Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html
You can pass CheckPoint 156-210 exam if you get a complete hold of CheckPoint 156-210 dumps. What’s more, all the CheckPoint 156-210 Certification exams Q and A provided by Flydumps is the latest.
QUESTION 101
You are working with multiple firewalls that have extensive Rule Bases. To simplify administration task, which of the following should you choose to do?
A. Create Network range objects that restrict all applicable rules to only certain networks.
B. Run separate GUI clients for external and internal firewalls.
C. Eliminate all possible contradictory rules such as stealth and clean-up rules.
D. Save a different Rule Base for each remote firewall.
E. None of the above.
Correct Answer: D
QUESTION 102
Currently, the Accounting Department is FTP-ing a file in the bank. Which Log Viewer Module would show you the activity occurring at the present time?
A. Security Log.
B. Active Connections Log.
C. Accounting Log-
D. Administrative Log.
E. None of the above.
Correct Answer: B
QUESTION 103
With Blocking Scope default settings, a selected connection is terminated:
A. And all further attempts to establish a connection from the same source IP address to the same destination IP address and port will be blocked.
B. But all further attempts to establish connections from this specific source IP address will be authenticated before being denied.
C. And all further attempts to establish connections to this specific destination IP address will be denied.
D. And all further attempts to establish a connection from the same source IP address to the firewall’s IP address will be blocked.
E. Both A and D.
Correct Answer: A
QUESTION 104
Consider the following Rule Base for VPN-1/Firewall-1 NG. Assuming the default settings in global properties have NOT changed, ICMP would be allowed through the firewall. No SOURCE SERVICE ACTION TRACK
DESTINATION
1 Any Web_Server http Accept Long
2 Any Any Any Any Long
A. True
B. False
Correct Answer: B
QUESTION 105
Which is the correct rule in the following Rule Base? No SOURCE SERVICE ACTION TRACK DESTINATION
1 Any Any Session Log Auth AllUsers@Chicago
2 Chicago Any Session Log Auth AllUsers@Chicago
3 Any Any Session Log Auth AllUsers@Any
4 Any Any User Log Auth AllUsers@Chicago
A. Rule 2
B. Rule 1
C. Rule 3
D. Rule 4
E. None of the rules allow access.
Correct Answer: B
QUESTION 106
In the Client Authentication Action Properties window (below), for the required Sign On Method section, Manual is selected.
This means:
A. If a connection matches the Rule Base the service is an authenticated service, the client is signed on after a successful authentication.
B. The user must initiate the Client Authentication Session to the gateway.
C. If a connection using any service matches Rule Base, the client is authenticated.
D. If authentication is successful, access is granted from the network that initiated the connection.
E. The user must TELNET to the target server on port 259.
Correct Answer: B
QUESTION 107
Changes made to the Security Policy do not take effect on the Enforcement Module until the administrator performs which of the following actions?
A. Saves the policy.
B. Verifies the policy.
C. Install the policy.
D. Stops firewall services on the Enforcement Module.
E. Stops firewall services on the Management module.
Correct Answer: C
QUESTION 108
Consider the following network: The public servers are a web form. Since the web servers accepts and initiate connections Dynamic translation is required.
A. True
B. False
Correct Answer: B QUESTION 109
The fw fetch command perform the following function:
A. Attempts to fetch the policy from the Management Server.
B. Fetches users from the Management server.
C. Produces an output screen of the Rule Base.
D. Fetches the logs.
E. Fetches the systems status.
Correct Answer: A QUESTION 110
Inclement weather and a UPS-failure cause a firewall to reboot. Earlier that day a tornado destroyed the building where the firewall’s Management Module was located. The Management Module was not recovered and has not been replaced. Bases on the scenario, which of the following statements is FALSE?
A. The firewall will continue to enforce the last rule base installed.
B. The firewall will log locally.
C. The firewall will fetch the last installed policy form local host and install it.
D. Communication between the firewall and the replacement Management Module must be established before the replacement Management Module can install a policy on the firewall.
E. Because the firewall cannot contact the Management Module, no policy will be installed.
Correct Answer: E QUESTION 111
When configuring Anti-Spoofing for VPN-1/FireWall-1 NG on the firewall interfaces, all of the following are valid address choices except:
A. Network defined by Interface IP and Net Mask.
B. Not Defined.
C. Security Policy Installed.
D. Specific
E. None of the above.
Correct Answer: C
QUESTION 112
The security administrator for the following configuration only allows members of the localnet managers group access files in BigBen (the FTP Server)
Select below the rule that allows local managers to access the FTP server from any location. No SOURCE SERVICE ACTION
DESTINATION
1 BigBen ftp User Auth LocalManagers@Any
2 BigBen ftp Client Auth LocalManagers@Net_London
3 BigBen ftp Session Auth LocalManagers@Any 4 BigBen ftp User Auth LocalManagers@Net_Tokyo
A. Rule 1.
B. Rule 2.
C. Rule 3.
D. Rule 4.
E. None of these rules allow access.
Correct Answer: A QUESTION 113
Assume that you are working on a Windows NT operating system. What is the default expiration for a Dynamic NAT connection NOT showing any UDP activity?
A. 30 Seconds.
B. 60 Seconds.
C. 40 Seconds.
D. 600 Seconds.
E. 3000 Seconds.
Correct Answer: C QUESTION 114
Assume there has been no change made to default policy properties. To allow a telnet connection into your
network, you must create two rules.
One to allow the initial Telnet connection in.
One to allow the destination machine to send information back to the client.
A. True
B. False
Correct Answer: B QUESTION 115
In Windows NT to force log entries other than the default directory.
A. You must use the cpconfig command.
B. Change the fwlog environment variable.
C. Modify the registry.
D. Change the directory in log viewer.
E. Use the fw log switch command.
Correct Answer: C QUESTION 116
For most installations, the Clean-Up rule should be the last rule in Rule Base.
A. True
B. False
Correct Answer: A QUESTION 117
What complements are necessary for VPN-1/FireWall-1 NG to scan e-mail, passing through the firewall, for macro viruses?
A. UFP and OPSEC-certified scanning product.
B. CVP and OPSEC-certified virus scanning product.
C. UFP and CVP.
D. UFP, CVP and OPSEC-certified content filter.
E. None of the above, VPN-1/FireWall-1 NG scans for macro viruses by default.
Correct Answer: B QUESTION 118
Why would you want to verify a Security Policy before installation?
A. To install Security Policy cleanly.
B. To check up the enforcement-point firewall for errors.
C. To identify conflicting rules in your Security Policy.
D. To compress the Rule Base for faster installation
E. There us no benefit verifying a Security Policy before installing it.
Correct Answer: C
QUESTION 119
To completely setup Static NAT, you ONLY have to select Add Automatic Address Translation rules on the NAT tab, and specify a public NAT IP address.
A. True
B. False
Correct Answer: B
QUESTION 120
If you configure the Minutes interval for a firewall in the User Authentication session timeout box, as shown below on the Authentication Tab of the Workstations properties window, users of one time password must re-authenticate for each request during this time period.
A. True
B. False
Correct Answer: B
QUESTION 121
What does a status of Untrusted tell you?
