Module 8 Exam
Module 8 ‐ 1 ‐
1. During authentication initiation, what happens if an 802.1X‐enabled client does not receive
an EAP‐request/identity frame after three attempts to start authentication?
· The client continues to send EAP‐request/identity frames to the switch.
· The client refuses any further frames.
· The client sends frames as if the port is in the authorized state. (*)
· The client determines that the port is switched to the unauthorized state.
2. Which statement is true when the spanning‐tree portfast bpduguard default global
configuration command is configured on a Catalyst 2950 switch?
· The command enables BPDU Guard on UplinkFast‐enabled ports.
· This command limits the switch ports through which the root bridge may be negotiated.
· Any PortFast‐enabled port that no longer receives BPDUs will automatically begin
forwarding frames.
· Any PortFast‐enabled port that receives a BPDU will go into an error‐disabled state. (*)
3. Which two statements regarding Loop Guard are true? (Choose two.)
· Loop Guard and UDLD can be enabled simultaneously. (*)
· Loop Guard provides no protection against STP failures that occur because the
designated switch is not sending BPDUs.
· Loop Guard provides protection against miswiring.
· Loop Guard works on shared links or on links have been unidirectional since initial setup.
· On an EtherChannel, Loop Guard will put the entire channel in a loop‐inconsistent state
if any physical link in the bundle fails. (*)
4. How should unused ports on a switch be configured in order to prevent VLAN hopping
attacks?
· Configure them with the UDLD feature.
· Configure them with the PAgP protocol.
· Configure them as trunk ports for the native VLAN.
· Configure them as access ports. (*)
5. The command switchport port‐security violation protect performs which function?
· A trap notification is sent to the network management station.
· The interface will shut down upon a violation and must be manually re‐enabled.
· The interface will shut down upon a violation and will be dynamically re‐enabled.
· Packets from unknown sources are dropped until the maximum allowable MAC
addresses drops below a certain value. (*)
6. Which three global configuration commands are required for configuring port‐based
authentication? (Choose three.)
· dot1x system‐auth‐control (*)
· dot1x port‐control auto
· aaa new‐model (*)
· aaa authentication dot1x {{default}} method1... (*)
· aaa authorization network lucy group tacacs+
· aaa authentication login host local
Module 8 Exam
Module 8 ‐ 2 ‐
7. Refer to the exhibit. Access1 has an uplink port directly connnected to Distribution1, a
distribution‐layer switch. Considering best practices for configuring dynamic ARP inspection,
what is wrong with this configuration?
· All ARP packets on untrusted ports are not intercepted.
· All ARP packets received on a trusted interface should be inspected.
· All intercepted packets should be verified for a valid IP‐to‐MAC address binding before
forwarding.
· Interface FastEthernet0/14 is not configured as a trusted port. (*)
· Only VLAN1 on the switch should be configured for dynamic ARP inspection.
· Dynamic ARP inspection should take place on distribution‐layer switches.
8. Interface FastEthernet 0/1 has been configured with the spanning‐tree guard root
command. Which two commands can be used to verify the root guard configuration and the
root guard state? (Choose two.)
· show running‐config interface fastethernet 0/1 (*)
· show running‐config include rootguard
· show spanning‐tree include rootguard
· show spanning‐tree inconsistentports (*)
· show root guard
· show vlan rootguard
9. Which statement is true regarding a port configured with Loop Guard?
· Once a BPDU is received on a Loop Guard port that is in a loop‐inconsistent state, the
port will transition to forwarding state automatically.
· Once a BPDU is received on a Loop Guard port that is in a loop‐inconsistent state, the
port will transition to the appropriate state as determined by the normal function of
Spanning Tree. (*)
· Once a BPDU is received on a Loop Guard port that is in a loop‐inconsistent state, the
port will be disabled and the administrator must re‐enable it manually.
· Once a BPDU is received on a Loop Guard port that is in a loop‐inconsistent state, the
port will transition to blocking state.
Module 8 Exam
Module 8 ‐ 3 ‐
10. Refer to the exhibit. A network administrator has entered the configuration indicated in the
exhibit. However, the switchport command is rejected. What command would resolve this
problem?
· switchport mode access (*)
· switchport mode dot1q‐tunnel
· switchport mode dynamic
· switchport mode trunk
· switchport port‐security maximum 1
· switchport port‐security mac‐address sticky
11. When implementing 802.1x port‐based authentication, which statement is true regarding
what traffic is allowed through the switch from an unauthenticated host?
· DHCP requests are forwarded.
· EAPOL traffic is forwarded. (*)
· Only ARP requests are forwarded.
· All traffic is forwarded.
· No traffic is forwarded.
12. Refer to the exhibit. Given the configuration on the ALSwitch, what is the end result?
· Forces all hosts attached to a port to authenticate before being allowed access to the
network.
· Disables 802.1x port‐based authentication and causes the port to allow normal traffic
without authenticating the client. (*)
· Enables 802.1x authentication on the port.
· Globally disables 802.1x authentication.
13. Which statement is true regarding 802.1x port‐based authentication?
· Authentication can only be initiated by the host.
· Authentication can only be initiated by the switch.
· Authentication can be initiated by either the switch or the host. (*)
· If the host does not receive a response to a start frame, it goes into the shutdown mode.
· When a host attached to a switchport comes up, the authentication server queries the
host for 802.1x authentication information.
Module 8 Exam
Module 8 ‐ 4 ‐
14. Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch SW‐
1. Given the information in the exhibit, which statement is true?
· Frames from PC1 will be dropped, and a log message is created.
· Frames from PC1 will be dropped, and there will be no log of the violation.
· Frames from PC1 will be forwarded to its destination. (*)
· Frames from PC1 will cause the interface to shut down immediately, and a log entry is
made.
Module 8 Exam
Module 8 ‐ 5 ‐
15. Refer to the exhibit. Network policy dictates that security functions should be administered
using AAA. Which configuration would create a default login authentication list that uses
RADIUS as the first authentication method, the enable password as the second method, and
the local database as the final method?
