1. Which of the following devices performs transparent
bridging?
a. Ethernet hub
b. Layer 2 switch
c. Layer 3 switch
d.
Router
2. When a PC is connected to a Layer 2 switch port, how far
does the collision domain
spread?
a. No collision domain exists.
b. One switch port.
c. One VLAN.
d. All ports on the switch.
3. What information is used to forward frames in a Layer 2
switch?
a. Source MAC address
b. Destination MAC address
c. Source switch port
d. IP addresses
4. What does a switch do if a MAC address cannot be found in
the CAM table?
a. The frame is forwarded to the default port.
b. The switch generates an ARP request for the address.
c. The switch floods the frame out all
ports (except the receiving port).
d. The switch drops the frame.
5. In the Catalyst 6500, frames can be filtered with access
lists for security and QoS
purposes. This filtering occurs
according to which of the following?
a. Before a CAM table lookup
b. After a CAM table lookup
c. Simultaneously with a CAM table lookup
d. According to how the access lists are configured
6. Access list contents can be merged into which of the
following?
a. CAM table
b. TCAM table
c. FIB table
d. ARP table
7. Multilayer switches using CEF are based on which of these
techniques?
a. Route caching
b. Netflow switching
c. Topology-based switching
d.
Demand-based switching
8. Which answer describes multilayer switching with CEF?
a. The first packet is routed and then the flow is cached.
b. The switch supervisor CPU forwards each packet.
c. The switching hardware learns station addresses and
builds a routing database.
d. A single database of routing
information is built for the switching hardware.
9. In a switch, frames are placed in which buffer after
forwarding decisions are made?
a. Ingress queues
b. Egress queues
c. CAM table
d. TCAM
10. What size are the mask and pattern fields in a TCAM
entry?
a. 64 bits
b. 128 bits
c. 134 bits
d. 168 bits
11. Access list rules are compiled as TCAM entries. When a
packet is matched against an
access list, in what order are the
TCAM entries evaluated?
a. Sequentially in the order of the original access list.
b. Numerically by the access list number.
c. Alphabetically by the access list name.
d. All entries are evaluated in parallel.
12. Which Catalyst IOS command can you use to display the
addresses in the CAM table?
a. show cam
b. show mac address-table
c. show mac
d.
show cam
address-table
CHAPTER 3
1. What does the IEEE 802.3 standard define?
a. Spanning Tree Protocol
b. Token Ring
c. Ethernet
d. Switched Ethernet
2. At what layer are traditional 10-Mbps Ethernet, Fast
Ethernet, and Gigabit Ethernet
the same?
a. Layer 1
b. Layer 2
c. Layer 3
d.
Layer 4
3. At what layer are traditional 10-Mbps Ethernet, Fast
Ethernet, and Gigabit Ethernet
different?
a. Layer 1
b. Layer 2
c. Layer 3
d. Layer 4
4. What is the maximum cable distance for a Category 5
100BASE-TX connection?
a. 100 feet
b. 100 m
c. 328 m
d. 500 m
5. Ethernet autonegotiation determines which of the
following?
a. Spanning-tree mode
b. Duplex mode
c. Quality of service mode
d. Error threshold
6. Which of the following cannot be automatically determined
and set if the far end of
a connection doesn’t support
autonegotiation?
a. Link speed
b. Link duplex mode
c. Link media type
d. MAC address
7. Which of these is not a standard type of gigabit
interface converter (GBIC) or small
form factor pluggable (SFP) module?
a. 1000BASE-LX/LH
b. 1000BASE-T
c. 1000BASE-FX
d. 1000BASE-ZX
8. What type of cable should you use to connect two switches
back to back using their
Fast Ethernet 10/100 ports?
a. Rollover cable
b. Transfer cable
c. Crossover cable
d.
Straight-through cable
9. Assume that you have just entered the configure terminal command. To configure
the speed of the first Fast Ethernet
interface on Cisco Catalyst switch module number
one to 100 Mbps, which one of these
commands should you enter first?
a. speed 100 mbps
b. speed 100
c. interface fastethernet 1/0/1
d. interface fast ethernet 1/0/1
10. If a switch port is in the errdisable state, what is the
first thing you should do?
a. Reload the switch.
b. Use the clear errdisable port command.
c. Use the shut and no shut interface-configuration commands.
d. Determine the cause of the problem.
11. Which of the following show interface output information can you use to diagnose a
switch port problem?
a. Port state.
b. Port speed.
c. Input errors.
d. Collisions.
e.
All these answers are correct.
Chapter
4
1. A VLAN is which of the following?
a. Collision domain
b. Spanning-tree domain
c. Broadcast domain
d.
VTP domain
2. Switches provide VLAN connectivity at which layer of the
OSI model?
a. Layer 1
b. Layer 2
c. Layer 3
d. Layer 4
3. Which one of the following is needed to pass data between
two PCs, each connected
to a different VLAN?
a. Layer 2 switch
b. Layer 3 switch
c. Trunk
d. Tunnel
4. Which Catalyst IOS switch command is used to assign a
port to a VLAN?
a. access vlan vlan-id
b. switchport access vlan vlan-id
c. vlan vlan-id
d. set port vlan vlan-id
5. Which of the following is a standardized method of trunk
encapsulation?
a. 802.1d
b. 802.1Q
c. 802.3z
d. 802.1a
6. What is the Cisco proprietary method for trunk
encapsulation?
a. CDP
b. EIGRP
c. ISL
d.