A. A VPN-1/Firewall-1 NG firewall module has been compromised.
B. A gateway cannot be reached.
C. A module is installed and responding to status checks, but the status is problematic.
D. A gateway is connected, but the management module is not the master of the module installed on the gateway.
E. None of the above.
Correct Answer: D
QUESTION 122
Omanan Enterprises has the premier reclamation system for scrap aluminum in the western hemisphere. Then phenomenal growth over the last 10 years has led to the decision to establish a presence in the Internet in order to their customers. To that end, Omanan Enterprise network administrator, Jason has acquired a Web Server, and email server and 14 IP addresses from their ISP. Jason also purchased a Checkpoint VPN-1/FireWall-1 stand alone gateway module, with these interfaces, to protect Omanan enterprises’ corporate data their ISP will be providing DNS services. The Web Server and email server must have Static routable IP addresses. The eight member executive counsel of Omanan Enterprises would to have routable IP addresses also, so that they can video-conference with the company’s suppliers. Omanan Enterprises’ remaining 200 employees would like to have access to Internet, and the executive counsel believe that granting them access might improve company morale. Jason installs and configured Checkpoint VPN-1/FireWall1 stand alone Gateway module at the perimeter of Omanan Enterprises corporate LAN. He uses the 3rd NIC in the stand alone firewall gateway module to create DMZ. Jason installs the Web server and the email server on the DMZ. He creates tools and objects on the checkpoint VPN-1/FireWall-1 stand alone gateway module to allow HTTP, POP3 and SMTP from the Internet to the DMZ. He Creates objects to represent the web and email server and configures them for Static NAT. Jason reconfigures his DHCP server so that each of the members of the executive counsel has reserved IP address. He then sues those reservations co create Statically NAT-ed objects on the Checkpoint VPN/ Firewall-1 Standalone Gateway module. Jason creates another object represents the internal network he
configures this object for Dynamic NAT. He adds a rule allowing HTTP traffic from the internal network to
any destination. Jason created an additional rule to allow POP3 and SMTP traffic between the internal
networks and DMZ.
Choose the one phrase below that best describes Jason’s proposal.
A. The proposed solution meets the required objectives and none of the desired objectives.
B. The proposed solution meets the required objectives and only one of the desired objectives.
C. The proposed solution meets the required objectives and all desired objectives.
D. The proposed solution does not meet the required objective.
Correct Answer: C
QUESTION 123
Anna is a security administrator setting up User Authentication for the first time. She has correctly configured her Authentication rule, but authentication still does not work. What is the Check Point recommended way to troubleshoot this issue?
A. Verify the properties of the user attempting authentication and the authentication method selected in the Authentication Properties of your firewall object.
B. Verify the firewall settings of your firewall object, and the properties for the user attempting encryption and authentication.
C. Verify the properties for the user attempting authentication and make sure that the file Stealth Authentication method is selected in the Authentication properties of both the peer gateway object and your firewall object.
D. Verify both Client and User Authentication, and the authentication method selected in the Authentication properties of your Firewall object.
E. Re-import Schema from the VPN-1/FireWall-1 NG installation CD.
Correct Answer: A
QUESTION 124
Session authentication provides an authentication method NOT supported by protocols that can be integrated with any application. No. Source Service Action Track Install On Destination
1.
Any Local_Net telnet Accept Long Gateways
2.
Any Accept Long Gateways Pub Pub Server1 Server2
A. True
B. False
Correct Answer: A
QUESTION 125
How do recover communications between your management module and enforcement module if you lock yourself out via a rule policy that is configured incorrectly?
A. Cp delete all all.
B. Cp pause all all.
C. Cp stop all all.
D. Cp unload all all.
E. Cp push all all.
Correct Answer: D QUESTION 126
You have set up a firewall and management module on one NT box and a remote module on a different location. You receive only sporadic logs from the local firewall and only and control message from remote firewall. All rules on both firewalls are logging and you know the traffic is flowing through the firewall using these rules. All the firewall related services are running and you are using NAT and you receive few logs from the local firewall. What actions from the choices below would you perform to find out why you cannot see logs?
A. Make sure there is no masters file in SFWDIR/conf on the remote module.
B. Make sure there is no masters file in SFWDIR/conf on the local NT box.
C. See if you can do a fwfetch from the module.
D. Run the fw logexport -t -n from the command line prompt on the remote module.
E. Use pulist.exe from the Windows NT resource kit.
Correct Answer: C
Flydumps is a website to improve the pass rate of CheckPoint 156-210 exam. Senior IT experts in the Passcert constantly developed a variety of successful programs of passing CheckPoint 156-210 exam, so the results of their research can 100% guarantee you CheckPoint 156-210 exam for one time. Flydumps CheckPoint 156-210 are very effective and many people who have passed a number of IT certification exams used the CheckPoint 156-210 dumps provided by Flydumps. Some of them who have passed the CheckPoint 156-210 also use Passcert products. Selecting Flydumps means choosing a success.
Welcome to download the newest Pass4itsure ns0-155 Practice Test dumps: http://www.pass4itsure.com/ns0-155.html
CheckPoint 156-210 Exam Questions, Valid and updated CheckPoint 156-210 Certification Exams Online
Welcome to download the newest Flydumps Cisco 300-115 PDF dumps: http://www.flydumps.com/300-115.html
No doubt, Cisco 300-115 exam is worth challenging task but you should not feel hesitant against the confronting difficulties. Get a complete hold on Cisco 300-115 exam syllabus through Flydumps training and boost up your skills.What’s more,all the brain dumps are the latest.
QUESTION 38
A network engineer is extending a LAN segment between two geographically separated data centers. Which enhancement to a spanning-tree design prevents unnecessary traffic from crossing the extended LAN segment?
A. Modify the spanning-tree priorities to dictate the traffic flow.
B. Create a Layer 3 transit VLAN to segment the traffic between the sites.
C. Use VTP pruning on the trunk interfaces.
D. Configure manual trunk pruning between the two locations.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Pruning unnecessary VLANs from the trunk can be performed with one of two methods:
Manual pruning of the unnecessary VLAN on the trunk–This is the best method, and it avoids the use of the spanning tree. Instead, the method runs the pruned VLAN on trunks.
VTP pruning–Avoid this method if the goal is to reduce the number of STP instances. VTP- pruned VLANs on a trunk are still part of the spanning tree.
Therefore, VTP-pruned VLANs do not reduce the number of spanning tree port instances. Since the question asked for the choice that is an enhancement to the STP design, VTP pruning is the best choice. Reference: http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a0080890613.shtml
QUESTION 39
The network manager has requested that several new VLANs (VLAN 10, 20, and 30) are allowed to traverse the switch trunk interface. After the command switchport trunk allowed vlan 10,20,30 is issued, all other existing VLANs no longer pass traffic over the trunk. What is the root cause of the problem?