· SW‐1(config)# aaa new‐model
SW‐1(config)# radius‐server host 10.10.10.12 key secret
SW‐1(config)# aaa authentication default group‐radius local
· SW‐1(config)# aaa new‐model
SW‐1(config)# radius‐server host 10.10.10.12 key secret
SW‐1(config)# aaa authentication default group‐radius enable local
· SW‐1(config)# aaa new‐model
SW‐1(config)# radius‐server host 10.10.10.12 key secret
SW‐1(config)# aaa authentication login default group radius enable local (*)
· SW‐1(config)# aaa new‐model
SW‐1(config)# radius server host 10.10.10.12 key secret
SW‐1(config)# aaa authentication login default group radius enable local none
· SW‐1(config)# aaa new‐model
SW‐1(config)# radius server host 10.10.10.12 key secret
SW‐1(config)# aaa authentication login default group‐radius enable local none
16. To increase port security on a switch, the interface configuration command switchport host
has been configured on specific switchports. What two outcomes will result from this
configuration? (Choose two.)
· channel group will be enabled
· disables the sending of BPDUs
· enables STP PortFast (*)
· enables the sending of DTP packets
· places the port into access mode (*)
Module 8 Exam
Module 8 ‐ 6 ‐
17. A network administrator is tasked with protecting a server farm by implementing Private
VLANs. Each server should only be allowed to communicate with the default gateway. The
default gateway should be able to communicate with all devices. Which type of PVLAN
should be configured on the switch port connecting to the default gateway?
· isolated
· promiscuous (*)
· ISL
· community
· 802.1Q
18. A network administrator is tasked with protecting a server farm by implementing Private
VLANs. Each server should only be allowed to communicate with the default gateway. Which
type of PVLAN should be configured on the switch port connecting to a server?
· isolated (*)
· promiscuous
· ISL
· community
· 802.1Q
Wednesday, September 24, 2008
Friday, September 12, 2008
CCNP: Building Multilayer Switched Networks Chapter 7
Module 7 Exam
Module 7 ‐ 1 ‐
1. What two traffic types must be included when calculating the bandwidth requirements to
support a voice stream in an IP telephony network? (Choose two.)
· voice queues
· voice carrier stream (*)
· voice management traffic
· voice services traffic
· call control signalling (*)
· routing updates
2. Which three statements are true concerning basic Quality of Service (QoS) regarding the
support of Cisco IP phones? (Choose three.)
· Critical traffic may take possession of a resource by dropping low‐priority packets. (*)
· If network management indicates that specific traffic is experiencing latency, jitter, and
packet loss, then QoS can be used to adjust how that traffic is handled. (*)
· Priority access into the core layer is provided based on Layer 3 QoS tags. (*)
· Priority traffic marking occurs at the core layer using Layer 3 QoS tags.
· Jitter is the amount of time that a packet resides in the output queue of an interface.
· Best practices for QoS trust boundaries include marking traffic as far away from the
traffic source as possible.
3. Which four devices must be included in power requirement calculations for UPS backup of a
VoIP environment? (Choose four.)
· switches forwarding VoIP traffic, but not providing power to IP phones (*)
· switches forwarding VoIP traffic and providing power to IP phones (*)
· Internet gateways
· IP phones (*)
· CallManager servers (*)
· Internet firewalls
4. What happens when untrusted traffic enters a trust boundary device?
· Traffic is sent unmarked.
· Traffic is marked with the default QoS value.
· Traffic is marked with the new QoS value appropriate for the policy in place. (*)
· Traffic is sent and the original QoS value is retained.
5. When Cisco IOS is being used in a switched environment, which two statements are true
about configuring AutoQoS? (Choose two.)
· Once AutoQoS is configured, manual adjustments to the QoS settings cannot be done
unless AutoQoS is disabled with the no auto qos command.
· The command auto qos voip cisco‐phone should be configured on switch ports
connected to end‐user devices. (*)
· The command auto qos voip cisco‐phone should be configured on trunk links between
switches.
· The global configuration command auto qos voip trust must be configured before
configuring interfaces with the auto qos voip cisco‐phone command.
· The mls qos global configuration command must be configured before configuring
interfaces with the auto qos voip cisco‐phone command.
· When configuring the auto qos voip cisco‐phone command on interfaces, it is
important that CDP be enabled. (*)
Module 7 Exam
Module 7 ‐ 2 ‐
6. What are three characteristics of voice traffic? (Choose three.)
· For reasonable voice quality, there cannot be any packet loss.
· For voice quality, delay should be no more than 45 ms round trip.
· For voice quality, delay should be no more than 150 ms one way. (*)
· TCP is used to package voice packets.
· UDP is used to package voice packets. (*)
· Voice packets are typically small ‐ usually 60 to 120 bytes. (*)
7. Refer to the exhibit. PC data traffic and IP phone packet data share the same physical link to
the switch and the same switch port. What should be done to prevent the sound quality of
the voice traffic from deterioration when data is sent on the same link?
· Configure the trust boundaries of the network at the switch access port.
· Configure the trust boundary of the network on the IP phone.
· Enable the voice VLAN feature on the switch access ports to carry IP voice traffic from
the IP phone. (*)
· Enable QoS on the switch by entering the mls qos global configuration command.
· Configure the MAC address of the IP phone as a static secure or sticky secure MAC
addresses on the switch access port.
8. Which two statements are true about voice traffic in a converged network? (Choose two.)
· Voice traffic is the only traffic type that requires QoS functionality.
· Because of the available bandwidth, separating voice traffic from data traffic on the same
VLAN (subnet) is not required.
· Voice traffic tends to require a more consistent amount of bandwidth per conversation
than does data traffic. (*)
· Transaction based traffic tends to have higher QoS requirements than does voice traffic.