DSL
7. Which of these protocols dynamically negotiates trunking
parameters?
a. PAgP
b. STP
c. CDP
d.
DTP
8. How many different VLANs can an 802.1Q trunk support?
a. 256
b. 1024
c. 4096
d. 32,768
e. 65,536
9. Which of the following incorrectly describes a native
VLAN?
a. Frames are untagged on an 802.1Q trunk.
b. Frames are untagged on an ISL trunk.
c. Frames can be interpreted by a nontrunking host.
d. The native VLAN can be configured for each trunking port.
10. If two switches each support all types of trunk
encapsulation on a link between
them, which one will be negotiated?
a. ISL
b. 802.1Q
c. DTP
d. VTP
11. Which VLANs are allowed on a trunk link by default?
a. None
b. Only the native VLAN
c. All active VLANs
d. Only negotiated VLANs
12. Which command configures a switch port to form a trunk
without using negotiation?
a. switchport mode trunk
b. switchport mode trunk nonegotiate
c. switchport mode dynamic auto
d. switchport mode dynamic desirable
13. Two hosts are connected to switch interfaces Fast
Ethernet 0/1 and 0/33, but they
cannot communicate with each other.
Their IP addresses are in the 192.168.10.0/24
subnet, which is carried over VLAN 10.
The show vlan id 10 command generates the
following output:
Switch# show vlan id 10
VLAN Name Status Ports
—— ———————————————— ————- ———————————————
-
Users active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11,FA0/12,Fa0/13, Fa0/14,
Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa0/25,
Fa0/26, Fa0/27, Fa0/28, Fa0/31,
Fa0/32, Fa0/34, Fa0/35, Fa0/36,
Fa0/37, Fa0/39, Fa0/40, Fa0/41,
Fa0/42, Fa0/43, Fa0/46
The hosts are known to be up and
connected. Which of the following reasons might
be causing the problem?
a. The two hosts are assigned to VLAN 1.
b. The two hosts are assigned to
different VLANs.
c. Interface FastEthernet0/33 is a VLAN
trunk.
d.
The two hosts are using unregistered MAC addresses.
14. A trunk link between two switches did not come up as
expected. The configuration
on Switch A is as follows:
Switch A# show running-config interface gigabitethernet0/1
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1-10
switchport mode dynamic auto
no shutdown
The interface configuration on Switch
B is as follows:
Switch B# show running-config interface gigabitethernet0/1
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode dynamic auto
switchport access vlan 5
no shutdown
Which one of the following reasons is
probably causing the problem?
a. The two switches don’t have matching switchport trunk allowed vlan
commands.
b. Neither switch has a native VLAN
configured.
c. Both switches are configured in the
dynamic auto mode.
d.
Switch B is configured to use access VLAN 5.
Chapter
5
1. Which of the following is not a Catalyst switch VTP mode?
a. Server
b. Client
c. Designated
d.
Transparent
2. A switch in VTP transparent mode can do which one of the
following?
a. Create a new VLAN
b. Only listen to VTP advertisements
c. Send its own VTP advertisements
d. Cannot make VLAN configuration changes
3. Which one of the following is a valid VTP advertisement?
a. Triggered update
b. VLAN database
c. Subset
d. Domain
4. Which one of the following is needed for VTP
communication?
a. A Management VLAN
b. A Trunk link
c. An Access VLAN
d. An IP address
5. Which one of the following VTP modes does not allow any
manual VLAN configuration
changes?
a. Server
b. Client
c. Designated
d. Transparent
6. Select all the parameters that decide whether to accept
new VTP information:
a. VTP priority
b. VTP domain name
c. Configuration revision number
d. VTP server name
7. How many VTP management domains can a Catalyst switch
participate in?
a. 1
b. 2
c. Unlimited
d.
4096
8. Which IOS command configures a Catalyst switch for VTP
client mode?
a. set vtp mode client
b. vtp client
c. vtp mode client
d. vtp client mode
9. What is the purpose of VTP pruning?
a. Limit the number of VLANs in a domain
b. Stop unnecessary VTP advertisements
c. Limit the extent of broadcast traffic
d. Limit the size of the virtual tree
10. Which VLAN number is never eligible for VTP pruning?
a. 0
b. 1
c. 1000
d. 1001
11. Which of the following might present a VTP problem?
a. Two or more VTP servers in a domain
b. Two servers with the same configuration revision number
c. A server in two domains
d. A new server with a higher
configuration revision number
12. If a VTP server is configured for VTP version 2, what
else must happen for successful
VTP communication in a domain?
a. A VTP version 2 password must be set.
b. All other switches in the domain must
be version 2 capable.
c. All other switches must be configured for VTP version 2.
d.
The VTP configuration revision number must be reset.
Chapter
6
1. If Fast Ethernet ports are bundled into an EtherChannel,
what is the maximum
throughput supported on a Catalyst
switch?
a. 100 Mbps
b. 200 Mbps
c. 400 Mbps
d. 800 Mbps
e.