A. The command effectively removed all other working VLANs and replaced them with the new VLANs.
B. VTP pruning removed all unused VLANs.
C. ISL was unable to encapsulate more than the already permitted VLANs across the trunk.
D. Allowing additional VLANs across the trunk introduced a loop in the network.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: The “switchport trunk allowed vlan” command will only allow the specified VLANs, and overwrite any others that were previously defined. You would also need to explicitly allow the other working VLANs to this configuration command, or use the “issue the switchport trunk allowed vlan add vlan-list” command instead to add these 3 VLANS to the other defined allowed VLANs. Reference: https://supportforums.cisco.com/document/11836/how-define-vlans-allowed-trunk- link
QUESTION 40
When you design a switched network using VTPv2, how many VLANs can be used to carry user traffic?
A. 1000
B. 1001
C. 1024
D. 2048
E. 4095
F. 4096
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
VTP versions 1 and 2 Supports normal VLAN numbers (1-1001). Only VTP version 3 supports extended VLANs (1-4095).
Reference: http://cciememo.blogspot.com/2012/11/difference-between-vtp-versions.html
QUESTION 41
What does the command vlan dot1q tag native accomplish when configured under global configuration?
A. All frames within the native VLAN are tagged, except when the native VLAN is set to 1.
B. It allows control traffic to pass using the non-default VLAN.
C. It removes the 4-byte dot1q tag from every frame that traverses the trunk interface(s).
D. Control traffic is tagged.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
The “vlan dot1q tag native” will tag all untagged frames, including control traffic, with the defined native VLAN.
QUESTION 42
A network engineer has just deployed a non-Cisco device in the network and wants to get information about it from a connected device. Cisco Discovery Protocol is not supported, so the open standard protocol must be configured. Which protocol does the network engineer configure on both devices to accomplish this?
A. IRDP
B. LLDP
C. NDP
D. LLTD
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol in the Internet Protocol Suite used by network devices for advertising their identity,
capabilities, and neighbors on an IEEE 802 local area network, principally wired Ethernet. LLDP performs functions similar to several proprietary protocols, such
as the Cisco Discovery Protocol (CDP). Reference: http://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol
QUESTION 43
A manager tells the network engineer to permit only certain VLANs across a specific trunk interface. Which option can be configured to accomplish this?
A. allowed VLAN list
B. VTP pruning
C. VACL
D. L2P tunneling
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
When a trunk link is established, all of the configured VLANs are allowed to send and receive traffic across the link. VLANs 1 through 1005 are allowed on each
trunk by default. However, VLAN traffic can be removed from the allowed list. This keeps traffic from the VLANs from passing over the trunk link.
Note: The allowed VLAN list on both the ends of the trunk link should be the same. For Integrated Cisco IOS Software based switches, perform these steps:
1.To restrict the traffic that a trunk carries, issue the switchport trunk vlan-list interface configuration command.
This removes specific VLANs from the allowed list.
Reference: https://supportforums.cisco.com/document/11836/how-define-vlans-allowed-trunk- link
QUESTION 44
For client server failover purposes, the application server team has indicated that they must not have the standard 30 second delay before their switchport enters a forwarding state. For their disaster recovery feature to operate successfully, they require the switchport to enter a forwarding state immediately. Which spanning-tree feature satisfies this requirement?
A. Rapid Spanning-Tree
B. Spanning-Tree Timers
C. Spanning-Tree FastPort
D. Spanning-Tree PortFast
E. Spanning-Tree Fast Forward
Correct Answer: D Explanation
Explanation/Reference:
Explanation: In order to allow immediate transition of the port into forwarding state, enable the STP PortFast feature. PortFast immediately transitions the port into STP forwarding mode upon linkup. The port still participates in STP. So if the port is to be a part of the loop, the port eventually transitions into STP blocking mode. Example configuration: Switch-C# configure terminal Switch-C(config)# interface range fa0/3 – 24 Switch-C(config-if-range)# spanning-tree portfast Reference: http://www.informit.com/library/content.aspx? b=CCNP_Studies_Switching&seqNum=36
QUESTION 45
Which command does a network engineer use to verify the spanning-tree status for VLAN 10?
A. switch# show spanning-tree vlan 10
B. switch# show spanning-tree bridge
C. switch# show spanning-tree brief
D. switch# show spanning-tree summary
E. switch# show spanning-tree vlan 10 brief
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Command Description
show spanning-tree Displays information about the spanning-tree state.
Example output:
SW2#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 24586
Address 0014.f2d2.4180 Cost 9 Port 216 (Port-channel21) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 001c.57d8.9000 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type ——————- —- — ——— ——– ————————— Po21 Root FWD 9 128.216 P2p Po23 Altn BLK 9 128.232 P2p
Reference: http://www.cisco.com/en/US/docs/ios/lanswitch/command/reference/lsw_s2.html
QUESTION 46
A new network that consists of several switches has been connected together via trunking interfaces. If all switches currently have the default VTP domain name “null”, which statement describes what happens when a domain name is configured on one of the switches?
A. The switch with the non-default domain name restores back to “null” upon reboot.
B. Switches with higher revision numbers does not accept the new domain name.
C. VTP summary advertisements are sent out of all ports with the new domain name.
D. All other switches with the default domain name become VTP clients.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
By default, a switch will have a domain name of NULL and no password. If the switch hears a VTP advertisement it will automatically learn the VTP domain name,
VLANs, and the configuration revision number.
Summary advertisements sent out every 300 seconds and every time a change occurs on the VLAN database. Contained in a summary advertisement:
VTP version
Domain name
Configuration revision number
Time stamp
MD5 encryption hash code
Reference: https://rowell.dionicio.net/configuring-cisco-vtp/
QUESTION 47
A network engineer is setting up a new switched network. The network is expected to grow and add many new VLANs in the future. Which Spanning Tree Protocol should be used to reduce switch resources and managerial burdens that are associated with multiple spanning-tree instances?
A. RSTP
B. PVST
C. MST
D. PVST+
E. RPVST+
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Multiple Spanning Tree (MST) extends the IEEE 802.1w RST algorithm to multiple spanning
trees. The main purpose of MST is to reduce the total number of spanning-tree instances to
match the physical topology of the network and thus reduce the CPU cycles of a switch.
PVRST+ runs STP instances for each VLAN and does not take into consideration the physical
topology that might not require many different STP topologies. MST, on the other hand, uses a
minimum number of STP instances to match the number of physical topologies present.
Figure 3-15 shows a common network design, featuring an access Switch A, connected to two
Building Distribution submodule Switches D1 and D2. In this setup, there are 1000 VLANs, and
the network administrator typically seeks to achieve load balancing on the access switch uplinks
based on even or odd VLANs–or any other scheme deemed appropriate.
Figure 3-15: VLAN Load Balancing Figure 3-15 illustrates two links and 1000 VLANs. The 1000 VLANs map to two MST in-stances. Rather than maintaining 1000 spanning trees, each switch needs to maintain only two
spanning trees, reducing the need for switch resources.
Reference: http://ciscodocuments.blogspot.com/2011/05/chapter-03-implementing-spanning- tree_19.html
QUESTION 48
Which statement about the use of SDM templates in a Cisco switch is true?
A. SDM templates are used to configure system resources in the switch to optimize support for specific features, depending on how the switch is used in the network.
B. SDM templates are used to create Layer 3 interfaces (switch virtual interfaces) to permit hosts in one VLAN to communicate with hosts in another VLAN.
C. SDM templates are used to configure ACLs that protect networks and specific hosts from unnecessary or unwanted traffic.
