear, please read anton‘s comment:
A big question I noticed here was about the FR Lab regarding the password. You have to perform a show running-config and look for USERNAME and PASSWORD.
i.e.
username South_Router password c0nsol3
username North_Router password t31net
Obviously this has to be en PPP encapsulation, if asked for a posible password for SOUTH_ROUTER you pick c0nsol3, and for NORTH_ROUTER you pick t31net. If you’re running HDLC, i would pick “no password is required”.
Posted by at No comments:

CCNA – VTP Questions

Here you will find answers to VTP Questions
If you are not sure about VTP, please read my VTP tutorial
Question 1
Refer to the exhibit. After SwitchB was added to the network, VLAN connectivity problems started to occur. What caused this problem?
show_vtp_status.jpg
A. Both switches are in server mode in the same domain.
B. The revision number of SwitchB was higher than the revision number of SwitchA.
C. SwitchA was not rebooted prior to adding SwitchB to the network.
D. V2-mode is not enabled.
E. VTP pruning is not activated, so the new paths in the network have not been recalculated.

Answer: B
Explanation
SwitchB has the same VTP Domain Name with SwitchA and it has a higher Configuration Revision number (7 > 1) so it will overwrite VLAN information of SwitchA. Because SwitchB is a new switch so its VLAN information is different from SwitchA -> VLAN connectivity problem occurs.
Question 2
A network administrator is explaining VTP configuration to a new technician. What should the network administrator tell the new technician about VTP configuration? (Choose three)
A. A switch in the VTP client mode cannot update its local VLAN database.
B. A trunk link must be configured between the switches to forward VTP updates.
C. A switch in the VTP server mode can update a switch in the VTP transparent mode.
D. A switch in the VTP transparent mode will forward updates that it receives to other switches.
E. A switch in the VTP server mode only updates switches in the VTP client mode that have a higher VTP revision number.
F. A switch in the VTP server mode will update switches in the VTP client mode regardless of the configured VTP domain membership.

Answer: A B D
Question 3
What are two benefits of using VTP in a switching environment? (Choose two)
A.It allows switches to read frame tags.
B. It allows ports to be assigned to VLANs automatically.
C. It maintains VLAN consistency across a switched network.
D. It allows frames from multiple VLANs to use a single interface.
E. It allows VLAN information to be automatically propagated throughout the switching environment.

Answer: C E
Question 4
What is the name of the VTP mode of operation that enables a switch to forward only VTP advertisements while still permitting the editing of local VLAN information?
A. server
B. client
C. tunnel
D.transparent

Answer: D
Question 5
Which VTP mode is capable of creating only local VLANs and does not synchronize with other switches in the VTP domain?
A. client
B. dynamic
C. server
D. static
E. transparent

Answer: E
Question 6
An administrator is unsuccessful in adding VLAN 50 to a switch. While troubleshooting the problem, the administrator views the output of the show vtp status command, which is displayed in the graphic. What commands must be issued on this switch to add VLAN 50 to the database? (Choose two)
show_vtp_status_add_VLAN.jpg
A. Switch(config-if)# switchport access vlan 50
B. Switch(config)#vtp mode server
C. Switch(config)# config-revision 20
D. Switch(config)#vlan 50 name Tech
E. Switch(vlan)# vlan 50
F. Switch(vlan)# switchport trunk vlan 50

Answer: B E
Explanation
First we notice that the “VTP Operating Mode” of this switch is “Client”. In this mode we can’t add new VLAN so we must change to “Server” mode -> B is correct.
Now we can add a new VLAN, E is the correct configuration for adding a new VLAN.
Question 7
To configure the VLAN trunking protocol to communicate VLAN information between two switches, what two requirements must be met? (Choose two)
A. Each end of the trunk line must be set to IEEE 802.1E encapsulation.
B. The VTP management domain name of both switches must be set the same.
C. All ports on both the switches must be set as access ports.
D. One of the two switches must be configured as a VTP server.
E. A rollover cable is required to connect the two switches together.
F. A router must be used to forward VTP traffic between VLANs.

Answer: B D
Explanation
In Cisco switches there are two encapsulations: 802.1q and ISL so we can set two ends to ISL instead -> A is not correct.
The ports between two switches must be set to trunk ports so that they can exchange VLAN information through VTP -> C is not correct.
To connect two switches we can use cross-over cable or straight-through cable (because modern Cisco switches can “auto-sense”) but not rollover cable -> E is not correct.
To forward traffic in the same VLAN (between two or more switches) we can use switches only. If we want to forward VTP traffic between different VLANs we can use either a router or a Layer 3 switch -> F is not correct.
Two switches can only communicate when they are set to the same VTP domain name (and the same VTP password) -> B is correct.
One of the two switches must be set to VTP Server so that it can create VTP updates and advertise its VLAN information.
Question 8
Which statements describe two of the benefits of VLAN Trunking Protocol? (Choose two)
A. VTP allows routing between VLANs.
B. VTP allows a single switch port to carry information to more than one VLAN.
C. VTP allows physically redundant links while preventing switching loops.
D. VTP simplifies switch administration by allowing switches to automatically share VLAN configuration information.
E. VTP helps to limit configuration errors by keeping VLAN naming consistent across the VTP domain.
F. VTP enhances security by preventing unauthorized hosts from connecting to the VTP domain.