1600 Mbps
2. Which of these methods distributes traffic over an
EtherChannel?
a. Round robin
b. Least-used link
c. A function of address
d. A function of packet size
3. What type of interface represents an EtherChannel as a
whole?
a. Channel
b. Port
c. Port channel
d. Channel port
4. Which of the following is not a valid method for
EtherChannel load balancing?
a. Source MAC address
b. Source and destination MAC addresses
c. Source IP address
d. IP precedence
e. UDP/TCP port
5. How can the EtherChannel load-balancing method be set?
a. Per switch port
b. Per EtherChannel
c. Globally per switch
d. Can’t be configured
6. What logical operation is performed to calculate EtherChannel
load balancing as a
function of two addresses?
a. OR
b. AND
c. XOR
d. NOR
7. Which one of the following is a valid combination of
ports for an EtherChannel?
a. Two access links (one VLAN 5, one VLAN
5)
b. Two access links (one VLAN 1, one VLAN 10)
c. Two trunk links (one VLANs 1 to 10, one VLANs 1, 11 to
20)
d.
Two Fast Ethernet links (both full duplex, one 10 Mbps)
8. Which of these is a method for negotiating an
EtherChannel?
a. PAP
b. CHAP
c. LAPD
d. LACP
9. Which of the following is a valid EtherChannel
negotiation mode combination between
two switches?
a. PAgP auto, PAgP auto
b. PAgP auto, PAgP desirable
c. on, PAgP auto
d. LACP passive, LACP passive
10. When is PAgP’s “desirable silent” mode useful?
a. When the switch should not send PAgP frames
b. When the switch should not form an EtherChannel
c. When the switch should not expect to
receive PAgP frames
d. When the switch is using LACP mode
11. Which of the following EtherChannel modes does not send
or receive any negotiation
frames?
a. channel-group 1 mode passive
b. channel-group 1 mode active
c. channel-group 1 mode on
d. channel-group 1 mode desirable
e. channel-group 1 mode auto
12. Two computers are the only hosts sending IP data across
an EtherChannel between
two switches. Several different
applications are being used between them. Which of
these load-balancing methods would be
more likely to use the most links in the
EtherChannel?
a. Source and destination MAC addresses.
b. Source and destination IP addresses.
c. Source and destination TCP/UDP ports.
d. None of the other answers is correct.
13. Which command can be used to see the status of an
EtherChannel’s links?
a. show channel link
b. show etherchannel status
c. show etherchannel summary
d.
show ether channel
status
Chapter
7
1. How is a bridging loop best described?
a. A loop formed between switches for redundancy
b. A loop formed by the Spanning Tree Protocol
c. A loop formed between switches where
frames circulate endlessly
d. The round-trip path a frame takes from source to
destination
2. Which of these is one of the parameters used to elect a
root bridge?
a. Root path cost
b. Path cost
c. Bridge priority
d. BPDU revision number
3. If all switches in a network are left at their default
STP values, which one of the following
is not true?
a. The root bridge will be the switch with the lowest MAC
address.
b. The root bridge will be the switch
with the highest MAC address.
c. One or more switches will have a bridge priority of
32,768.
d. A secondary root bridge will be present on the network.
4. Configuration BPDUs are originated by which of the
following?
a. All switches in the STP domain
b. Only the root bridge switch
c. Only the switch that detects a topology change
d. Only the secondary root bridge when it takes over
5. Which of these is the single most important design
decision to be made in a network
running STP?
a. Removing any redundant links
b. Making sure all switches run the same version of IEEE
802.1D
c. Root bridge placement
d. Making sure all switches have redundant links
6. What happens to a port that is neither a root port nor a
designated port?
a. It is available for normal use.
b. It can be used for load balancing.
c. It is put into the Blocking state.
d.
It is disabled.
7. What is the maximum number of root ports that a Catalyst
switch can have?
a. 1
b. 2
c. Unlimited
d. None
8. What mechanism is used to set STP timer values for all
switches in a network?
a. Configuring the timers on every switch in the network.
b. Configuring the timers on the root
bridge switch.
c. Configuring the timers on both primary and secondary root
bridge
switches.
d. The timers can’t be adjusted.
9. MAC addresses can be placed into the CAM table, but no
data can be sent or received
if a switch port is in which of the
following STP states?
a. Blocking
b. Forwarding
c. Listening
d. Learning
10. What is the default “hello” time for IEEE 802.1D?
a. 1 second
b. 2 seconds
c. 30 seconds
d. 60 seconds
11. Which of the following is the Spanning Tree Protocol
defined in the IEEE 802.1Q
standard?
a. PVST
b. CST
c. EST
d. MST
12. If a switch has 10 VLANs defined and active, how many
instances of STP will run using
PVST+ versus CST?
a. 1 for PVST+, 1 for CST
b. 1 for PVST+, 10 for CST
c. 10 for PVST+, 1 for CST
d.
10 for PVST+, 10 for CST
Chapter
8
1. Where should the root bridge be placed on a network?
a. On the fastest switch
b. Closest to the most users
c. Closest to the center of the network
d.
On the least-used switch
2. Which of the following is a result of a poorly placed
root bridge in a network?
a. Bridging loops form.
b. STP topology can’t be resolved.
c. STP topology can take unexpected
paths.
d. Root bridge election flapping occurs.