D. SDM templates are used to configure a set of ACLs that allows the users to manage the flow of traffic handled by the route processor.
E. SDM templates are configured by accessing the switch using the web interface.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: You can use SDM templates to configure system resources in the switch to optimize support for specific features, depending on how the switch is used in the network. You can select a template to provide maximum system usage for some functions; for example, use the default template to balance resources, and use access template to obtain maximum ACL usage. To allocate hardware resources for different usages, the switch SDM templates prioritize system resources to optimize support for certain features. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_s e/configuration/guide/swsdm.pdf
QUESTION 49
Which SDM template disables routing and supports the maximum number of unicast MAC addresses?
A. VLAN
B. access
C. default
D. routing
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
To allocate ternary content addressable memory (TCAM) resources for different usages, the switch SDM templates prioritize system resources to optimize support
for certain features. You can select SDM templates to optimize these features:
Access–The access template maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs.
Default–The default template gives balance to all functions.
Routing–The routing template maximizes system resources for IPv4 unicast routing, typically required for a router or aggregator in the center of a network.
VLANs–The VLAN template disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2
switch. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/config uration/guide/swsdm.pdf
QUESTION 50
Which SDM template is the most appropriate for a Layer 2 switch that provides connectivity to a large number of clients?
A. VLAN
B. default
C. access
D. routing
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
To allocate ternary content addressable memory (TCAM) resources for different usages, the switch SDM templates prioritize system resources to optimize support
for certain features. You can select SDM templates to optimize these features:
Access–The access template maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs.
Default–The default template gives balance to all functions.
Routing–The routing template maximizes system resources for IPv4 unicast routing, typically required for a router or aggregator in the center of a network.
VLANs–The VLAN template disables routing and supports the maximum number of unicast MAC addresses (clients). It would typically be selected for a Layer
2 switch. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/config uration/guide/swsdm.pdf
QUESTION 51
In a Cisco switch, what is the default period of time after which a MAC address ages out and is discarded?
A. 100 seconds
B. 180 seconds
C. 300 seconds
D. 600 seconds
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
To configure the aging time for all MAC addresses, perform this task:
Command Purpose
Step 1 switch# configure ter- Enters configuration mode.
minal
Step 2 switch(config)# mac-ad- Specifies the time before an entry ages out and is dis- dress-table aging-time carded from the MAC address table. The range is
from seconds [vlan vlan_id] 0 to 1000000; the default is 300 seconds. Entering the value 0 disables the MAC aging. If a VLAN is not
specified, the aging specification applies to all VLANs.
Reference:
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/M ACAddress.html
QUESTION 52
If a network engineer applies the command mac-address-table notification mac-move on a Cisco switch port, when is a syslog message generated?
A. A MAC address or host moves between different switch ports.
B. A new MAC address is added to the content-addressable memory.
C. A new MAC address is removed from the content-addressable memory.
D. More than 64 MAC addresses are added to the content-addressable memory. Correct Answer: A
Explanation Explanation/Reference:
Explanation:
mac-address-table notification mac-move
To enable MAC-move notification, use the mac-address-table notification mac-move com- mand in global configuration mode. To disable MAC-move notification,
use the no form of this command.
mac-address-table notification mac-move [counter [syslog]] no mac-address-table notification mac-move [counter [syslog]] Syntax Description
counter (Optional) Specifies the MAC-move counter feature. syslog (Optional) Specifies the syslogging facility when the MAC-move notification detects the first
instance of the MAC move.
Usage Guidelines
MAC-move notification generates a syslog message whenever a MAC address or host moves between different switch ports.
Reference: http://www.cisco.com/en/US/docs/ios/lanswitch/command/reference/lsw_m1.html
QUESTION 53
Which option is a possible cause for an errdisabled interface?
A. routing loop
B. cable unplugged
C. STP loop guard
D. security violation Correct Answer: D
Explanation Explanation/Reference:
Explanation:
There are various reasons for the interface to go into errdisable. The reason can be:
Duplex mismatch
Port channel misconfiguration
BPDU guard violation
UniDirectional Link Detection (UDLD) condition
Late-collision detection
Link-flap detection
Security violation
Port Aggregation Protocol (PAgP) flap
Layer 2 Tunneling Protocol (L2TP) guard
DHCP snooping rate-limit
Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable Address Resolution Protocol (ARP) inspection
Inline power Reference: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml
QUESTION 54
What is the default value for the errdisable recovery interval in a Cisco switch?
A. 30 seconds
B. 100 seconds
C. 300 seconds
D. 600 seconds Correct Answer: C
Explanation Explanation/Reference:
Explanation:
After you fix the root problem, the ports are still disabled if you have not configured errdisable recovery on the switch. In this case, you must reenable the ports
manually. Issue the shutdown command and then the no shutdown interface mode command on the associated interface in order to manually reenable the ports.
The errdisable recovery command allows you to choose the type of errors that automatically reenable the ports after a specified amount of time. The show errdisable recovery command shows the default error-disable recovery state for all the possible conditions. cat6knative#show errdisable recovery ErrDisable Reason Timer Status
udld Disabled
bpduguard Disabled
security-violatio Disabled
channel-misconfig Disabled
pagp-flap Disabled
dtp-flap Disabled
link-flap Disabled
l2ptguard Disabled
psecure-violation Disabled
gbic-invalid Disabled
dhcp-rate-limit Disabled
mac-limit Disabled
unicast-flood Disabled
arp-inspection Disabled
Timer interval: 300 seconds
Interfaces that will be enabled at the next timeout:
Note: The default timeout interval is 300 seconds and, by default, the timeout feature is disabled.
Reference:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml
QUESTION 55
Which statement about LLDP-MED is true?
A. LLDP-MED is an extension to LLDP that operates between endpoint devices and network devices.
B. LLDP-MED is an extension to LLDP that operates only between network devices.
C. LLDP-MED is an extension to LLDP that operates only between endpoint devices.
D. LLDP-MED is an extension to LLDP that operates between routers that run BGP.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
LLDP for Media Endpoint Devices (LLDP-MED) is an extension to LLDP that operates between endpoint devices such as IP phones and network devices such as
switches. It specifically provides support for voice over IP (VoIP) applications and provides additional TLVs for capabilities discovery, network policy, Power over
Ethernet, and inventory management.
Reference:
http://www.cisco.com/en/US/docs/switches/metro/me3400/software/release/12.2_58_se/configur ation/guide/swlldp.pdf
QUESTION 56
Which statement about Cisco devices learning about each other through Cisco Discovery Protocol is true?
A. Each device sends periodic advertisements to multicast address 01:00:0C:CC:CC:CC.
B. Each device broadcasts periodic advertisements to all of its neighbors.
C. Each device sends periodic advertisements to a central device that builds the network topology.
D. Each device sends periodic advertisements to all IP addresses in its ARP table.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Cisco devices send periodic CDP announcements to the multicast destination address 01-00-0c- cc-cc-cc, out each connected network interface. These multicast
packets may be received by Cisco switches and other networking devices that support CDP into their connected network interface.
Reference: http://network.spravcesite.net/subdom/network/index.php?id=cdp
QUESTION 57
Which option lists the information that is contained in a Cisco Discovery Protocol advertisement?