Answer: D E
Explanation
The main purposes of VTP are to simplify switch administration and limit VLAN configuration errors by allowing switches to automatically share VLAN configuration information. It doesn’t require the administrator to go to every switch to configure VLANs.
Maybe you will feel F is also a correct answer but it is not true because VTP only enhances security by preventing unauthorized switches (not hosts) from connecting to the VTP domain (by configuring a VTP domain name & VTP password). An unauthorized host can easily use the network cable of an authorized host to access the network.
Question 9
What are two results of entering the Switch(config)#vtp mode client command on a Catalyst switch? (Choose two)
A. The switch will ignore VTP summary advertisements.
B. The switch will forward VTP summary advertisements.
C. The switch will process VTP summary advertisements.
D. The switch will originate VTP summary advertisements.
E. The switch will create, modify and delete VLANs for the entire VTP domain.

Answer: B C
Question 10
Refer to the exhibit. The show vtp status command is executed at a switch that is generating the exhibited output. Which statement is true for this switch?
show_vtp_status_2.jpg
A. The switch forwards its VLAN database to other switches in the ICND VTP domain.
B. The configuration revision number increments each time the VLAN database is updated,
C. The switch forwards VTP updates that are sent by other switches in the ICND domain,
D. The VLAN database is updated when VTP information is received from other switches.

Answer: C
Explanation
In Transparent mode switch just forwards update sent by other switches without reading it. It doesn’t update its VLAN database so the Configuration Revision doesn’t increase.
Question 11
Refer to the exhibit, The VLAN configuration of S1 is not being in this VTP enabled environment. The VTP and uplink port configurations for each switch are displayed. Which two command sets, if issued, resolve this failure and allow VTP to operate as expected? (choose two)
VTP_mode_client.jpg
A. S2(config)#vtp mode transparent
B. S1(config)#vtp mode client
C. S2(config)#interface f0/24
S2(config-if)#switchport mode access
S2(config-if)#end
D. S2(config)#vtp mode client
E. S1(config)#interface f0/24
S1(config-if)#switchport mode trunk
S1(config-if)#end

Answer: B E
Explanation
First from the output of S1, we learn that it is running under “vtp transparent mode”. In this mode, S1 still receives VTP updates but not learns them. Also in this mode, no trunking is created -> It should be in client or server mode but S2 is already in server mode -> S1 should be in client mode -> B is correct.
Also, VTP updates are only sent on trunk links so the link between S1 and S2 must be set as trunk -> port f0/24 on S1 should be configured as trunked port -> E is correct.
Posted by at No comments:

CCNA – VLAN Questions 2

Here you will find answers to VLAN Questions – Part 2
Question 1
Which of the following are benefits of VLANs? (Choose three)
A. They increase the size of collision domains.
B. They allow logical grouping of users by function.
C. They can enhance network security.
D. They increase the size of broadcast domains while decreasing the number of collision domains.
E. They increase the number of broadcast domains while decreasing the size of the broadcast domains.
F. They simplify switch administration.

Answer: B C E
Explanation
When using VLAN the number and size of collision domains remain the same -> A is not correct.
VLANs allow to group users by function, not by location or geography -> B is correct.
VLANs help minimize the incorrect configuration of VLANs so it enhances the security of the network -> C is correct.
VLAN increases the size of broadcast domains but does not decrease the number of collision domains -> D is not correct.
VLANs increase the number of broadcast domains while decreasing the size of the broadcast domains which increase the utilization of the links. It is also a big advantage of VLAN -> E is correct.
VLANs are useful but they are more complex and need more administration -> F is not correct.
Question 2
Refer to the diagram. All hosts have connectivity with one another. Which statements describe the addressing scheme that is in use in the network? (Choose three)
VLAN_address_scheme.jpg
A. The subnet mask in use is 255.255.255.192.
B. The subnet mask in use is 255.255.255.128.
C. The IP address 172.16.1.25 can be assigned to hosts in VLAN1
D. The IP address 172.16.1.205 can be assigned to hosts in VLAN1
E. The LAN interface of the router is configured with one IP address.
F. The LAN interface of the router is configured with multiple IP addresses.

Answer: B C F
Explantion
First we should notice that different VLANs must use different sub-networks. In this case Host A (172.16.1.126) and Host B (172.16.1.129) are in different VLANs and must use different sub-networks. But in this question, both answer A and B can separate VLAN 1 and VLAN 2 into different sub-networks . In particular, if the subnet mask is 255.255.255.192 we have
+ Sub-network 1: 172.16.1.0 -> 172.16.1.63
+ Sub-network 2: 172.16.1.64 -> 172.16.1.127 (assigned to VLAN 1)
+ Sub-network 3: 172.16.1.128 -> 172.16.1.192 (assigned to VLAN 2)
+ Sub-network 4: 172.16.1.192 -> 172.16.1.255
If the subnet mask is 255.255.255.128 we have 2 sub-networks:
+ Sub-network 1: 172.16.1.0 -> 172.16.1.127 (assigned to VLAN 1)
+ Sub-network 2: 172.16.1.128 -> 172.16.1.255 (assigned to VLAN 2)
But we should notice about the host part of each subnet mask. With 255.255.255.192 we have 2^6 – 2 = 62 hosts per subnet, which is smaller than the requirements of VLAN 1 (84 hosts) and VLAN 2 (114 hosts).
WIth 255.255.255.128 we have 2^7 – 2 = 126 hosts per subnet -> big enough for VLAN 1 & 2
-> B is correct.
The IP address 172.16.1.25, which is in the same sub-network with host A so it can be assigned to VLAN 1 -> C is correct.
To make different VLANs communicate with each other we can configure sub-interfaces (with a different IP address on each interface) on the LAN interface of the router -> F is correct.
Question 3
A network associate is trying to understand the operation of the FLD Corporation by studying the network in the exhibit. The associate knows that the server in VLAN 4 provides the necessary resources to support the user hosts in the other VLANs. The associate needs to determine which interfaces are access ports. Which interfaces are access ports? (Choose three)
VLAN_access_ports.jpg
A. Switch1 – Fa0/2
B. Switch1 – Fa0/9
C. Switch2 – Fa0/3
D. Switch2 – Fa0/4
E. Switch2 – Fa0/8
F. Router – Fa1/0