3. Which of these parameters should you change to make a
switch become a root bridge?
a. Switch MAC address
b. Path cost
c. Port priority
d. Bridge priority
4. What is the default 802.1D STP bridge priority on a
Catalyst switch?
a. 0
b. 1
c. 32,768
d. 65,535
5. Which of the following commands is most likely to make a
switch become the root
bridge for VLAN 5, assuming that all
switches have the default STP parameters?
a. spanning-tree root
b. spanning-tree root vlan 5
c. spanning-tree vlan 5 priority 100
d. spanning-tree vlan 5 root
6. What is the default path cost of a Gigabit Ethernet
switch port?
a. 1
b. 2
c. 4
d. 19
e. 1000
7. What command can change the path cost of interface
Gigabit Ethernet 3/1 to a
value of 8?
a. spanning-tree path-cost 8
b. spanning-tree cost 8
c. spanning-tree port-cost 8
d.
spanning-tree gig
3/1 cost 8
8. What happens if the root bridge switch and another switch
are configured with different
STP Hello timer values?
a. Nothing—each sends hellos at different times.
b. A bridging loop could form because the two switches are
out of sync.
c. The switch with the lower Hello timer becomes the root
bridge.
d. The other switch changes its Hello
timer to match the root bridge
9. What network diameter value is the basis for the default
STP timer calculations?
a. 1
b. 3
c. 7
d. 9
e. 15
10. Where should the STP PortFast feature be used?
a. An access-layer switch port connected
to a PC
b. An access-layer switch port connected to a hub
c. A distribution-layer switch port connected to an access
layer switch
d. A core-layer switch port
11. Where should the STP UplinkFast feature be enabled?
a. An access-layer switch.
b. A distribution-layer switch.
c. A core-layer switch.
d. All these answers are correct.
12. If used, the STP BackboneFast feature should be enabled
on which of these?
a. All backbone- or core-layer switches
b. All backbone- and distribution-layer switches
c. All access-layer switches
d. All switches in the network
13. Which one of the following commands can be used to verify
the current root bridge
in VLAN 10?
a. show root vlan 10
b. show root-bridge vlan 10
c. show spanning-tree vlan 10 root
d.
show running-config
Chapter
9
1. Why is it important to protect the placement of the root
bridge?
a. To keep two root bridges from becoming active
b.
To keep the STP topology stable
c. So all hosts have the correct gateway
d. So the root bridge can have complete knowledge of the STP
topology
2. Which of the following features protects a switch port
from accepting superior BPDUs?
a. STP Loop Guard
b. STP BPDU Guard
c. STP Root Guard
d. UDLD
3. Which of the following commands can you use to enable STP
Root Guard on a
switch port?
a. spanning-tree root guard
b. spanning-tree root-guard
c. spanning-tree guard root
d. spanning-tree rootguard enable
4. Where should the STP Root Guard feature be enabled on a
switch?
a. All ports
b. Only ports where the root bridge
should never appear
c. Only ports where the root bridge should be located
d. Only ports with PortFast enabled
5. Which of the following features protects a switch port
from accepting BPDUs when
PortFast is enabled?
a. STP Loop Guard
b. STP BPDU Guard
c. STP Root Guard
d. UDLD
6. To maintain a loop-free STP topology, which one of the
following should a switch uplink
be protected against?
a. A sudden loss of BPDUs
b. Too many BPDUs
c. The wrong version of BPDUs
d. BPDUs relayed from the root bridge
7. Which of the following commands can enable STP Loop Guard
on a switch port?
a. spanning-tree loop guard
b. spanning-tree guard loop
c. spanning-tree loop-guard
d.
spanning-tree
loopguard enable
8. STP Loop Guard detects which of the following conditions?
a. The sudden appearance of superior BPDUs
b. The sudden lack of BPDUs
c. The appearance of duplicate BPDUs
d. The appearance of two root bridges
9. Which of the following features can actively test for the
loss of the receive side of a
link between switches?
a. POST
b. BPDU
c. UDLD
d. STP
10. UDLD must detect a unidirectional link before which of
the following?
a. The Max Age timer expires.
b. STP moves the link to the Blocking state.
c. STP moves the link to the Forwarding
state.
d. STP moves the link to the Listening state.
11. What must a switch do when it receives a UDLD message on
a link?
a. Relay the message on to other switches
b. Send a UDLD acknowledgment
c. Echo the message back across the link
d. Drop the message
12. Which of the following features effectively disables
spanning-tree operation on a
switch port?
a. STP PortFast
b. STP BPDU filtering
c. STP BPDU Guard
d. STP Root Guard
13. To reset switch ports that have been put into the
errdisable mode by UDLD, which
one of the following commands should
be used?
a. clear errdisable udld
b. udld reset
c. no udld
d.
show udld errdisable
Chapter
10
1. Which one of the following commands enables the use of
RSTP?
a. spanning-tree mode rapid-pvst
b. no spanning-tree mode pvst
c. spanning-tree rstp
d. spanning-tree mode rstp
e. None. RSTP is enabled by default.
2. On which standard is RSTP based?
a. 802.1Q
b. 802.1D
c. 802.1w
d. 802.1s
3. Which of the following is not a port state in RSTP?
a. Listening
b. Learning
c. Discarding
d. Forwarding
4. When a switch running RSTP receives an 802.1D BPDU, what
happens?
a. The BPDU is discarded or dropped.
b. An ICMP message is returned.
c. The switch begins to use 802.1D rules
on that port.
d. The switch disables RSTP.