A. native VLAN IDs, port-duplex, hardware platform
B. native VLAN IDs, port-duplex, memory errors
C. native VLAN IDs, memory errors, hardware platform
D. port-duplex, hardware platform, memory errors
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Type-Length-Value fields (TLVs) are blocks of information embedded in CDP advertisements. Table 21 summarizes the TLV definitions for CDP advertisements.
Table 21 Type-Length-Value Definitions for CDPv2
TLV Definition
Device-ID TLV Identifies the device name in the form of a character string.
Address TLV Contains a list of network addresses of both receiving and sending devices.
Port-ID TLV Identifies the port on which the CDP packet is sent.
Capabilities TLV Describes the functional capability for the device in the form of a de- vice type, for example, a switch.
Version TLV Contains information about the software release version on which the device is running.
Platform TLV Describes the hardware platform name of the device, for example, Cisco 4500.
IP Network Prefix Contains a list of network prefixes to which the sending device can TLV forward IP packets. This information is in the form of the interface protocol and port number, for example, Eth 1/0.
VTP Management Advertises the system’s configured VTP management domain name- Domain TLV string. Used by network operators to verify VTP domain configuration in adjacent network nodes.
Native VLAN TLV Indicates, per interface, the assumed VLAN for untagged packets on the interface. CDP learns the native VLAN for an interface. This fea- ture is implemented only for interfaces that support the IEEE 802.1Q protocol.
Full/Half Duplex Indicates status (duplex configuration) of CDP broadcast interface. TLV Used by network operators to diagnose connectivity problems be- tween adjacent network elements.
Reference: http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf015.html
QUESTION 58
Which option describes a limitation of LLDP?
A. LLDP cannot provide information about VTP.
B. LLDP does not support TLVs.
C. LLDP can discover only Windows servers.
D. LLDP can discover up to two devices per port.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
LLDP Versus Cisco Discovery Protocol TLV Comparison Function Description LLDP TLV Cisco Discovery Protocol TLV
IP network prefix support-Used to send the net- No IP Network Prefix work prefix and used for ODR TLV
Hello piggybacking-Can be used to piggy back No Protocol Hello TLV hello messages from other protocols
Maximum-transmission-unit (MTU) sup- No MTU TLV port-Specifies the size of the MTU
External port support-Used to identify the card No External Port-ID terminating the fiber in the case of wave- TLV length-division multiplexing (WDM)
VTP management support No VTP Management Domain TLV
Port unidirectional mode-Used in fiber, where No Port UniDirectional the connection may be unidirectional Mode TLV
Management address Management Ad- Management-Ad-dress TLV dressTLV
Allows for organizational unique TLVs Yes No Reference: http://www.cisco.com/en/US/technologies/tk652/tk701/technologies_white_paper0900aecd804c d46d.html
QUESTION 59
Which statement about the UDLD protocol is true?
A. UDLD is a Cisco-proprietary Layer 2 protocol that enables devices to monitor the physical status of links and detect unidirectional failures.
B. UDLD is a Cisco-proprietary Layer 2 protocol that enables devices to advertise their identity, capabilities, and neighbors on a local area network.
C. UDLD is a standardized Layer 2 protocol that enables devices to monitor the physical status of links and detect unidirectional failures.
D. UDLD is a standardized Layer 2 protocol that enables devices to advertise their identity, capabilities, and neighbors on a local area network.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
The Cisco-proprietary UDLD protocol monitors the physical configuration of the links between devices and ports that support UDLD. UDLD detects the existence
of unidirectional links. When a unidirectional link is detected, UDLD puts the affected port into the errdisabled state and alerts the user.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/udl d.html
QUESTION 60
Which option lists the modes that are available for configuring UDLD on a Cisco switch?
A. normal and aggressive
B. active and aggressive
C. normal and active
D. normal and passive
E. normal and standby
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
The Cisco-proprietary UDLD protocol monitors the physical configuration of the links between devices and ports that support UDLD. UDLD detects the existence
of unidirectional links. When a unidirectional link is detected, UDLD puts the affected port into the errdisabled state and alerts the user. UDLD can operate in either
normal or aggressive mode.
Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/udl d.html
QUESTION 61
What is the default interval at which Cisco devices send Cisco Discovery Protocol advertisements?
A. 30 seconds
B. 60 seconds
C. 120 seconds
D. 300 seconds
Correct Answer: B Explanation
Explanation/Reference:
Explanation: Cisco Discovery Protocol is a Layer 2, media-independent, and network-independent protocol that networking applications use to learn about nearby, directly connected devices. Cisco Discovery Protocol is enabled by default. Each device configured for Cisco Discovery Protocol advertises at least one address at which the device can receive messages and sends periodic advertisements (messages) to the well-known multicast address 01:00:0C:CC:CC:CC. Devices discover each other by listening at that address. They also listen to messages to learn when interfaces on other devices are up or go down. Advertisements contain time-to-live information, which indicates the length of time a receiving device should hold Cisco Discovery Protocol information before discarding it. Advertisements supported and configured in Cisco software are sent, by default, every 60 seconds. Reference: http://www.cisco.com/en/US/docs/ ios-xml/ios/cdp/configuration/15-mt/nm-cdp- discover.html
QUESTION 62
Which statement about Cisco Discovery Protocol configuration on a Cisco switch is true?
A. CDP is enabled by default and can be disabled globally with the command no cdp run.
B. CDP is disabled by default and can be enabled globally with the command cdp enable.
C. CDP is enabled by default and can be disabled globally with the command no cdp enable.
D. CDP is disabled by default and can be enabled globally with the command cdp run.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
CDP is enabled on your router by default, which means the Cisco IOS software will receive CDP information. CDP also is enabled on supported interfaces by
default. To disable CDP on an interface, use the “no cdp enable interface” configuration command. To disable it globally, use the “no cdp run” command.
Reference:
http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/frf015.html#wp10175
QUESTION 63
Which VTP mode is needed to configure an extended VLAN, when a switch is configured to use VTP versions 1 or 2?
A. transparent
B. client
C. server
D. Extended VLANs are only supported in version 3 and not in versions 1 or 2.
Correct Answer: D Explanation
Explanation/Reference:
Explanation:
VTP version 1 and version 2 support VLANs 1 to 1000 only. Extended-range VLANs are supported only in VTP version 3. If converting from VTP version 3 to VTP
version 2, VLANs in the range 1006 to 4094 are removed from VTP control.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/vtp.
html
QUESTION 64
What is the size of the VLAN field inside an 802.1q frame?
A. 8-bit
B. 12-bit
C. 16-bit
D. 32-bit
Correct Answer: B Explanation
Explanation/Reference:
Explanation: The VLAN field is a 12-bit field specifying the VLAN to which the frame belongs. The hexadecimal values of 0x000 and 0xFFF are reserved. All other values may be used as VLAN identifiers, allowing up to 4,094 VLANs Reference: http://en.wikipedia.org/wiki/IEEE_802.1Q
QUESTION 65
What is the maximum number of VLANs that can be assigned to an access switchport without a voice VLAN?