Answer: A C D
Explanation
Access ports are switch’s ports which are connected to hosts.
Question 4
What are three valid reasons to assign ports to VLANs on a switch? (Choose three)
A. to make VTP easier to implement
B. to isolate broadcast traffic
C. to increase the size of the collision domain
D. to allow more devices to connect to the network
E. to logically group hosts according to function
F. to increase network security

Answer: B E F
Question 5
Which statement is correct about the internetwork shown in the diagram?
VLAN_interrouting.jpg
A. Switch 2 is the root bridge.
B. Spanning Tree is not running.
C. Host D and Server 1 are in the same network.
D. No collisions can occur in traffic between Host B and Host C.
E. If Fa0/0 is down on Router1, Host A cannot access Server1.
F. If Fa0/1 is down on Switch3, Host C cannot access Server2.

Answer: E
Explanation
Switch 2 cannot be the root bridge because all ports of root bridges are designated ports. In the diagram switch 2 has one blocked port -> It is not the root bridge -> A is not correct.
Because Switch 2 has a blocked port so surely Spanning Tree Protocol is running -> B is not correct.
Host D belongs to VLAN 2 while Server 1 belongs to VLAN 3 so they are not in the same network -> C is not correct.
Host B & host C are connected through a hub so they are in the same collision domain and collision can occur -> D is not correct.
We need a router to allow different VLANs to communicate with each other. This router is called “router on a stick”. In this case it is Router1. The link between Router1 and Switch1 is configured as trunk link. If this link is down, different VLANs cannot communicate with each other -> E is correct.
If Fa0/1 is down on Switch3, Spanning Treel Protocol will “open” the blocked port on Switch 2 can Host C can access Server 2 through HostC -> Hub1 -> Switch2 -> Switch1 -> Router1-> Switch1 -> Server2 (notice that it must go through Router1 because they are in different VLANs). So F is not correct.
Question 6
Refer to the exhibit. Which of these statements correctly describes the state of the switch once the boot process has been completed?
VLAN_VLAN1_down.jpg
A. As FastEthernet0/12 will be the last to come up, it will not be blocked by STP.
B. Remote access management of this switch will not be possible without configuration change.
C. More VLANs will need to be created for this switch.
D. The switch will need a different IOS code in order to support VLANs and STP.

Answer: B
Explanation
From the output we notice that the administrator has just shut down Interface Vlan1, which is the default VLAN so no one can access it remotely (like telnet) -> B is correct.
Answer A is not correct as STP calculation does not depend on which port comes up first or last. STP recalculates when there is a change in the network.
A normal switch can operate without VLAN -> C is not correct.
This IOS does support VLAN because it has VLAN 1 on it -> D is not correct.
Posted by at 1 comment:

CCNA – VLAN Questions

Here you will find answers to VLAN Questions
If you are not sure about VLAN, please read my VLAN tutorial.
Question 1
Refer to the exhibit. A network associate needs to configure the switches and router in the graphic so that the hosts in VLAN3 and VLAN4 can communicate with the enterprise server in VLAN2. Which two Ethernet segments would need to be configured as trunk links? (Choose two)
VLAN_trunking.jpg
A. A
B. B
C. C
D. D
E. E
F. F

Answer: C F
Explanation
The link between the switches and the link between switch & router should be configured as trunks. Other links (connected to hosts) should be configured as access links.
Question 2
Which three statements are typical characteristics of VLAN arrangements? (Choose three)
A. A new switch has no VLANs configured.
B. Connectivity between VLANs requires a Layer 3 device.
C. VLANs typically decrease the number of collision domains.
D. Each VLAN uses a separate address space.
E. A switch maintains a separate bridging table for each VLAN.
F. VLANs cannot span multiple switches.