· Voice traffic utilizes relatively small packet sizes. (*)
· To reduce processing latency, voice VLANs are implemented to allow voice traffic to be
forwarded without VLAN tags.
9. Which three statements about voice traffic are true? (Choose three.)
· TCP ensures the quality of voice traffic.
· The one‐way delay should be no more than 150 ms. (*)
· Voice packets typically vary between 20 and 60 bytes.
· A typical voice call requires between 17 kbps and 106 kbps. (*)
· A typical voice call requires approximately 150 bps for voice‐control traffic. (*)
· Voice traffic has relatively weak QoS requirements.
Module 7 Exam
Module 7 ‐ 3 ‐
10. Refer to the exhibit. What is the effect on the trust boundary when configuring the command
mls qos trust cos on the switch port that is connected to the IP phone?
· The host is now establishing the CoS value and has effectively become the trust
boundary.
· The switch is rewriting packets it receives from the IP phone and determining the CoS
value.
· Effectively the trust boundary has been moved to the IP phone. (*)
· The switch will no longer tag incoming voice packets and will trust the distribution layer
switch to set the CoS.
11. Refer to the exhibit. Which switch interface configuration command would automatically
configure quality of service (QoS) for voice over IP (VoIP) within a QoS domain?
· mls qos trust
· switchport priority extend cos 7
· switchport priority extend trust
· auto qos voip cisco‐phone (*)
Module 7 Exam
Module 7 ‐ 4 ‐
12. Refer to the exhibit. What is the effect when the switchport priority extend cos 3 command is
configured on the switch port interface connected to the IP phone?
· Effectively, the trust boundary has been moved to the PC attached to the IP phone.
· The IP phone is enabled to override with a CoS value of 3 the existing CoS marking of
the PC attached to the IP phone. (*)
· The computer is now establishing the CoS value and has effectively become the trust
boundary.
· The switch will no longer tag incoming voice packets and will extend the trust boundary
to the distribution layer switch.
13. Which statement describes the function of a trust boundary?
· Trust boundaries are a point in the network where decisions about CoS markings on
incoming packets are made. (*)
· Trust boundaries determine whether certain types of traffic can pass.
· Trust boundaries are a point in the network where QoS functionality begins and ends.
· Trust boundaries are points in the network where Layer 2 CoS markings are converted to
Layer 3 DSCP or IP precedence markings.
Module 7 ‐ 1 ‐
1. What two traffic types must be included when calculating the bandwidth requirements to
support a voice stream in an IP telephony network? (Choose two.)
· voice queues
· voice carrier stream (*)
· voice management traffic
· voice services traffic
· call control signalling (*)
· routing updates
2. Which three statements are true concerning basic Quality of Service (QoS) regarding the
support of Cisco IP phones? (Choose three.)
· Critical traffic may take possession of a resource by dropping low‐priority packets. (*)
· If network management indicates that specific traffic is experiencing latency, jitter, and
packet loss, then QoS can be used to adjust how that traffic is handled. (*)
· Priority access into the core layer is provided based on Layer 3 QoS tags. (*)
· Priority traffic marking occurs at the core layer using Layer 3 QoS tags.
· Jitter is the amount of time that a packet resides in the output queue of an interface.
· Best practices for QoS trust boundaries include marking traffic as far away from the
traffic source as possible.
3. Which four devices must be included in power requirement calculations for UPS backup of a
VoIP environment? (Choose four.)
· switches forwarding VoIP traffic, but not providing power to IP phones (*)
· switches forwarding VoIP traffic and providing power to IP phones (*)
· Internet gateways
· IP phones (*)
· CallManager servers (*)
· Internet firewalls
4. What happens when untrusted traffic enters a trust boundary device?
· Traffic is sent unmarked.
· Traffic is marked with the default QoS value.
· Traffic is marked with the new QoS value appropriate for the policy in place. (*)
· Traffic is sent and the original QoS value is retained.
5. When Cisco IOS is being used in a switched environment, which two statements are true
about configuring AutoQoS? (Choose two.)
· Once AutoQoS is configured, manual adjustments to the QoS settings cannot be done
unless AutoQoS is disabled with the no auto qos command.
· The command auto qos voip cisco‐phone should be configured on switch ports
connected to end‐user devices. (*)
· The command auto qos voip cisco‐phone should be configured on trunk links between
switches.
· The global configuration command auto qos voip trust must be configured before
configuring interfaces with the auto qos voip cisco‐phone command.
· The mls qos global configuration command must be configured before configuring
interfaces with the auto qos voip cisco‐phone command.
· When configuring the auto qos voip cisco‐phone command on interfaces, it is
important that CDP be enabled. (*)
Module 7 Exam
Module 7 ‐ 2 ‐
6. What are three characteristics of voice traffic? (Choose three.)
· For reasonable voice quality, there cannot be any packet loss.
· For voice quality, delay should be no more than 45 ms round trip.
· For voice quality, delay should be no more than 150 ms one way. (*)
· TCP is used to package voice packets.
· UDP is used to package voice packets. (*)
· Voice packets are typically small ‐ usually 60 to 120 bytes. (*)
7. Refer to the exhibit. PC data traffic and IP phone packet data share the same physical link to
the switch and the same switch port. What should be done to prevent the sound quality of
the voice traffic from deterioration when data is sent on the same link?
· Configure the trust boundaries of the network at the switch access port.
· Configure the trust boundary of the network on the IP phone.
· Enable the voice VLAN feature on the switch access ports to carry IP voice traffic from
the IP phone. (*)
· Enable QoS on the switch by entering the mls qos global configuration command.
· Configure the MAC address of the IP phone as a static secure or sticky secure MAC
addresses on the switch access port.
8. Which two statements are true about voice traffic in a converged network? (Choose two.)
· Voice traffic is the only traffic type that requires QoS functionality.
· Because of the available bandwidth, separating voice traffic from data traffic on the same
VLAN (subnet) is not required.