A. 0
B. 1
C. 2
D. 1024
Correct Answer: B Explanation Explanation/Reference:
Explanation:
A standard (non-voice VLAN port) access switch port can belong to only a single VLAN. If more than one VLAN is needed, the port should be configured as a
trunk port.
QUESTION 66
Refer to the exhibit.
Which option shows the expected result if a show vlan command is issued?
A. Exhibit A
B. Exhibit B
C. Exhibit C
D. Exhibit D
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
In this case, the port has been configured both as a trunk and as a switchport in data vlan 10. Obviously, a port can not be both, so even though Cisco IOS will
accept both, the port will actually be used as a trunk, ignoring the switchport access VLAN 10 command.
QUESTION 67
Which feature is automatically enabled when a voice VLAN is configured, but not automatically disabled when a voice VLAN is removed?
A. portfast
B. port-security
C. spanning tree D. storm control
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Voice VLAN Configuration Guidelines
You should configure voice VLAN on switch access ports.
The voice VLAN should be present and active on the switch for the IP phone to correctly communicate on the voice VLAN. Use the show vlan privileged EXEC command to see if the VLAN is present (listed in the display).
The Port Fast feature is automatically enabled when voice VLAN is configured. When you disable voice VLAN, the Port Fast feature is not automatically
disabled. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_22_ea11x/co nfiguration/guide/swvoip.html
QUESTION 68
In which portion of the frame is the 802.1q header found?
A. within the Ethernet header
B. within the Ethernet payload
C. within the Ethernet FCS
D. within the Ethernet source MAC address
Correct Answer: A Explanation
Explanation/Reference:
Explanation: Frame format
Insertion of 802.1Q tag in an Ethernet frame 802.1Q does not encapsulate the original frame. Instead, for Ethernet frames, it adds a 32-bit field between the source MAC address and the EtherType/length fields of the original frame Reference: http://en.wikipedia.org/wiki/IEEE_802.1Q
QUESTION 69
Which VLAN range is eligible to be pruned when a network engineer enables VTP pruning on a switch?
A. VLANs 1-1001
B. VLANs 1-4094
C. VLANs 2-1001
D. VLANs 2-4094
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
VTP pruning should only be enabled on VTP servers, all the clients in the VTP domain will automatically enable VTP pruning. By default, VLANs 2 1001 are
pruning eligible, but VLAN 1 can’t be pruned because it’s an administrative VLAN. Both VTP versions 1 and 2 supports pruning.
Reference: http://www.orbit-computer-solutions.com/VTP-Pruning.php
QUESTION 70
Which feature must be enabled to eliminate the broadcasting of all unknown traffic to switches that are not participating in the specific VLAN?
A. VTP pruning
B. port-security
C. storm control
D. bpdguard
Correct Answer: A Explanation
Explanation/Reference:
Explanation: VTP ensures that all switches in the VTP domain are aware of all VLANs. However, there are occasions when VTP can create unnecessary traffic. All unknown unicasts and broadcasts in a VLAN are flooded over the entire VLAN. All switches in the network receive all broadcasts, even in situations in which few users are connected in that VLAN. VTP pruning is a feature that you use in order to eliminate or prune this unnecessary traffic. Reference: http://www.cisco.com/c/en/us/ support/docs/lan-switching/vtp/10558- 21.html#vtp_pruning
QUESTION 71
Refer to the exhibit.
The users in an engineering department that connect to the same access switch cannot access the network. The network engineer found that the engineering
VLAN is missing from the database.
Which action resolves this problem?
A. Disable VTP pruning and disable 802.1q.
B. Update the VTP revision number.
C. Change VTP mode to server and enable 802.1q.
D. Enable VTP pruning and disable 802.1q.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Only VTP servers can add new VLANs to the switched network, so to enable vlan 10 on this switch you will first need to change the VTP mode from client to
server. Then, you will need to enable 802.1Q trunking to pass this new VLAN along to the other switches.
QUESTION 72
Refer to the exhibit.
The network switches for two companies have been connected and manually configured for the required VLANs, but users in company A are not able to access network resources in company B when DTP is enabled. Which action resolves this problem?
A. Delete vlan.dat and ensure that the switch with lowest MAC address is the VTP server.
B. Disable DTP and document the VTP domain mismatch.
C. Manually force trunking with switchport mode trunk on both switches.
D. Enable the company B switch with the vtp mode server command.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Since the number of existing VLANs differ on the switches (9 on A and 42 on B) we know that there is a problem with VTP or the trunking interfaces. The VTP
domain names do match and they are both VTP servers so there are no issues there. The only viable solution is that there is a DTP issues and so you must
instead manually configure the trunk ports between these two switches so that the VLAN information can be sent to each switch.
QUESTION 73
A network engineer must implement Ethernet links that are capable of transporting frames and IP traffic for different broadcast domains that are mutually isolated. Consider that this is a multivendor environment. Which Cisco IOS switching feature can be used to achieve the task?
A. PPP encapsulation with a virtual template
B. Link Aggregation Protocol at the access layer
C. dot1q VLAN trunking
D. Inter-Switch Link
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Here the question asks for transporting “frames and IP traffic for different broadcast domains that are mutually isolated” which is basically a long way of saying
VLANs so trunking is needed to carry VLAN information. There are 2 different methods for trunking, 802.1Q and ISL. Of these, only 802.1Q is supported by
multiple vendors since ISL is a Cisco proprietary protocol.
QUESTION 74
Which statement about using native VLANs to carry untagged frames is true?
A. Cisco Discovery Protocol version 2 carries native VLAN information, but version 1 does not.
B. Cisco Discovery Protocol version 1 carries native VLAN information, but version 2 does not.
C. Cisco Discovery Protocol version 1 and version 2 carry native VLAN information.
D. Cisco Discovery Protocol version 3 carries native VLAN information, but versions 1 and 2 do not.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Cisco Discovery Protocol (CDP) version 2 passes native VLAN information between Cisco switches. If you have a native VLAN mismatch, you will see CDP error
messages on the console output.
Reference: http://www.ciscopress.com/articles/article.asp?p=29803&seqNum=3
QUESTION 75
Refer to the exhibit.
A multilayer switch has been configured to send and receive encapsulated and tagged frames. VLAN 2013 on the multilayer switch is configured as the native VLAN. Which option is the cause of the spanning-tree error?
A. VLAN spanning-tree in SW-2 is configured.
B. spanning-tree bpdu-filter is enabled.
C. 802.1q trunks are on both sides, both with native VLAN mismatch.
D. VLAN ID 1 should not be used for management traffic because its unsafe.
Correct Answer: C Explanation
Explanation/Reference:
Here we see that the native VLAN has been configured as 2013 on one switch, but 1 (the default native VLAN) on the other switch. If you use 802.1Q trunks, you must ensure that you choose a common native VLAN for each port in the trunk. Failure to do this causes Cisco switches to partially shut down the trunk port because having mismatched native VLANs can result in spanning-tree loops. Native VLAN mismatches are detected via spanning tree and Cisco Discovery Protocol (CDP), not via DTP messages. If spanning tree detects a native VLAN mismatch, spanning tree blocks local native VLAN traffic and the remote switch native VLAN traffic on the trunk; however, the trunk still remains up for other VLANs. Reference: http://www.informit.com/library/content.aspx? b=CCNP_Studies_Switching&seqNum=25
QUESTION 76
A network engineer must improve bandwidth and resource utilization on the switches by stopping the inefficient flooding of frames on trunk ports where the frames
are not needed.