Answer: B D E
Explanation
By default, all ports on a new switch belong to VLAN 1 (default & native VLAN). There are also some well-known VLANs (for example: VLAN 1002 for fddi-default; VLAN 1003 for token-ring…) configured by default -> A is not correct.
To communicate between two different VLANs we need to use a Layer 3 device like router or Layer 3 switch -> B is correct.
VLANs don’t affect the number of collision domains, they are the same -> C is not correct. Typically, VLANs increase the number of broadcast domains.
We must use a different network (or sub-network) for each VLAN. For example we can use 192.168.1.0/24 for VLAN 1, 192.168.2.0/24 for VLAN 2 -> D is correct.
A switch maintains a separate bridging table for each VLAN so that it can send frame to ports on the same VLAN only. For example, if a PC in VLAN 2 sends a frame then the switch look-ups its bridging table and only sends frame out of its ports which belong to VLAN 2 (it also sends this frame on trunk ports) -> E is correct.
We can use multiple switches to expand VLAN -> F is not correct.
Question 3
By default, each port in a Cisco Catalyst switch is assigned to VLAN1. Which two recommendations are key to avoid unauthorized management access? (Choose two)
A. Create an additional ACL to block the access to VLAN 1.
B. Move the management VLAN to something other than default.
C. Move all ports to another VLAN and deactivate the default VLAN.
D. Limit the access in the switch using port security configuration.
E. Use static VLAN in trunks and access ports to restrict connections.
F. Shutdown all unused ports in the Catalyst switch.

Answer: B F
Question 4
Which two benefits are provided by creating VLANs? (Choose two)
A. added security
B. dedicated bandwidth
C. provides segmentation
D. allows switches to route traffic between subinterfaces
E. contains collisions

Answer: A C
Question 5
Which two link protocols are used to carry multiple VLANs over a single link? (Choose two)
A. VTP
B. 802.1q
C. IGP
D. ISL
E. 802.3u

Answer: B D
Explanation
Cisco switches support two trunking protocols 802.1q & ISL. 802.1q is an open standard and is thus compatible between most vendors’ equipment while Inter-Switch Link (ISL) is Cisco proprietary.
Question 6
A switch is configured with all ports assigned to vlan 2 with full duplex FastEthernet to segment existing departmental traffic. What is the effect of adding switch ports to a new VLAN on the switch?
A. More collision domains will be created.
B. IP address utilization will be more efficient.
C. More bandwidth will be required than was needed previously.
D. An additional broadcast domain will be created.

Answer: D
Question 7
Which two statements about the use of VLANs to segment a network are true? (Choose two)
A. VLANs increase the size of collision domains.
B. VLANs allow logical grouping of users by function.
C. VLANs simplify switch administration.
D. VLANs enhance network security.

Answer: B D
Question 8
Cisco Catalyst switches CAT1 and CAT2 have a connection between them using ports Fa0/13. An 802.1Q trunk is configured between the two switches. On CAT1, VLAN 10 is chosen as native, but on CAT2 the native VLAN is not specified. What will happen in this scenario?
A. 802.1Q giants frames could saturate the link.
B. VLAN 10 on CAT1 and VLAN 1 on CAT2 will send untagged frames.
C. A native VLAN mismatch error message will appear.
D. VLAN 10 on CAT1 and VLAN 1 on CAT2 will send tagged frames.

Answer: C
Explanation
A “native VLAN mismatch” error will appear by CDP if there is a native VLAN mismatch on an 802.1Q link. “VLAN mismatch” can cause traffic from one vlan to leak into another vlan.
Question 9
Which two statements describe the Cisco implementation of VLANs? (Choose two)
A. VLAN 1 is the default Ethernet VLAN.
B. CDP advertisements are only sent on VLAN 1002.
C. By default, the management VLAN is VLAN 1005.
D. By default, the switch IP address is in VLAN 1005.
E. VLANs 1002 through 1005 are automatically created and cannot be deleted.

Answer: A E
Question 10
What are three advantages of VLANs? (Choose three)
A. VLANs establish broadcast domains in switched networks.
B. VLANs utilize packet filtering to enhance network security.
C. VLANs provide a method of conserving IP addresses in large networks.
D. VLANs provide a low-latency internetworking alternative to routed networks.
E. VLANs allow access to network services based on department, not physical location.
F. VLANs can greatly simplify adding, moving, or changing hosts on the network.

Answer: A E F
Posted by at No comments:

CCNA – Switch Questions 3

Here you will find answers to Switch Questions – Part 3
Question 1
Which of the following are true regarding bridges and switches? (Choose two)
A. Bridges are faster than switches because they have fewer ports.
B. A switch is a multiport bridge.
C. Bridges and switches learn MAC addresses by examining the source MAC address of each frame received.
D. A bridge will forward a broadcast but a switch will not.
E. Bridges and switches increase the size of a collision domain.

Answer: B C
Question 2
Which two commands correctly verily whether port security has been configured on port FastEthernet 0/12 on a switch? (Choose two)
A. SW1# show switchport port-security interface FastEthernet 0/12
B. SW1# show switchport port-secure interface FastEthernet 0/12
C. SW1# show port-security interface FastEthernet 0/12
D. SW1# show running-config

Answer: C D
Explanation
We can verify whether port security has been configured by using the “show running-config” or “show port-security interface ” for more detail. An example of the output of “show port-security interface ” command is shown below:
show_port-security_interface.jpg
Question 3
Assuming the default switch configuration which vlan range can be added modified and removed on a Cisco switch?
A. 2 through 1001
B. 1 through 1001
C. 1 through 1002
D. 2 through 1005