· Voice traffic tends to require a more consistent amount of bandwidth per conversation
than does data traffic. (*)
· Transaction based traffic tends to have higher QoS requirements than does voice traffic.
· Voice traffic utilizes relatively small packet sizes. (*)
· To reduce processing latency, voice VLANs are implemented to allow voice traffic to be
forwarded without VLAN tags.
9. Which three statements about voice traffic are true? (Choose three.)
· TCP ensures the quality of voice traffic.
· The one‐way delay should be no more than 150 ms. (*)
· Voice packets typically vary between 20 and 60 bytes.
· A typical voice call requires between 17 kbps and 106 kbps. (*)
· A typical voice call requires approximately 150 bps for voice‐control traffic. (*)
· Voice traffic has relatively weak QoS requirements.
Module 7 Exam
Module 7 ‐ 3 ‐
10. Refer to the exhibit. What is the effect on the trust boundary when configuring the command
mls qos trust cos on the switch port that is connected to the IP phone?
· The host is now establishing the CoS value and has effectively become the trust
boundary.
· The switch is rewriting packets it receives from the IP phone and determining the CoS
value.
· Effectively the trust boundary has been moved to the IP phone. (*)
· The switch will no longer tag incoming voice packets and will trust the distribution layer
switch to set the CoS.
11. Refer to the exhibit. Which switch interface configuration command would automatically
configure quality of service (QoS) for voice over IP (VoIP) within a QoS domain?
· mls qos trust
· switchport priority extend cos 7
· switchport priority extend trust
· auto qos voip cisco‐phone (*)
Module 7 Exam
Module 7 ‐ 4 ‐
12. Refer to the exhibit. What is the effect when the switchport priority extend cos 3 command is
configured on the switch port interface connected to the IP phone?
· Effectively, the trust boundary has been moved to the PC attached to the IP phone.
· The IP phone is enabled to override with a CoS value of 3 the existing CoS marking of
the PC attached to the IP phone. (*)
· The computer is now establishing the CoS value and has effectively become the trust
boundary.
· The switch will no longer tag incoming voice packets and will extend the trust boundary
to the distribution layer switch.
13. Which statement describes the function of a trust boundary?
· Trust boundaries are a point in the network where decisions about CoS markings on
incoming packets are made. (*)
· Trust boundaries determine whether certain types of traffic can pass.
· Trust boundaries are a point in the network where QoS functionality begins and ends.
· Trust boundaries are points in the network where Layer 2 CoS markings are converted to
Layer 3 DSCP or IP precedence markings.
Monday, September 8, 2008
CCNP: Building Multilayer Switched Networks Chapter 6
Module 6 Exam
Module 6 ‐ 1 ‐
1. Wireless systems can support VLANs via the use of which technology?
· interleaving RF Channels
· multiple SSIDs (*)
· 802.1x
· CSMA/CD
· TDM
· ISL
2. What is a program that ensures interoperability of third party wireless products with Cisco
WLAN infrastructure products?
· ACAU
· ICAW
· WiFi
· CCX (*)
· IEEE
3. Refer to the exhibit. Access point AP1 is wired to the LAN. Access point AP2 is not wired to
the LAN. There is a 50% overlap between access point AP1 and AP2. Both access points are
using channel 1. Of which wireless topology is this an example?
· access
· workgroup
· mesh networking
· repeater (*)
· wireless/voice hybrid
· wireless/QoS hybrid
Module 6 Exam
Module 6 ‐ 2 ‐
4. Refer to the exhibit. What are two of the elements that work together in the Cisco Unified
Wireless Design for an enterprise‐class wireless solution? (Choose two.)
· WLAN controllers that are integrated into all major Cisco switching and routing
platforms (*)
· individually managed access points that provide layers of security and guarantee that
compromising one device will not allow access to the core infrastructure
· a single VLAN that securely handles guest, intranet, internal and VoWLAN wireless traffic
streamlining management functionality
· security, scalability, reliability, ease of deployment, and management for all the
wireless elements of the network (*)
· static RF management that guarantees that the network will stay secure
5. What is a requirement when configuring an autonomous access point (AP) using the Cisco
IOS command line via Telnet or Secure Shell Protocol (SSH)?
· enabling the Cisco Discovery Protocol (CDP)
· configuring an IP address on the access point (AP) (*)
· configuring authentication between the wireless client and the access point (AP)
· using the CiscoWorks Wireless LAN Solution Engine (WLSE)
Module 6 Exam
Module 6 ‐ 3 ‐
6. Which two statements are true about requirements for Layer 3 roaming within a wireless
network? (Choose two.)
· Lightweight access points and controllers are required to implement Layer 3 roaming.
· Lightweight access points and controllers do not provide support for Layer 3 roaming.
· The roaming clients are configured with a fixed IP address. (*)
· Routers tunnel traffic from a roaming client to their correct subnet. (*)
· Movement between access points is handled by the access points via the use of the
Inter‐Access Point Protocol.
7. Refer to the exhibit. Which three statements are correct about communication between the
lightweight APs and the wireless controller? (Choose three.)
· Initial configuration communication between the APs and the controller is via broadcast
messages.
· The APs must be preconfigured with a static IP address or receive it via DHCP before
they can communicate with the controller. (*)
· The APs must be preconfigured with static SSIDs before they can communicate with the
controller.
· Configuration information from the controller to the AP is encrypted in UDP packets.
(*)
· Data traffic between the AP and the controller is transmitted unencrypted. (*)
· The router must be configured to forward broadcast messages from the AP to the
controller.
Module 6 Exam
Module 6 ‐ 4 ‐
8. Refer to the exhibit. Which two statements are true about LWAPP Layer 3 mode operation?
(Choose two.)
· The router must be configured to forward UDP broadcasts from the access point to the
controller.
· The switch must provide an IP address to the access points.
· The access point discovers the controller management IP address via DHCP. (*)
· DNS must be used for the access point to resolve the controller IP address.