Which Cisco IOS feature can be used to achieve this task?
A. VTP pruning
B. access list
C. switchport trunk allowed VLAN
D. VLAN access-map
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
Cisco advocates the benefits of pruning VLANs in order to reduce unnecessary frame flooding. The “vtp pruning” command prunes VLANs automatically, which
stops the inefficient flooding of frames where they are not needed.
Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series- switches/24330-185.html
QUESTION 77
Which action allows a network engineer to limit a default VLAN from being propagated across all trunks?
A. Upgrade to VTP version 3 for advanced feature set support.
B. Enable VTP pruning on the VTP server.
C. Manually prune default VLAN with switchport trunk allowed vlans remove.
D. Use trunk pruning vlan 1.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Manaully pruning the default VLAN (1) can only be done with the “switchport trunk allowed vlans remove” command. VLAN 1 is not VTP pruning eligible so it
cannot be done via VTP pruning. The “trunk pruning vlan 1” option is not a valid command.
QUESTION 78
What is required for a LAN switch to support 802.1q Q-in-Q encapsulation?
A. Support less than 1500 MTU
B. Support 1504 MTU or higher
C. Support 1522 layer 3 IP and IPX packet
D. Support 1547 MTU only
Correct Answer: B Explanation Explanation/Reference:
Explanation:
The default system MTU for traffic on Catalyst switches is 1500 bytes. Because the 802.1Q tunneling (Q-in-Q) feature increases the frame size by 4 bytes when
the extra tag is added, you must configure all switches in the service-provider network to be able to process maximum frames by increasing the switch system
MTU size to at least 1504 bytes.
Explanation:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.1_13_ea1/confi guration/guide/swtunnel.html
QUESTION 79
Refer to the exhibit.
How many bytes are added to each frame as a result of the configuration?
A. 4-bytes except the native VLAN
B. 8-bytes except the native VLAN
C. 4-bytes including native VLAN
D. 8-bytes including native VLAN
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
In 802.1Q trunking, all VLAN packets are tagged on the trunk link, except the native VLAN. A VLAN tag adds 4 bytes to the frame. Two bytes are used for the tag
protocol identifier (TPID), the other two bytes for tag control information (TCI).
QUESTION 80
A network engineer configured a fault-tolerance link on Gigabit Ethernet links G0/1, G0/2, G0/3, and G0/4 between two switches using Ethernet port-channel. Which action allows interface G0/1 to always actively forward traffic in the port-channel?
A. Configure G0/1 as half duplex and G0/2 as full duplex.
B. Configure LACP port-priority on G0/1 to 1.
C. Configure LACP port-priority on G0/1 to 65535.
D. LACP traffic goes through G0/4 because it is the highest interface ID.
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
A LACP port priority is configured on each port using LACP. The port priority can be configured automatically or through the CLI. LACP uses the port priority with
the port number to form the port identifier. The port priority determines which ports should be put in standby mode when there is a hardware limitation that
prevents all compatible ports from aggregating. The higher the number, the lower the priority. The valid range is from 1 to 65535. The default is 32768.
Reference:
http://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/gigeth.html#wp1081491
QUESTION 81
Which statement about the use of PAgP link aggregation on a Cisco switch that is running Cisco IOS Software is true?
A. PAgP modes are off, auto, desirable, and on. Only the combinations auto-desirable, desirable- desirable, and on-on allow the formation of a channel.
B. PAgP modes are active, desirable, and on. Only the combinations active-desirable, desirable- desirable, and on-on allow the formation of a channel.
C. PAgP modes are active, desirable, and on. Only the combinations active-active, desirable- desirable, and on-on allow the formation of a channel.
D. PAgP modes are off, active, desirable, and on. Only the combinations auto-auto, desirable- desirable, and on-on allow the formation of a channel.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
PAgP modes are off, auto, desirable, and on. Only the combinations auto-desirable, desirable- desirable, and on-on will allow a channel to be formed.
The PAgP modes are explained below.
1.
on: PAgP will not run. The channel is forced to come up.
2.
off: PAgP will not run. The channel is forced to remain down.
3.
auto: PAgP is running passively. The formation of a channel is desired; however, it is not initiated.
4.
desirable: PAgP is running actively. The formation of a channel is desired and ini- tiated.
Only the combinations of auto-desirable, desirable-desirable, and on-on will allow a channel to be formed. If a device on one side of the channel does not support
PAgP, such as a router, the device on the other side must have PAgP set to on.
Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2900-xl-series- switches/21041-131.html
QUESTION 82
Refer to the exhibit.
Which EtherChannel negotiation protocol is configured on the interface f0/13 f0/15?
A. Link Combination Control Protocol
B. Port Aggregation Protocol
C. Port Combination Protocol
D. Link Aggregation Control Protocol
Correct Answer: B Explanation
Explanation/Reference:
Explanation:
PAgP modes are off, auto, desirable, and on. Only the combinations auto-desirable, desirable- desirable, and on-on will allow a channel to be formed. .
1.
on: PAgP will not run. The channel is forced to come up.
2.
off: PAgP will not run. The channel is forced to remain down.
3.
auto: PAgP is running passively. The formation of a channel is desired; however, it is not initiated.
4.
desirable: PAgP is running actively. The formation of a channel is desired and ini- tiated.
The Link Aggregate Control Protocol (LACP) trunking supports four modes of operation: On: The link aggregation is forced to be formed without any LACP negotiation .In other words, the switch neither sends the LACP packet nor processes any inbound LACP packet. This is similar to the on state for PAgP.
Off: The link aggregation is not formed. We do not send or understand the LACP packet.
This is similar to the off state for PAgP.
Passive: The switch does not initiate the channel but does understand inbound LACP packets. The peer (in active state) initiates negotiation (when it sends out an LACP packet) which we receive and answer, eventually to form the aggregation channel with the peer. This is similar to the auto mode in PAgP.
Active: We can form an aggregate link and initiate the negotiation. The link aggregate is formed if the other end runs in LACP active or passive mode. This is
similar to the desir- able mode of PAgP. In this example, we see that fa 0/13, fa0/14, and fa0/15 are all in Port Channel 12, which is operating in desirable mode, which is only a PAgP mode.
QUESTION 83
Refer to the exhibit.
Users of PC-1 experience slow connection when a webpage is requested from the server. To increase bandwidth, the network engineer configured an EtherChannel on interfaces Fa1/0 and Fa0/1 of the server farm switch, as shown here:
Server_Switch#sh etherchannel load-balance EtherChannel Load-Balancing Operational State (src-mac): Non-IP: Source MAC address IPv4: Source MAC address IPv6: Source IP address Server_Switch#
However, traffic is still slow. Which action can the engineer take to resolve this issue?
A. Disable EtherChannel load balancing.
B. Upgrade the switch IOS to IP services image.
C. Change the load-balance method to dst-mac.
D. Contact Cisco TAC to report a bug on the switch.
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Since this traffic is coming from PC-1, the source MAC address will always be that of PC-1, and since the load balancing method is source MAC, traffic will only be
using one of the port channel links. The load balancing method should be changed to destination MAC, since the web server has two NICs traffic will be load
balanced across both MAC addresses.