Answer: A
Explanation
VLAN 1 is the default VLAN on Cisco switch. It always exists and can not be added, modified or removed.
VLANs 1002-1005 are default VLANs for FDDI & Token Ring and they can’t be deleted or used for Ethernet.
show_vlan.jpg
Question 4
Refer to the exhibit. This command is executed on 2960Switch:
2960Switch(config)# mac-address-table static 0000.00aa.aaaa vlan 10 interface fa0/1
Which two of these statements correctly identify results of executing the command? (Choose two)
Switch_mac-address-table_static.jpg
A. Port security is implemented on the fa0/1 interface.
B. MAC address 0000.00aa.aaaa does not need to be learned by this switch.
C. Only MAC address0000.00aa.aaaa can source frames on the fa0/1 segment.
D. Frames with a Layer 2 source address of 0000.00aa.aaaa will be forwarded out fa0/1.
E. MAC address 0000.00aa.aaaa will be listed in the MAC address table for interface fa0/1 only.

Answer: B E
Explanation
The above command adds the MAC address 0000.00aa.aaaa to the MAC address table of the switch. This is called static MAC address. Static addresses have the following characteristics:
* Static addresses will not be removed from the address table when a given interface link is down.
* Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
* A static address cannot be learned on another port until the address is removed with the no form of this command.
Static MAC address is not a Port Security feature -> A is not correct.
If the MAC address 0000.00aa.aaaa is seen again (on fa0/1 or other ports), it does not need to be learned because it already exists in the MAC address table of the switch -> B is correct.
Although configured with a static MAC address, switch can still learn other MAC addresses dynamically -> C is not correct.
Frames with a Layer 2 destination address (not source address) of 0000.00aa.aaaa will be forwarded out fa0/1 -> D is not correct.
Question 5
Which set of commands is recommended to prevent the use of a hub in the access layer?
A.
switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security maximum 1
B.
switch(config-if)#switchport mode trunk
switch(config-if)#switchport port-security mac-address 1
C.
switch(config-if)#switchport mode access
switch(config-if)#switchport port-security maximum 1
D.
switch(config-if)#switchport mode access
switch(config-if)#switchport port-security mac-address 1

Answer: C
Explanation
Port security is only used on access port (which connects to hosts) so we need to set that port to “access” mode, then we need to specify the maximum number of hosts which are allowed to connect to this port -> C is correct.
Note: If we want to allow a fixed MAC address to connect, use the “switchport port-security mac-address ” command.
Question 6
A Catalyst 2950 needs to be reconfigured. What steps will ensure that the old configuration is erased? (Choose three)
A. Erase flash.
B. Restart the switch.
C. Delete the VLAN database.
D. Erase the running configuration.
E. Erase the startup configuration.
F. Modify the configuration register.

Answer: B C E
Question 7
The network administrator has discovered that the power supply has failed on a switch in the company LAN and that the switch has stopped functioning. It has been replaced with a Cisco Catalyst 2950 series switch. What must be done to ensure that this new switch becomes the root bridge on the network?
A. Lower the bridge priority number.
B. Change the MAC address of the switch.
C. Increase the VTP revision number for the domain.
D. Lower the root path cost on the switch ports.
E. Assign the switch an IP address with the lowest value.

Answer: A
Question 8
Which two of these are characteristics of the 802.1Q protocol? (Choose two)
A. It is a layer 2 messaging protocol which maintains vlan configurations across network.
B. It includes an 8-bit field which specifies the priority of a frame.
C. It is used exclusively for tagging vlan frames and dose not address network reconvergence following switched network topology changes.
D. It modifies the 802.3 frame header and thus requires that the FCS be recomputed.
E. It is a trunking protocol capable of earring untagged frames.

Answer: D E
Explanation
IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network. It is a protocol that allows VLANs to communicate with one another using a router. 802.1Q trunks support tagged and untagged frames.
If a switch receives untagged frames on a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native VLAN are not tagged when exiting the switch via a trunk port.
The 802.1q frame format is same as 802.3. The only change is the addition of 4 bytes fields. That additional header includes a field with which to identify the VLAN number. Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.
Note: Frame Check Sequence (FCS) is a four-octet field used to verify that the frame was received without loss or error. FCS is based on the contents of the entire frame.
Question 9
What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two)
A. decreasing the number of collision domains
B. filtering frames based on MAC addresses
C. allowing simultaneous frame transmissions
D. increasing the size of broadcast domains
E. increasing the maximum length of UTP cabling between devices

Answer: B C
Explanation
Hub is considered a layer 1 device. When a packet arrives at one port, it is copied to the other ports without checking the content of that packet.
Switch operates at layer 2. When a packet arrives at one port, it checks in its database (based on MAC address) to see which port it should forward that packet out -> B is correct.
Remember that hubs can only communicate in half duplex mode, which means that a computer can only send data when it is not receiving. Switches can run in full duplex mode, which allows data to be sent and received at the same time. Switches effectively double the speed of the network when compared to hubs -> C is correct.
Switch increases the number of collision domains (which is better) -> A is not correct.
Switch does not have any effect on the size of broadcast domains. When using switch, the size of broadcast domains remain the same -> D is not correct.
Both hub and switch increase the maximum length of UTP cabling between devices so it is not an advantage of switch over hub -> E is not correct.
Question 10
Which command will show the MAC addresses of stations connected to switch ports?
A. show mac-address
B. show arp
C. show table
D. show switchport