· Layer 3 mode of LWAPP is required in the configuration that is shown. (*)
· Layer 2 mode of LWAPP is required in the configuration that is shown.
Module 6 Exam
Module 6 ‐ 5 ‐
9. Refer to the exhibit. Which two statements about the information in the exhibit are true?
(Choose two.)
· Although the signal strength is good, the client will not be able to access the network
because it has not yet authenticated with the AP.
· The client is connected through a basic service set (BSS). (*)
· The client is connected to an 802.11a AP.
· The client is connected to an 802.11b AP.
· The client is using 802.1x EAP.
· The client received its channel information from the AP. (*)
10. Which two statements about WLAN antennas are true? (Choose two.)
· Accidentally connecting a 5 GHz antenna to a 2.4 GHz radio will damage the unit.
· All FCC rules and all antennas are measured against a theoretical dipole antenna.
· Cisco connectorized 2.4 GHz (802.11b/g) radios use an RP‐TNC connector. (*)
· Cisco connectorized 5‐GHz (802.11a) radios use the same radio connector as 2.4 GHz
(802.11b/g) radios. (*)
· Directionality is the amount of increase in energy that an antenna appears to add to an
RF signal.
· The 2‐dBi Rubber Duck dipole antenna for 2.4‐GHz frequency band is an example of a
directional antenna.
11. What is true about the differences between wireless LANs (WLANs) and LANs?
· A VPN connection that uses IPsec is not possible with WLANs.
· WLANs do not use MAC addresses.
· WLANs use CSMA/CA rather than CSMA/CD because WLANs operate at half‐duplex.
· WLANs use CSMA/CA rather than CSMA/CD because WLANs cannot detect collisions.
(*)
· WLANs use CSMA/CD rather than CSMA/CA because wireless LANs operate on multiple
frequencies.
· WLANs use CSMA/CD rather than CSMA/CA because WLANs operate at full‐duplex.
Module 6 Exam
Module 6 ‐ 6 ‐
12. Which IEEE standard specifies improved security, encryption, and authentication for WLANs?
· 802.11e
· 802.11i (*)
· 802.11n
· 802.11q
· 802.11s
13. What is a feature of the Cisco Compatible Extensions (CCX) program for wireless LAN client
devices?
· WPA1 security
· open standard
· certified out‐of‐the‐box compatibility (*)
· low cost licensing of Cisco Aironet innovations
· alteration of the user licensing option to unlimited
14. How many channels are licensed for 802.11b operation by the European
Telecommunications Standards Institute (ETSI)?
· 9
· 11
· 13 (*)
· 15
15. How many profiles can be created and managed under the Profile Management tab in the
Aironet Desktop Utility (ADU)?
· 4
· 8
· 16 (*)
· 32
· None, because profiles are created and managed under the Current Status tab.
Module 6 ‐ 1 ‐
1. Wireless systems can support VLANs via the use of which technology?
· interleaving RF Channels
· multiple SSIDs (*)
· 802.1x
· CSMA/CD
· TDM
· ISL
2. What is a program that ensures interoperability of third party wireless products with Cisco
WLAN infrastructure products?
· ACAU
· ICAW
· WiFi
· CCX (*)
· IEEE
3. Refer to the exhibit. Access point AP1 is wired to the LAN. Access point AP2 is not wired to
the LAN. There is a 50% overlap between access point AP1 and AP2. Both access points are
using channel 1. Of which wireless topology is this an example?
· access
· workgroup
· mesh networking
· repeater (*)
· wireless/voice hybrid
· wireless/QoS hybrid
Module 6 Exam
Module 6 ‐ 2 ‐
4. Refer to the exhibit. What are two of the elements that work together in the Cisco Unified
Wireless Design for an enterprise‐class wireless solution? (Choose two.)
· WLAN controllers that are integrated into all major Cisco switching and routing
platforms (*)
· individually managed access points that provide layers of security and guarantee that
compromising one device will not allow access to the core infrastructure
· a single VLAN that securely handles guest, intranet, internal and VoWLAN wireless traffic
streamlining management functionality
· security, scalability, reliability, ease of deployment, and management for all the
wireless elements of the network (*)
· static RF management that guarantees that the network will stay secure
5. What is a requirement when configuring an autonomous access point (AP) using the Cisco
IOS command line via Telnet or Secure Shell Protocol (SSH)?
· enabling the Cisco Discovery Protocol (CDP)
· configuring an IP address on the access point (AP) (*)
· configuring authentication between the wireless client and the access point (AP)
· using the CiscoWorks Wireless LAN Solution Engine (WLSE)
Module 6 Exam
Module 6 ‐ 3 ‐
6. Which two statements are true about requirements for Layer 3 roaming within a wireless
network? (Choose two.)
· Lightweight access points and controllers are required to implement Layer 3 roaming.
· Lightweight access points and controllers do not provide support for Layer 3 roaming.
· The roaming clients are configured with a fixed IP address. (*)
· Routers tunnel traffic from a roaming client to their correct subnet. (*)
· Movement between access points is handled by the access points via the use of the
Inter‐Access Point Protocol.
7. Refer to the exhibit. Which three statements are correct about communication between the
lightweight APs and the wireless controller? (Choose three.)
· Initial configuration communication between the APs and the controller is via broadcast
messages.
· The APs must be preconfigured with a static IP address or receive it via DHCP before
they can communicate with the controller. (*)
· The APs must be preconfigured with static SSIDs before they can communicate with the
controller.
· Configuration information from the controller to the AP is encrypted in UDP packets.
(*)
· Data traffic between the AP and the controller is transmitted unencrypted. (*)
· The router must be configured to forward broadcast messages from the AP to the
controller.
Module 6 Exam
Module 6 ‐ 4 ‐
8. Refer to the exhibit. Which two statements are true about LWAPP Layer 3 mode operation?
(Choose two.)
· The router must be configured to forward UDP broadcasts from the access point to the
controller.