QUESTION 84
A network engineer changed the port speed and duplex setting of an existing EtherChannel bundle that uses the PAgP protocol. Which statement describes what happens to all ports in the bundle?
A. PAgP changes the port speed and duplex for all ports in the bundle.
B. PAgP drops the ports that do not match the configuration.
C. PAgP does not change the port speed and duplex for all ports in the bundle until the switch is rebooted.
D. PAgP changes the port speed but not the duplex for all ports in the bundle.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
PAgP aids in the automatic creation of EtherChannel links. PAgP packets are sent between EtherChannel-capable ports in order to negotiate the formation of a
channel. Some restrictions are deliberately introduced into PAgP. The restrictions are:
PAgP does not form a bundle on ports that are configured for dynamic VLANs. PAgP requires that all ports in the channel belong to the same VLAN or are configured as trunk ports. When a bundle already exists and a VLAN of a port is modified, all ports in the bundle are modified to match that VLAN.
PAgP does not group ports that operate at different speeds or port duplex. If speed and duplex change when a bundle exists, PAgP changes the port speed and duplex for all ports in the bundle.
PAgP modes are off, auto, desirable, and on. Only the combinations auto-desirable, desirable- desirable, and on-on allow the formation of a channel. The device on the other side must have PAgP set to on if a device on one side of the channel does not support PAgP, such as a router. Reference: http:// www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/12023-4.html
QUESTION 85
Which statement about using EtherChannel on Cisco IOS switches is true?
A. A switch can support up to eight compatibly configured Ethernet interfaces in an EtherChannel. The EtherChannel provides full-duplex bandwidth up to 800 Mbps only for Fast EtherChannel or 8 Gbps only for Gigabit EtherChannel.
B. A switch can support up to 10 compatibly configured Ethernet interfaces in an EtherChannel. The EtherChannel provides full-duplex bandwidth up to 1000 Mbps only for Fast EtherChannel or 8 Gbps only for Gigabit EtherChannel.
C. A switch can support up to eight compatibly configured Ethernet interfaces in an EtherChannel. The EtherChannel provides full-duplex bandwidth up to 800 Mbps only for Fast EtherChannel or 16 Gbps only for Gigabit EtherChannel.
D. A switch can support up to 10 compatibly configured Ethernet interfaces in an EtherChannel. The EtherChannel provides full-duplex bandwidth up to 1000 Mbps only for Fast EtherChannel or 10 Gbps only for Gigabit EtherChannel.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: An EtherChannel consists of individual Fast Ethernet or Gigabit Ethernet links bundled into a single logical link. The EtherChannel provides full-duplex bandwidth up to 800 Mbps (Fast EtherChannel) or 8 Gbps (Gigabit EtherChannel) between your switch and another switch or host. Each EtherChannel can consist of up to eight compatibly configured Ethernet interfaces. All interfaces in each EtherChannel must be the same speed, and all must be configured as either Layer 2 or Layer 3 interfaces. Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/12023-4.html
QUESTION 86
Refer to the exhibit.
Which statement about switch S1 is true?
A. Physical port Fa0/13, Fa0/14, and Fa0/15 successfully formed a Layer 2 port-channel interface using an open standard protocol.
B. Logical port Fa0/13, Fa0/14, and Fa0/15 successfully formed a Layer 2 physical port-channel interface using a Cisco proprietary protocol.
C. Physical port Fa0/13, Fa0/14, and Fa0/15 successfully formed a Layer 3 port-channel interface using a Cisco proprietary protocol.
D. Logical port Fa0/13, Fa0/14, and Fa0/15 successfully formed a Layer 3 physical port-channel interface using an open standard protocol.
Correct Answer: A Explanation
Explanation/Reference:
Explanation:
These three ports show that they are in Port Channel 1, and the (SU) means they are in use and operating at layer 2. The protocol used for this port channel
shows as LACP, which is a standards based protocol, as opposed to PAgP, which is Cisco proprietary.
QUESTION 87
What happens on a Cisco switch that runs Cisco IOS when an RSTP-configured switch receives 802.1d BPDU?
A. 802.1d does not understand RSTP BPDUs because they are different versions, but when a RSTP switch receives an 802.1d BPDU, it responds with an 802.1d BPDU and eventually the two switches run 802.1d to communicate.
B. 802.1d understands RSTP BPDUs because they are the same version, but when a RSTP switch receives a 802.1d BPDU, it responds with a 802.1d BPDU and eventually the two switches run 802.1d to communicate.
C. 802.1d does not understand RSTP BPDUs because they are different versions, but when a RSTP switch receives a 802.1d BPDU, it does not respond with a 802.1d BPDU.
D. 802.1d understands RSTP BPDUs because they are the same version, but when a RSTP switch receives a 802.1d BPDU, it does not respond with a 802.1d BPDU and eventually the two switches run 802.1d to communicate.
Correct Answer: A Explanation
Explanation/Reference:
Explanation: For backward compatibility with 802.1D switches, RSTP selectively sends 802.1D configuration BPDUs and TCN BPDUs on a per-port basis. When a port is initialized, the migrate-delay timer is started (specifies the minimum time during which RSTP BPDUs are sent), and RSTP BPDUs are sent. While this timer is active, the switch processes all BPDUs received on that port and ignores the protocol type. If the switch receives an 802.1D BPDU after the port migration-delay timer has expired, it assumes that it is connected to an 802.1D switch and starts using only 802.1D BPDUs. However, if the RSTP switch is using 802.1D BPDUs on a port and receives an RSTP BPDU after the timer has expired, it restarts the timer and starts using RSTP BPDUs on that port. Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12- 2SX/configuration/guide/book/spantree.html
QUESTION 88
When two MST instances (MST 1 and MST 2) are created on a switch, what is the total number of spanning-tree instances running on the switch?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C Explanation
Explanation/Reference:
Explanation:
Unlike other spanning tree protocols, in which all the spanning tree instances are independent, MST establishes and maintains IST, CIST, and CST spanning trees:
An IST is the spanning tree that runs in an MST region.
Within each MST region, MST maintains multiple spanning tree instances. Instance 0 is a special instance for a region, known as the IST. All other MST instances are numbered from 1 to 4094. In the case for this question, there will be the 2 defined MST instances, and the special 0 instance, for a total of 3 instances.
The IST is the only spanning tree instance that sends and receives BPDUs. All of the other span- ning tree instance information is contained in MSTP records (M-
With Flydumps.com complete study guide for the Cisco 300-115 exam you will find questions and answers from previous exams as well as ones that our experts believe will be on the upcoming exams due to upgrades and new releases. This gives you the resources you actually need to pass the exam instead of just studying material without any knowledge of what might be on a test. If you want a career in the IT world, a certification is the only answer to ensure you get your dream job.
Welcome to download the newest Flydumps Cisco 300-115 VCE dumps: http://www.flydumps.com/Cisco 300-115.html
Cisco 300-115 Exam Dumps, Provides Best Cisco 300-115 PDF Material On Sale