Answer: B
Explanation
There is no “show mac-address” command. But notice the “show mac-address-table” and “show mac address-table” do exist.
If option A is “show mac-address-table” then both A & B are correct!
Posted by at No comments:

CCNA – Switch Questions 2

Here you will find answers to Switch Questions – Part 2
Question 1
In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?
A. after broken links are re-established
B. in an improperly implemented redundant topology
C. when upper-layer protocols require high reliability
D. during high traffic periods
E. when a dual ring topology is in use

Answer: B
Explanation
If we connect two switches via 2 or more links and do not enable STP on these switches then a loop (which creates multiple copies of the same unicast frame) will occur. It is an example of an improperly implemented redundant topology.
Question 2
An administrator would like to configure a switch over a virtual terminal connection from locations outside of the local LAN. Which of the following are required in order for the switch to be configured from a remote location? (Choose two)
A. The switch must be configured with an IP address, subnet mask, and default gateway.
B. The switch must be connected to a router over a VLAN trunk.
C. The switch must be reachable through a port connected to its management VLAN.
D. The switch console port must be connected to the Ethernet LAN.
E. The switch management VLAN must be created and have a membership of at least one switch port.
F. The switch must be fully configured as an SNMP agent.

Answer: A C
Explanation
In order to remote access to a switch from outside of the local LAN (in a different subnet) we have to:
+ Configure an IP address on a VLAN on that switch, this VLAN is known as the management VLAN (it is usually VLAN 1)
+ Specify the default gateway for that switch so that it can send traffic to this gateway
Below shows an example of configuring remote access for a switch (suppose the management VLAN on the switch is 192.168.1.10/24 and the default-gateway IP address is 192.168.1.254)
Switch(config)#ip default-gateway 192.168.1.254
Switch(config)#interface vlan 1
Switch(config)#ip address 192.168.1.10 255.255.255.0
Switch(config)#no shutdown
Question 3
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.
show_port-security_interface_fa0_1.jpg
Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two)
A. Port security needs to be globally enabled.
B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command.
F. The port security configuration needs to be saved to NVRAM before it can become active.

Answer: B D
Explanation
As we see in the output, the “Port Security” is in “Disabled” state (line 2 in the output). To enable Port security feature, we must enable it on that interface first with the command:
SwitchA(config-if)#switchport port-security
-> B is correct.
Also from the output, we learn that the switch is allowing 2 devices to connect to it (switchport port-security maximum 2) but the question requires allowing only PC_A to access the network so we need to reduce the maximum number to 1 -> D is correct.
Question 4
A company implements video conferencing over IP on their Ethernet LAN. The users notice that the network slows down, and the video either stutters or foils completely. What is the most likely reason for this?
A. minimum cell rate (MCR)
B. quality of service (QoS)
C. modulation
D. packet switching exchange (PSE)
E. reliable transport protocol (RTP)

Answer: B
Explanation
If the QoS is not configured correctly on the network, video traffic can slow down all your traffic. That company implemented video traffic and the network slows down -> maybe they don’t configure QoS so video traffic (which is very high and bursty) and data traffic have the same priority and video traffic eats all the bandwidth. QoS can solve this problem by giving higher priority for data (or voice) traffic over video traffic.
Question 5
Computer 1 is consoles into switch A. Telnet connections and pings run from the command prompt on switch A fail. Which of the following could cause this problem?
Switch_show_run.jpg
A. switch A does not have a cdp entry for switch B or router JAX
B. switch A does not have an IP address
C. port 1 on switch A should be an access port rather than a trunk port
D. switch A is not directly connected to router JAX
E. switch A does not have a default gateway assigned

Answer: B
Explanation
It’s a hard question to answer although it looks simple! From the output above we are sure that switch A does not have an IP address (on both Fa0/1 and on VLAN 1) so it can not ping or telnet to any other device -> B is correct.
Another answer seems to be correct is answer E – switch A does not have a default gateway assigned. We know that Switch A can not telnet to other device outside its subnet without having a default gateway. But the question only says “Telnet connections and pings run from the command prompt on switch A fail” without telling us where Switch A is trying to telnet or ping to. If it tries to connect to the outside network then E is correct. If it only want to connect to a device inside its subnet then a default gateway is not necessary.
So the best answer for this question is B!
Question 6
Refer to the exhibit. Give this output for SwitchC, what should the network administrator’s next action be?
Switch_show_interface.jpg
A. Check the trunk encapsulation mode for SwitchC’s fa0/1 port.
B. Check the duplex mode for SwitchC’s fa0/1 port.
C. Check the duplex mode for SwitchA’s fa0/2 port.
D. Check the trunk encapsulation mode for SwitchA’s fa0/2 port.