· The switch must provide an IP address to the access points.
· The access point discovers the controller management IP address via DHCP. (*)
· DNS must be used for the access point to resolve the controller IP address.
· Layer 3 mode of LWAPP is required in the configuration that is shown. (*)
· Layer 2 mode of LWAPP is required in the configuration that is shown.
Module 6 Exam
Module 6 ‐ 5 ‐
9. Refer to the exhibit. Which two statements about the information in the exhibit are true?
(Choose two.)
· Although the signal strength is good, the client will not be able to access the network
because it has not yet authenticated with the AP.
· The client is connected through a basic service set (BSS). (*)
· The client is connected to an 802.11a AP.
· The client is connected to an 802.11b AP.
· The client is using 802.1x EAP.
· The client received its channel information from the AP. (*)
10. Which two statements about WLAN antennas are true? (Choose two.)
· Accidentally connecting a 5 GHz antenna to a 2.4 GHz radio will damage the unit.
· All FCC rules and all antennas are measured against a theoretical dipole antenna.
· Cisco connectorized 2.4 GHz (802.11b/g) radios use an RP‐TNC connector. (*)
· Cisco connectorized 5‐GHz (802.11a) radios use the same radio connector as 2.4 GHz
(802.11b/g) radios. (*)
· Directionality is the amount of increase in energy that an antenna appears to add to an
RF signal.
· The 2‐dBi Rubber Duck dipole antenna for 2.4‐GHz frequency band is an example of a
directional antenna.
11. What is true about the differences between wireless LANs (WLANs) and LANs?
· A VPN connection that uses IPsec is not possible with WLANs.
· WLANs do not use MAC addresses.
· WLANs use CSMA/CA rather than CSMA/CD because WLANs operate at half‐duplex.
· WLANs use CSMA/CA rather than CSMA/CD because WLANs cannot detect collisions.
(*)
· WLANs use CSMA/CD rather than CSMA/CA because wireless LANs operate on multiple
frequencies.
· WLANs use CSMA/CD rather than CSMA/CA because WLANs operate at full‐duplex.
Module 6 Exam
Module 6 ‐ 6 ‐
12. Which IEEE standard specifies improved security, encryption, and authentication for WLANs?
· 802.11e
· 802.11i (*)
· 802.11n
· 802.11q
· 802.11s
13. What is a feature of the Cisco Compatible Extensions (CCX) program for wireless LAN client
devices?
· WPA1 security
· open standard
· certified out‐of‐the‐box compatibility (*)
· low cost licensing of Cisco Aironet innovations
· alteration of the user licensing option to unlimited
14. How many channels are licensed for 802.11b operation by the European
Telecommunications Standards Institute (ETSI)?
· 9
· 11
· 13 (*)
· 15
15. How many profiles can be created and managed under the Profile Management tab in the
Aironet Desktop Utility (ADU)?
· 4
· 8
· 16 (*)
· 32
· None, because profiles are created and managed under the Current Status tab.
Wednesday, September 3, 2008
CCNP: Building Multilayer Switched Networks Chapter 5
Module 5 Exam
Module 5 ‐ 1 ‐
1. How does an HSRP enabled router update its holdtime?
· group numbers
· hello messages (*)
· priority settings
· standby commands
2. Refer to the exhibit. Given the output generated by the show standby command, what three
statements are true? (Choose three.)
· Interface VLAN1 was configured with the standby 1 priority 105 preempt command.
· The last two digits of the virtual MAC address are derived from the HSRP group
identifier. (*)
· The hello and holdtime timers have been configured with the standby 1 timers 3 10
command. (*)
· This switch is next in line to become the active HSRP router on VLAN1. (*)
· The standby virtual MAC address is the MAC address of the router with IP address
172.20.138.35.
3. Which two statements are true regarding Hot Standby Router Protocol (HSRP)? (Choose
two.)
· A router will remain in the speak state unless it becomes an active or standby router.
· The first three HSRP states are the initial, listen, and learn states. (*)
· The first three HSRP states are the initial, listen, and speak states.
· There can be more than one router in the HSRP group that is in standby state.
· When a router that is in active state receives an ARP request for the IP address of the
virtual router, it replies with the virtual router MAC address. (*)
· When a router that is in active state receives an ARP request for the IP address of the
virtual router, it replies with the MAC address of the interface.
Module 5 Exam
Module 5 ‐ 2 ‐
4. Refer to the exhibit. Which two statements regarding the Hot Standby Router Protocol are
true? (Choose two.)
· Interface VLAN 1 was configured with the standby ip 10.0.0.1 command.
· Interface VLAN 1 was configured with the standby 100 ip 10.0.0.1 command. (*)
· Interface VLAN 1 was configured with the standby priority 105 command.
· The hellotime and holdtime are set to their default values. (*)
· The IP address 10.0.0.35 is configured on the Sw1 device.
5. In a new network design, router redundancy is required. One of the routers to be used for
redundancy is not a Cisco router. Which protocol should be implemented to achieve a
redundant configuration?
· Proxy ARP
· HSRP
· VRRP (*)
· VRSP
· GLRP
6. In GLBP operation, which router responds to an ARP request from a host looking for its
default‐gateway MAC address?
· active virtual forwarder
· active virtual gateway (*)
· active wirtual router
· master virtual forwarder
· master virtual gateway
· master virtual router
Module 5 Exam
Module 5 ‐ 3 ‐
7. Of the gateway redundancy protocols that are mentioned, which statement is true?
· GLBP allows multiple routers to participate in a virtual router group that is configured
with a virtual IP address. One member is elected to be the active router for the group
and the other routers are passive until the active router fails.
· By making use of a single virtual IP address and multiple virtual MAC addresses, GLBP
provides load balancing over multiple routers (gateways) . All routers in the virtual
router group participate in forwarding packets. (*)
· By making use of a single virtual IP address and multiple virtual MAC addresses, HSRP
provides load balancing over multiple routers (gateways). All routers in the virtual router
group participate in forwarding packets.