5. When does an RSTP switch consider a neighbor to be down?
a. After three BPDUs are missed
b. After six BPDUs are missed
c. After the Max Age timer expires
d. After the Forward timer expires
6. Which process is used during RSTP convergence?
a. BPDU propagation
b. Synchronization
c. Forward timer expiration
d.
BPDU
7. What causes RSTP to view a port as a point-to-point port?
a. Port speed
b. Port media
c. Port duplex
d. Port priority
8. Which of the following events triggers a topology change
with RSTP on a nonedge
port?
a. A port comes up or goes down.
b. A port comes up.
c. A port goes down.
d. A port moves to the Forwarding state.
9. Which of the following is not a characteristic of MST?
a. A reduced number of STP instances
b. Fast STP convergence
c. Eliminated need for CST
d. Interoperability with PVST+
10. Which of the following standards defines the MST
protocol?
a. 802.1Q
b. 802.1D
c. 802.1w
d. 802.1s
11. How many instances of STP are supported in the Cisco
implementation of MST?
a. 1
b. 16
c. 256
d. 4096
12. What switch command can be used to change from PVST+ to
MST?
a. spanning-tree mst enable
b. no spanning-tree pvst+
c. spanning-tree mode mst
d.
spanning-tree mst
Chapter
11
1. Which of the following arrangements can be considered
interVLAN routing?
a. One switch, two VLANs, one connection to a router.
b. One switch, two VLANs, two connections to a router.
c. Two switches, two VLANs, two connections to a router.
d. All of these answers are correct.
2. How many interfaces are needed in a “router on a stick”
implementation for inter-
VLAN routing among four VLANs?
a. 1
b. 2
c. 4
d.
Cannot be
determined
3. Which of the following commands configures a switch port
for Layer 2 operation?
a. switchport
b. no switchport
c. ip address 192.168.199.1 255.255.255.0
d. no ip address
4. Which of the following commands configures a switch port
for Layer 3 operation?
a. switchport
b. no switchport
c. ip address 192.168.199.1 255.255.255.0
d. no ip address
5. Which one of the following interfaces is an SVI?
a. interface fastethernet 0/1
b. interface gigabit 0/1
c. interface vlan 1
d. interface svi 1
6. What information must be learned before CEF can forward
packets?
a. The source and destination of the first packet in a
traffic flow
b. The MAC addresses of both the source and destination
c. The contents of the routing table
d. The outbound port of the first packet in a flow
7. Which of the following best defines an adjacency?
a. Two switches connected by a common link.
b. Two contiguous routes in the FIB.
c. Two multilayer switches connected by a
common link.
d. The MAC address of a host is known.
8. Assume that CEF is active on a switch. What happens to a
packet that arrives needing
fragmentation?
a. The packet is switched by CEF and kept intact.
b. The packet is fragmented by CEF.
c. The packet is dropped.
d.
The packet is sent to the Layer 3 engine.
9. Suppose that a host sends a packet to a destination IP
address and that the CEFbased
switch does not yet have a valid MAC
address for the destination. How is the
ARP entry (MAC address) of the
next-hop destination in the FIB obtained?
a. The sending host must send an ARP request for it.
b. The Layer 3 forwarding engine (CEF hardware) must send an
ARP request
for it.
c. CEF must wait until the Layer 3 engine
sends an ARP request for it.
d. All packets to the destination are dropped.
10. During a packet rewrite, what happens to the source MAC
address?
a. There is no change.
b. It is changed to the destination MAC address.
c. It is changed to the MAC address of
the outbound Layer 3 switch interface.
d. It is changed to the MAC address of the next-hop destination.
11. What command can you use to view the CEF FIB table
contents?
a. show fib
b. show ip cef fib
c. show ip cef
d. show fib-table
12. Which one of the following answers represents
configuration commands needed to
implement a DHCP relay function?
a. interface vlan 5
ip address 10.1.1.1 255.255.255.0
ip helper-address 10.1.1.10
b. interface
vlan 5
ip address 10.1.1.1 255.255.255.0
ip dhcp-relay
c. ip
dhcp pool staff
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
exit
d. hostname
Switch
ip helper-address
10.1.1.10
Chapter
12
1. Where does a collision domain exist
in a switched network?
a. On a single switch port
b. Across all switch ports
c. On a single VLAN
d. Across all VLANs
2. Where does a broadcast domain exist in a switched
network?
a. On a single switch port
b. Across all switch ports
c. On a single VLAN
d.
Across all VLANs
3. What is a VLAN primarily used for?
a. To segment a collision domain
b.
To segment a broadcast domain
c. To segment an autonomous system
d. To segment a spanning-tree domain
4. How many layers are recommended in the hierarchical
campus network design model?
a. 1
b. 2
c.
3
d. 4
e. 7
5. What is the purpose of breaking a campus network into a
hierarchical design?
a. To facilitate documentation
b. To follow political or organizational policies
c.
To make the network predictable and
scalable
d. To make the network more redundant and secure
6. End-user PCs should be connected into which of the
following hierarchical layers?
a. Distribution layer
b. Common layer
c.
Access layer
d. Core layer
7. In which OSI layer should devices in the distribution
layer typically operate?
a. Layer 1
b. Layer 2
c.