Answer: C
Question 7
Refer to the graphic
Switch_host_connection.jpg
A host is connected to switch port Fa0/3 with a crossover cable. However, the port indicator on switch port Fa0/3 is not on, and the host can not communicate with hosts that belong to VLAN2 on the same switch. Based on the information given, where is the problem?
A. The switch has been assigned an incorrect subnet mask T1
B. Switch port Fa0/3 is not configured as a trunk port
C. Switch port Fa0/3 has been blocked by STP
D. The switch and the hosts must be in the same subnet
E. The cable type is wrong

Answer: E
Explanation
To specify when we use crossover cable or straight-through cable, we should remember:
Group 1: Router, Host, Server
Group 2: Hub, Switch
One device in group 1 + One device in group 2: use straight-through cable
Two devices in the same group: use crossover cable
In this case we connect a switch and a host so we need a straight-through cable -> E is correct.
Question 8
Refer to the exhibit. Some 2950 series switches are connected to the conference area of the corporate headquarters network. The switches provide two to three jacks per conference room to host laptop connections for employees who visit the headquarters office. When large groups of employees come from other locations, the network administrator often finds that hubs have been connected to wall jacks in the conference area although the ports on the access layer switches were not intended to support multiple workstations.
What action could the network administrator take to prevent access by multiple laptops through a single switch port and still leave the switch functional for its intended use?
access_layer_switches.jpg
A. Configure static entries in the switch MAC address table to include the range of addresses used by visiting employees.
B. Configure an ACL to allow only a single MAC address to connect to the switch at one time.
C. Use the mac-address-table 1 global configuration command to limit each port to one source MAC address.
D. Implement Port Security on all interfaces and use the port-security maximum 1 command to limit port access to a single MAC address
E. Implement Port Security on all interfaces and use the port-security mac-address sticky command to limit access to a single MAC address
F. Implement Port Security at global configuration mode and use the port-security maximum 1 command to allow each switch only one attached hub

Answer: D
Explanation
The Port Security filters frames based on its MAC so it can effectively prevent people connecting to the switch via hubs.
Question 9
Which of the following statements are true regarding bridges and switches? (Choose 3)
A. Switches are primarily software based while bridges are hardware based.
B. Both bridges and switches forward Layer 2 broadcasts.
C. Bridges are frequently faster than switches.
D. Switches have a higher number of ports than most bridges.
E. Bridges define broadcast domains while switches define collision domains.
F. Both bridges and switches make forwarding decisions based on Layer 2 addresses.

Answer: B D F
Question 10
A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?
A. Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.
B. Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.
C. Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them.
D. Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security.

Answer: C
Explanation
We can use the “interface range” command (for example “interface range FastEthernet 0/1 – 48″) to configure many ports as the same time and use the “port-security MAC address sticky” command (without a specific MAC address) to dynamically learn the attached MAC Address and place it into the switch’s running-configuration -> C is correct.
Posted by at No comments:

CCNA – Switch Questions

Here you will find answers about Switch Questions – Part 1
Question 1
Which two commands can be used to verify a trunk link configuration status on a Cisco switch? (choose two)
A. show interfaces trunk
B. show interfaces switchport
C. show ip interface brief
D. show interfaces vlan

Answer: A B
Explanation
The “show interfaces trunk” command and “show interfaces switchport” command can be used to verify the status of an interface (trunking or not). The outputs of these commands are shown below (port Ethernet 1/0 has been configured as trunk):
Switch_show_interfaces_trunk.jpg
show_interfaces_switchport.jpg
The “show ip interface brief” command only gives us information about the IP address, the status (up/down) of an interface:
show_ip_interface_brief.jpg
The “show interfaces vlan” command only gives us information about that VLAN, not about which ports are the trunk links:
show_interfaces_vlan.jpg
Question 2
Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch.
2950Switch(config-if)#switchport port-security
2950Switch(config-if)#switchport port-security mac-address sticky
2950Switch(config-if)#switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two)
switch_port_security.jpg
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.

Answer: B D
Explanation
Please read the explanation at http://www.9tut.net/icnd2/icnd2-operations
Question 3
Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU?
A. BackboneFast
B. UplinkFast
C. Root Guard
D. BPDU Guard
E. BPDU Filter

Answer: D
Explanation
We only enable PortFast feature on access ports (ports connected to end stations). But if someone does not know he can accidentally plug that port to another switch and a loop may occur when BPDUs are being transmitted and received on these ports.
With BPDU Guard, when a PortFast receives a BPDU, it will be shut down to prevent a loop -> D is correct.
Question 4
Why will a switch never learn a broadcast address?
A. Broadcast frames are never sent to switches.
B. Broadcast addresses use an incorrect format for the switching table.
C. A broadcast address will never be the source address of a frame.
D. Broadcasts only use network layer addressing.
E. A broadcast frame is never forwarded by a switch.

Answer: C
Question 5
Which three statements accurately describe layer 2 Ethernet switches? (choose three)
A. Microsegmentation decreases the number of collisions on the network.
B. If a switch receives a frame for an unknown destination, it uses ARP to resolve the address.
C. Spanning Tree Protocol allows switches to automatically share vlan information.
D. In a property functioning network with redundant switched paths, each switched segment will contain one root bridge with all its ports in the forwarding state. All other switches in that broadcast domain will have only one root port.
E. Establishing vlans increases the number of broadcast domains.
F. Switches that are configured with vlans make forwarding decisions based on both layer 2 and layer 3 address information.