· By making use of a single virtual IP address and multiple virtual MAC addresses, VRRP
provides load balancing over multiple routers (gateways). All routers in the virtual router
group participate in forwarding packets.
8. Which statement is true about Virtual Router Redundancy Protocol (VRRP)?
· The priority value of 255 means the router is ineligible to become the master router.
· The priority value of 255 means the router has stopped participating in VRRP.
· The priority value of 0 means the router has stopped participating in VRRP. (*)
· The priority value of 0 means the router is ineligible to become the master router.
9. In a network where HSRP is properly configured, what MAC address and IP address will be
associated by the end devices with their default gateway?
· the MAC and IP address of the standby router
· the MAC and IP address of the backup router
· the MAC and IP address of the active router
· the IP address of the virtual router and the MAC address of the active router
· the MAC and IP address of the virtual router (*)
10. Refer to the exhibit. Which two statements are true? (Choose two).
· Traffic sharing is being performed on two routers. (*)
· The priority value for HSRP group 1 is the default value.
· The priority value for HSRP group 2 is the default value.
· If the active router for HSRP group 2 goes, down, Router A will take over as active. (*)
· Router A will respond to ARP requests for IP address 172.16.10.120.
Module 5 Exam
Module 5 ‐ 4 ‐
11. Refer to the exhibit. What statement is true about the way HSRP is configured?
· Switch DLS1 is the standby router for VLANs 1,10,20.
· Switch DLS2 is the standby router for VLANs 30 and 40.
· Issuing the show standby command on switch DSL1 will reveal that the HSRP state for
VLAN 10 is Standby.
· Issuing the show standby command on switch DSL2 will reveal that the HSRP state for
VLAN 30 is Standby.
· By setting different priorities on different VLANs, a type of load balancing is occurring.
(*)
· If the Ethernet cables between switch DLS2 and switch ALS1 were severed, Payroll Host
would not be able to reach SQL Server.
Module 5 Exam
Module 5 ‐ 5 ‐
12. Refer to the exhibit. HSRP has been configured on the network for redundancy. On the basis
of the configurations that are provided, which router will become an active router when the
current active router R1 goes down?
· Router R2 will become active because the standby preempt command is configured on
this router.
· Router R2 will become active because it has the lowest configured IP address.
· Router R3 will become active because it has the highest priority value that is
configured. (*)
· Router R4 will become active because it has the highest IP address that is configured.
Module 5 Exam
Module 5 ‐ 6 ‐
13. What are two characteristics of Gateway Load Balancing Protocol (GLBP) operation? (Choose
two.)
· GLBP will attempt to balance traffic on a per‐router basis by the use of the round‐robin
algorithm.
· GLBP will attempt to balance traffic on a per‐host basis by the use of the round‐robin
algorithm. (*)
· The active virtual forwarder (AVF) is assigned a virtual MAC address and forwards
packets sent to that MAC address. (*)
· The active virtual gateway (AVG) is the backup for the AVF.
· GLBP members communicate with each other through hello messages sent every 3
seconds to the multicast address 224.0.0.104.
14. Refer to the exhibit. What two pieces of information can be gleaned from the debug standby
command output? (Choose two.)
· The switch has priority 100 configured without the preempt option.
· The switch has priority 100 configured with the preempt option. (*)
· The switch has priority 50 configured with the preempt option.
· The switch has priority 50 configured without the preempt option.
· The switch has become the active HSRP router. (*)
· The switch has become the standby HSRP router.
Module 5 Exam
Module 5 ‐ 7 ‐
15. Refer to the exhibit. Switches DSw1 and DSw2 are configured with the HSRP virtual IP
address 10.10.10.1, and standby priority is set to 100. Assume both switches are booted at
the same time and HSRP is operating as expected. On the basis of this information, which
three HSRP statements are true? (Choose three.)
· Configuring the standby 32 timers 10 30 command on the Gi0/2 interfaces of each switch
would decrease the failover time.
· If the DSw1 and DSw2 switches have been configured to preempt, then DSw2 will be
the active router. (*)
· If the DSw1 switch is configured with the standby preempt command and DSw2 is not,
then DSw1 will be the active router.
· The HSRP group number in this HSRP configuration is HSRP group number 50. (*)
· The standby track command is useful for tracking interfaces that are not configured for
HSRP. (*)
· When Host A sends an ARP request for 10.10.10.1, the Virtual Router replies with the
MAC address of the active router.
Module 5 ‐ 1 ‐
1. How does an HSRP enabled router update its holdtime?
· group numbers
· hello messages (*)
· priority settings
· standby commands
2. Refer to the exhibit. Given the output generated by the show standby command, what three
statements are true? (Choose three.)
· Interface VLAN1 was configured with the standby 1 priority 105 preempt command.
· The last two digits of the virtual MAC address are derived from the HSRP group
identifier. (*)
· The hello and holdtime timers have been configured with the standby 1 timers 3 10
command. (*)
· This switch is next in line to become the active HSRP router on VLAN1. (*)
· The standby virtual MAC address is the MAC address of the router with IP address
172.20.138.35.
3. Which two statements are true regarding Hot Standby Router Protocol (HSRP)? (Choose
two.)
· A router will remain in the speak state unless it becomes an active or standby router.
· The first three HSRP states are the initial, listen, and learn states. (*)
· The first three HSRP states are the initial, listen, and speak states.
· There can be more than one router in the HSRP group that is in standby state.
· When a router that is in active state receives an ARP request for the IP address of the
virtual router, it replies with the virtual router MAC address. (*)
· When a router that is in active state receives an ARP request for the IP address of the
virtual router, it replies with the MAC address of the interface.
Module 5 Exam
Module 5 ‐ 2 ‐
4. Refer to the exhibit. Which two statements regarding the Hot Standby Router Protocol are
true? (Choose two.)