Layer 3
d. Layer 4
8. A hierarchical network’s distribution layer aggregates
which of the following?
a. Core switches
b. Broadcast domains
c. Routing updates
d. Access-layer
switches
9. In the core layer of a hierarchical network, which of the
following are aggregated?
a. Routing tables
b. Packet filters
c.
Distribution switches
d. Access-layer switches
10. In a properly designed hierarchical network, a broadcast
from one PC is confined
to what?
a. One access-layer switch port
b. One access-layer switch
c.
One switch block
d. The entire campus network
11. Which one or more of the following are the components of
a typical switch block?
a.
Access-layer switches
b.
Distribution-layer switches
c. Core-layer switches
d. E-commerce servers
e. Service provider switches
12. What are two types of core, or backbone, designs?
a.
Collapsed core
b. Loop-free core
c.
Dual core
d. Layered core
13. What is the maximum number of access-layer switches that
can connect into a single
distribution-layer switch?
a. 1
b. 2
c. Limited only by the number of ports on the access-layer
switch
d.
Limited only by the number of ports on
the distribution-layer switch
e. Unlimited
14.
A switch block should be sized
according to which two of the following parameters?
a.
The number of access-layer users
b. A maximum of 250 access-layer users
c.
A study of the traffic patterns and
flows
d. The amount of rack space available
e.
The number of
servers accessed by users
15. What evidence can be seen when a switch block is too
large? (Choose all that apply.)
a. IP address space is exhausted.
b. You run out of access-layer switch ports.
c.
Broadcast traffic becomes excessive.
d.
Traffic is throttled at the
distribution-layer switches.
e.
Network congestion occurs.
16. How many distribution switches should be built into each
switch block?
a. 1
b.
2
c. 4
d. 8
17. What are the most important aspects to consider when
designing the core layer in a
large network? (Choose all that
apply.)
a. Low cost
b.
Switches that can efficiently forward
traffic, even when every uplink is at
100 percent capacity
c.
High port density of high-speed ports
d.
A low number of
Layer 3 routing peers
Chapter
13
1. Which one of the following do multilayer switches share
when running HSRP?
a. Routing tables
b. ARP cache
c. CAM table
d. IP address
2. What HSRP group uses the MAC address 0000.0c07.ac11?
a. Group 0
b. Group 7
c. Group 11
d.
Group 17
3. Two routers are configured for an HSRP group. One router
uses the default HSRP priority.
What priority should be assigned to
the other router to make it more likely to
be the active router?
a. 1
b. 100
c.
200
d. 500
4. How many routers are in the Standby state in an HSRP
group?
a. 0
b.
1
c. 2
d. All but the active router
5. A multilayer switch is configured as follows:
interface fastethernet 1/1
no switchport
ip address 192.168.199.3 255.255.255.0
standby 1 ip 192.168.199.2
Which IP address should a client PC
use as its default gateway?
a. 192.168.199.1
b.
192.168.199.2
c. 192.168.199.3
d. Any of these
6. Which one of the following is based on an IETF RFC
standard?
a. HSRP
b.
VRRP
c. GLBP
d.
STP
7. What VRRP group uses the virtual MAC address
0000.5e00.01ff?
a. Group 0
b. Group 1
c.
Group 255
d. Group 94
8. Which one of the following protocols is the best choice
for load balancing redundant
gateways?
a. HSRP
b. VRRP
c.
GLBP
d. GVRP
9. Which one of the following GLBP functions answers ARP
requests?
a. AVF
b. VARP
c.
AVG
d. MVR
10. By default, which of the following virtual MAC addresses
will be sent to the next
client that looks for the GLBP virtual
gateway?
a. The GLBP interface’s MAC address
b.
The next virtual MAC address in the
sequence
c. The virtual MAC address of the least-used router
d. 0000.0c07.ac00
11. Which one of these features is used to reduce the amount
of time needed to rebuild
the routing information after a
supervisor module failure?
a. NFS
b.
NSF
c. RPR+
d. SSO
12. Which one of the following features provides the fastest
failover for supervisor or
route processor redundancy?
a. SSL
b.
SSO
c. RPR+
d.
RPR
Chapter
14
1. For a Catalyst switch to offer Power over Ethernet to a
device, what must occur?
a. Nothing; power always is enabled on a port.
b.
The switch must detect that the device
needs inline power.
c. The device must send a CDP message asking for power.
d.
The switch is
configured to turn on power to the port
2. Which one of these commands can enable Power over
Ethernet to a switch interface?
a. inline power enable
b.
inline power on
c. power inline on
d. power inline auto
3. What does a Cisco IP Phone contain to allow it to pass
both voice and data packets?
a. An internal Ethernet hub
b. An internal two-port switch
c.
An internal three-port switch
d. An internal four-port switch
4. How can voice traffic be kept separate from any other
data traffic through an IP Phone?
a. Voice and data travel over separate links.
b.
A special-case 802.1Q trunk is used to
connect to the switch.
c. Voice and data can’t be separated; they must intermingle
on the link.
d. Voice and data packets both are encapsulated over an ISL
trunk.