Answer: A D E
Explanation
Microsegmentation is a network design (functionality) where each workstation or device on a network gets its own dedicated segment (collision domain) to the switch. Each network device gets the full bandwidth of the segment and does not have to share the segment with other devices. Microsegmentation reduces and can even eliminate collisions because each segment is its own collision domain -> A is correct.
Note: Microsegmentation decreases the number of collisions but it increases the number of collision domains.
D and E are correct based on the theory of STP and VLAN.
Question 6
Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choose two)
A. alternate
B. backup
C. designated
D. disabled
E. root

Answer: C E
Explanation
IEEE 802.1w is the standard of Rapid Spanning Tree Protocol (RSTP). There are 5 port roles in this standard: Root port, Designated port, Alternative port, Backup port and Disabled port. In these 5 port roles, only Root port and Designated port can forward traffic.
Question 7
Select the action that results from executing these commands:
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky
A. A dynamically learned MAC address is saved in the startup-configuration file.
B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.
E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received.

Answer: B
Explanation
The full syntax of the second command is:
switchport port-security mac-address sticky [MAC]
If we don’t specify the MAC address (like in this question) then the switch will dynamically learn the attached MAC Address and place it into your running-configuration -> B is correct.
Question 8
What is valid reason for a switch to deny port access to new devices when port security is enabled?
A. The denied MAC addresses have already been learned or configured on another secure interface in the same VLAN.
B. The denied MAC address are statically configured on the port.
C. The minimum MAC threshold has been reached.
D. The absolute aging times for the denied MAC addresses have expired.

Answer: A
Explanation
A security violation occurs in either of these situations:
* When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode.
* If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.
From the second statement we can figure out A is the correct answer. But for your information we will discuss other answers as well.
Answer B is not correct because we can’t configured which MAC address will be denied. We can only configure which MAC is allowed.
We can only configure the maximum MAC threshold, not the minimum threshold -> C is not correct.
The aging times are only configured for allowed MAC addresses, not for denied MAC -> D is correct.
For your information about aging time:
When the aging type is configured with the absolute keyword, all the dynamically learned secure addresses age out when the aging time expires
This is how to configure the secure MAC address aging type on the port:
Router(config-if)# switchport port-security aging type absolute
and configure the aging time (aging time = 120 minutes)
Router(config-if)# switchport port-security aging time 120
When this command is used, all the dynamically learned secure addresses age out when the aging time expires
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html)
Question 9
A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two)
A. The network administrator can apply port security to dynamic access ports
B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
D. The network administrator can apply port security to EtherChannels.
E. When dynamic mac address learning is enabled on an interface, the switch can learn new addresses up to the maximum defined.

Answer: C E
Question 10
Refer to the exhibit. Which statement is true?
show_spanning-tree_vlan_20.jpg
A. The Fa0/11 role confirms that SwitchA is the root bridge for VLAN 20.
B. VLAN 20 is running the Per VLAN Spanning Tree Protocol.
C. The MAC address of the root bridge is 0017.596d.1580.
D. SwitchA is not the root bridge, because not all of the interface roles are designated.

Answer: D
Explanation
Only non-root bridge can have root port. Fa0/11 is the root port so we can confirm this switch is not the root bridge -> A is not correct.
From the output we learn this switch is running Rapid STP, not PVST -> B is not correct.
0017.596d.1580 is the MAC address of this switch, not of the root bridge. The MAC address of the root bridge is 0017.596d.2a00 -> C is not correct.
All of the interface roles of the root bridge are designated. SwitchA has one Root port and 1 Alternative port so it is not the root bridge -> D is correct.
Question 11
Switch_remote_access.jpg
A technician has installed SwithchB and needs to configure it for remote access from the management workstation connected SwitchA. Which set of commands is required to accomplish this task?
A.
SwitchB(config)#interface FastEthernet 0/1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#no shutdown
B.
SwitchB(config)#ip default-gateway 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#no shutdown
C.
SwitchB(config)#interface vlan 1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#ip default-gateway 192.168.8.254 255.255.255.0
SwitchB(config)#no shutdown
D.
SwitchB(config)#ip default-network 192.168.8.254
SwitchB(config)#interface vlan 1
SwitchB(config)#ip address 192.168.8.252 255.255.255.0
SwitchB(config)#no shutdown

Answer: B
Explanation
To remote access to SwitchB, it must have a management IP address on a VLAN on that switch. Traditionally, we often use VLAN 1 as the management VLAN (but in fact it is not secure).
In the exhibit, we can recognize that the Management Workstation is in a different subnet from the SwitchB. For intersubnetwork communication to occur, you must configure at least one default gateway. This default gateway is used to forward traffic originating from the switch only, not to forward traffic sent by devices connected to the switch.
Question 12
A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1? (Choose two)
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C. Configure the MAC address of the server as a static entry associated with port Fa0/1.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.

Answer: C E
Explanation
We can”configure the MAC address of the server as a static entry associated with port Fa0/1″ with this command:
Switch(config-if)#switchport port-security mac-address sticky 0000.00AA.AAAA.AAAA
and “configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server” with these commands:
Switch(config-if)#switchport port-security maximum 1 (only allow 1 MAC address and that is the static MAC address)
Also we often define what will the switch do if the security is violated:
Switch(config-if)#switchport port-security violation shutdown
Question 13
The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two)
A. Switch1(config-if)#switchport port-security maximum 1
B. Switch1(config)#mac-address-table secure
C. Switch1(config)#access-list 10 permit ip host
D. Switch1(config-if)#switchport port-security violation shutdown
E. Switch1(config-if)#ip access-group 10

Answer: A D
Posted by at No comments:
Subscribe to: Posts (Atom)