· Interface VLAN 1 was configured with the standby ip 10.0.0.1 command.
· Interface VLAN 1 was configured with the standby 100 ip 10.0.0.1 command. (*)
· Interface VLAN 1 was configured with the standby priority 105 command.
· The hellotime and holdtime are set to their default values. (*)
· The IP address 10.0.0.35 is configured on the Sw1 device.
5. In a new network design, router redundancy is required. One of the routers to be used for
redundancy is not a Cisco router. Which protocol should be implemented to achieve a
redundant configuration?
· Proxy ARP
· HSRP
· VRRP (*)
· VRSP
· GLRP
6. In GLBP operation, which router responds to an ARP request from a host looking for its
default‐gateway MAC address?
· active virtual forwarder
· active virtual gateway (*)
· active wirtual router
· master virtual forwarder
· master virtual gateway
· master virtual router
Module 5 Exam
Module 5 ‐ 3 ‐
7. Of the gateway redundancy protocols that are mentioned, which statement is true?
· GLBP allows multiple routers to participate in a virtual router group that is configured
with a virtual IP address. One member is elected to be the active router for the group
and the other routers are passive until the active router fails.
· By making use of a single virtual IP address and multiple virtual MAC addresses, GLBP
provides load balancing over multiple routers (gateways) . All routers in the virtual
router group participate in forwarding packets. (*)
· By making use of a single virtual IP address and multiple virtual MAC addresses, HSRP
provides load balancing over multiple routers (gateways). All routers in the virtual router
group participate in forwarding packets.
· By making use of a single virtual IP address and multiple virtual MAC addresses, VRRP
provides load balancing over multiple routers (gateways). All routers in the virtual router
group participate in forwarding packets.
8. Which statement is true about Virtual Router Redundancy Protocol (VRRP)?
· The priority value of 255 means the router is ineligible to become the master router.
· The priority value of 255 means the router has stopped participating in VRRP.
· The priority value of 0 means the router has stopped participating in VRRP. (*)
· The priority value of 0 means the router is ineligible to become the master router.
9. In a network where HSRP is properly configured, what MAC address and IP address will be
associated by the end devices with their default gateway?
· the MAC and IP address of the standby router
· the MAC and IP address of the backup router
· the MAC and IP address of the active router
· the IP address of the virtual router and the MAC address of the active router
· the MAC and IP address of the virtual router (*)
10. Refer to the exhibit. Which two statements are true? (Choose two).
· Traffic sharing is being performed on two routers. (*)
· The priority value for HSRP group 1 is the default value.
· The priority value for HSRP group 2 is the default value.
· If the active router for HSRP group 2 goes, down, Router A will take over as active. (*)
· Router A will respond to ARP requests for IP address 172.16.10.120.
Module 5 Exam
Module 5 ‐ 4 ‐
11. Refer to the exhibit. What statement is true about the way HSRP is configured?
· Switch DLS1 is the standby router for VLANs 1,10,20.
· Switch DLS2 is the standby router for VLANs 30 and 40.
· Issuing the show standby command on switch DSL1 will reveal that the HSRP state for
VLAN 10 is Standby.
· Issuing the show standby command on switch DSL2 will reveal that the HSRP state for
VLAN 30 is Standby.
· By setting different priorities on different VLANs, a type of load balancing is occurring.
(*)
· If the Ethernet cables between switch DLS2 and switch ALS1 were severed, Payroll Host
would not be able to reach SQL Server.
Module 5 Exam
Module 5 ‐ 5 ‐
12. Refer to the exhibit. HSRP has been configured on the network for redundancy. On the basis
of the configurations that are provided, which router will become an active router when the
current active router R1 goes down?
· Router R2 will become active because the standby preempt command is configured on
this router.
· Router R2 will become active because it has the lowest configured IP address.
· Router R3 will become active because it has the highest priority value that is
configured. (*)
· Router R4 will become active because it has the highest IP address that is configured.
Module 5 Exam
Module 5 ‐ 6 ‐
13. What are two characteristics of Gateway Load Balancing Protocol (GLBP) operation? (Choose
two.)
· GLBP will attempt to balance traffic on a per‐router basis by the use of the round‐robin
algorithm.
· GLBP will attempt to balance traffic on a per‐host basis by the use of the round‐robin
algorithm. (*)
· The active virtual forwarder (AVF) is assigned a virtual MAC address and forwards
packets sent to that MAC address. (*)
· The active virtual gateway (AVG) is the backup for the AVF.
· GLBP members communicate with each other through hello messages sent every 3
seconds to the multicast address 224.0.0.104.
14. Refer to the exhibit. What two pieces of information can be gleaned from the debug standby
command output? (Choose two.)
· The switch has priority 100 configured without the preempt option.
· The switch has priority 100 configured with the preempt option. (*)
· The switch has priority 50 configured with the preempt option.
· The switch has priority 50 configured without the preempt option.
· The switch has become the active HSRP router. (*)
· The switch has become the standby HSRP router.
Module 5 Exam
Module 5 ‐ 7 ‐
15. Refer to the exhibit. Switches DSw1 and DSw2 are configured with the HSRP virtual IP
address 10.10.10.1, and standby priority is set to 100. Assume both switches are booted at
the same time and HSRP is operating as expected. On the basis of this information, which
three HSRP statements are true? (Choose three.)
· Configuring the standby 32 timers 10 30 command on the Gi0/2 interfaces of each switch
would decrease the failover time.
· If the DSw1 and DSw2 switches have been configured to preempt, then DSw2 will be
the active router. (*)
· If the DSw1 switch is configured with the standby preempt command and DSw2 is not,
then DSw1 will be the active router.
· The HSRP group number in this HSRP configuration is HSRP group number 50. (*)
· The standby track command is useful for tracking interfaces that are not configured for
HSRP. (*)
· When Host A sends an ARP request for 10.10.10.1, the Virtual Router replies with the
MAC address of the active router.
Subscribe to:
Posts (Atom)