5. What command configures an IP Phone to use VLAN 9 for
voice traffic?
a.
switchport voice vlan 9
b. switchport voice-vlan 9
c. switchport voice 9
d. switchport voip 9
6. What is the default voice VLAN condition for a switch
port?
a. switchport voice vlan 1
b. switchport voice vlan dot1p
c. switchport voice vlan untagged
d.
switchport voice vlan none
7. If the following interface configuration commands have
been used, what VLAN numbers
will the voice and PC data be carried
over, respectively?
interface gigabitethernet1/0/1
switchport access vlan 10
switchport trunk native vlan 20
switchport voice vlan 50
switchport mode access
a. VLAN 50, VLAN 20
b. VLAN 50, VLAN 1
c. VLAN 1, VLAN 50
d. VLAN 20, VLAN 50
e. VLAN 50, VLAN 10
8. What command can verify the voice VLAN used by a Cisco IP
Phone?
a. show cdp neighbor
b.
show interface switchport
c. show vlan
d. show trunk
9. When a PC is connected to the PC switch port on an IP
Phone, how is QoS trust
handled?
a. The IP Phone always trusts the class of service (CoS)
information coming
from the PC.
b. The IP Phone never trusts the PC and always overwrites
the CoS bits.
c. QoS trust for the PC data is handled at the Catalyst
switch port, not the
IP Phone.
d.
The Catalyst switch instructs the IP
Phone how to trust the PC QoS information.
10. An IP Phone should mark all incoming traffic from an
attached PC to have CoS 1.
Complete the following switch command
to make that happen:
switchport priority extend __________
a. untrusted
b. 1
c.
cos 1
d. overwrite 1
11. What command can verify the Power over Ethernet status of
each switch port?
a. show inline power
b.
show power inline
c. show interface
d. show running-config
12. Which DSCP codepoint name usually is used for
time-critical packets containing
voice data?
a. 7
b. Critical
c. AF
d. EF
Chapter
15
1. Which one of the following standard sets is used in
wireless LANs?
a. IEEE 802.1
b. IEEE 802.3
c. IEEE 802.5
d. IEEE 802.11
2. Which one of the following methods is used to minimize
collisions in a wireless LAN?
a. CSMA/CD
b.
CSMA/CA
c. LWAPP
d. LACP
3. A wireless scenario is made up of five wireless clients
and two APs connected by a
switch. Which one of the following
correctly describes the wireless network?
a. BSS
b.
ESS
c. IBSS
d. CBS
4. If a wireless access point is connected to a switch by a
trunk port, which one of the
following is mapped to a VLAN?
a. Channel
b. Frequency
c. BSS
d.
SSID
5. Which of the following terms represents a Cisco wireless
access point that cannot operate
independently?
a. Autonomous AP
b. Roaming AP
c.
Lightweight AP
d. Dependent AP
6. Suppose that an autonomous AP is used to support wireless
clients. Which one of the
following answers lists the devices
that traffic must take when passing from one wireless
client to another?
a.
Through the AP only.
b. Through the AP and its controller.
c. Through the controller only.
d. None of these answers is correct; traffic can go directly
over the air.
7. Suppose that a lightweight AP is used to support wireless
clients. Which one of the
following answers lists the device
path that traffic must take when passing from one
wireless client to another?
a. Through the AP only.
b.
Through the AP and its controller.
c. Through the controller only.
d.
None of these
answers is correct; traffic can go directly over the air
8. A lightweight access point is said to have which one of
the following architectures?
a. Proxy MAC
b. Tunnel MAC
c.
Split-MAC
d. Fat MAC
9. How does a lightweight access point communicate with a
wireless LAN controller?
a. Through an IPsec tunnel
b.
Through an LWAPP or CAPWAP tunnel
c. Through a GRE tunnel
d. Directly over Layer 2
10. Which one of the following types of traffic is sent
securely over an LWAPP tunnel?
a.
Control messages
b. User data
c. DHCP requests
d. 802.11 beacons
11. Which one of the following must be consistent for a
wireless client to roam between
lightweight APs that are managed by
the same WLC?
a.
SSID
b. Mobility group
c. VLAN ID
d. AP management VLAN
12. Which one of the following must be consistent for a
wireless client to roam between
lightweight APs that are managed by
two different WLCs?
a. VLAN ID
b. SSID
c. AP management VLAN
d.
Mobility group
13. Which one of the following locations is appropriate for
an LAP?
a.
Access-layer switch port
b. Distribution-layer switch port
c. Core-layer switch port
d.
Data center
switch port
14. Which one of the following locations is appropriate for a
WLC?
a. Access-layer switch port
b.
Distribution-layer switch port
c. Core-layer switch port
d. Data center switch port
15. Which one of the following is the correct switch
configuration for a port connected
to an LAP?
a. switchport mode trunk
b. switchport mode lap
c.
switchport mode access
d. switchport mode transparent
16. Suppose an LAP/WLC combination is used to provide
connectivity from SSID “staff’’
to VLAN 17. Which one of the following
is the correct extent for the VLAN?
a. VLAN 17 exists on the LAP only.
b. VLAN 17 extends from the LAP to the access switch only.
c. VLAN 17 extends from the LAP to the WLC.
d.
VLAN 17 extends from the LAP to the
access switch and from the distribution
switch to the
WLC.
Chapter
16
1. Which switch feature can grant access through a port only
if the host with MAC address
0005.0004.0003 is connected?
a. SPAN
b. MAC address ACL
c.
Port security
d. Port-based authentication
2. Port security is being used to control access to a switch
port.Which one of these commands
will put the port into the errdisable
state if an unauthorized station connects?
a. switchport port-security violation protect
b.
switchport port-security violation restrict
c. switchport port-security violation errdisable
d. switchport port-security violation shutdown
3. If port security is left to its default configuration,
how many different MAC addresses
can be learned at one time on a switch
port?
a. 0
b.
1
c. 16
d. 256
4. The following commands are configured on a Catalyst
switch port. What happens
when the host with MAC address
0001.0002.0003 tries to connect?
switchport port-security
switchport port-security maximum 3
switchport port-security mac-address 0002.0002.0002
switchport port-security violation shutdown
a. The port shuts down.
b.
The host is allowed to connect.
c. The host is denied a connection.
d. The host can connect only when 0002.0002.0002 is not
connected.
5. What protocol is used for port-based authentication?
a. 802.1D
b. 802.1Q
c.
802.1x
d.
802.1w
6. When 802.1x is used for a switch port, where must it be
configured?
a.
Switch port and client PC
b. Switch port only
c. Client PC only
d. Switch port and a RADIUS server
7. When port-based authentication is enabled globally, what
is the default behavior for
all switch ports?
a. Authenticate users before enabling the port.
b.
Allow all connections without
authentication.
c. Do not allow any connections.
d. There is no default behavior.
8. When port-based authentication is enabled, what method is
available for a user to
authenticate?
a. Web browser
b. Telnet session
c.
802.1x client
d. DHCP
9. The users in a department are using a variety of host
platforms, some old and some
new. All of them have been approved
with a user ID in a RADIUS server database.
Which one of these features should be
used to restrict access to the switch ports in
the building?
a. AAA authentication
b. AAA authorization
c.
Port security
d. Port-based authentication
10. With DHCP snooping, an untrusted port filters out which
one of the following?
a. DHCP replies from legitimate DHCP servers
b.
DHCP replies from rogue DHCP servers
c. DHCP requests from legitimate clients
d.
DHCP requests
from rogue clients
11. Which two of the following methods does a switch use to
detect spoofed addresses
when IP Source Guard is enabled?
a. ARP entries
b. DHCP database
c.
DHCP snooping database
d.
Static IP source binding entries
e. Reverse path-forwarding entries
12. Which one of the following should be configured as a
trusted port for dynamic ARP
inspection?
a. The port where the ARP server is located.
b. The port where an end-user host is located.
c.
The port where another switch is
located.
d. None; all ports are untrusted.
13. Which two of the following methods should you use to
secure inbound CLI sessions
to a switch?
a. Disable all inbound CLI connections.
b.
Use SSH only.
c. Use Telnet only.
d.
Apply an access list to the vty lines.
14. Suppose you need to disable CDP advertisements on a
switch port so that untrusted
devices cannot learn anything about
your switch. Which one of the following interface
configuration commands should be used?
a. cdp disable
b. no cdp
c.
no cdp enable
d.
no cdp trust
Chapter
17
1. Which one of the following can filter packets even if
they are not routed to another
Layer 3 interface?
a. IP extended access lists
b. MAC address access lists
c.
VLAN access lists
d. Port-based access lists
2. In what part of a Catalyst switch are VLAN ACLs
implemented?
a. NVRAM
b. CAM
c. RAM
d.
TCAM
3. Which one of the following commands can implement a VLAN
ACL called test?
a. access-list vlan test
b. vacl test
c. switchport vacl test
d.
vlan access-map test
4. After a VACL is configured, where is it applied?
a.
Globally on a VLAN
b. On the VLAN interface
c. In the VLAN configuration
d. On all ports or interfaces mapped to a VLAN
5. Which of the following private VLANs is the most
restrictive?
a. Community VLAN
b.
Isolated VLAN
c. Restricted VLAN
d. Promiscuous VLAN
6. The vlan 100 command has just
been entered. What is the next command needed to
configure VLAN 100 as a secondary
isolated VLAN?
a.
private-vlan isolated
b. private-vlan isolated 100
c. pvlan secondary isolated
d.
No further
configuration necessary
7. What type of port configuration should you use for
private VLAN interfaces that
connect to a router?
a. Host
b. Gateway
c.
Promiscuous
d. Transparent
8. Promiscuous ports must be ______________ to primary and
secondary VLANs, and
host ports must be ________________.
a.
Mapped, associated
b. Mapped, mapped
c. Associated, mapped
d. Associated, associated
9. In a switch spoofing attack, an attacker makes use of
which one of the following?
a. The switch management IP address
b. CDP message exchanges
c. Spanning Tree Protocol
d.
DTP to negotiate a trunk
10. Which one of the following commands can be used to
prevent a switch spoofing attack
on an end-user port?
a.
switchport mode access
b. switchport mode trunk
c. no switchport spoof
d. spanning-tree spoof-guard
11. Which one of the following represents the spoofed
information an attacker sends in a
VLAN hopping attack?
a.
802.1Q tags
b. DTP information
c. VTP information
d. 802.1x information
12. Which one of the following methods can be used to prevent
a VLAN hopping attack?
a. Use VTP throughout the network.
b. Set the native VLAN to the user access VLAN.
c.
Prune the native VLAN off a trunk
link.
d.
Avoid using
EtherChannel link bundling
