Document type

DPC New TA - GAP

CCNA Exam Test – Part 3

17 May 2019
Staff Name :
Exam Topics : • IP Routing
• Layer 2 Switching
• VLAN & Inter-Vlan Routing
• NAT
Instruction : There are several exam question categories. Please refer to below guide for answer
these questions

• Multiple – choice single answer, you need to choose one answer only
• Multiple – choice multiple answer, you need to choose more than one answer
• Match, you need to draw line to match item from the left to the right
Score :

=============================================================================

1. Which command sequence can you enter to create VLAN 20 and assign it to an interface on
a switch?

A. Switch(config)#vlan 20
Switch(config)#Interface gig x/y
Switch(config-if)#switchport access vlan 20

B. Switch(config)#Interface gig x/y

Switch(config-if)#vlan 20
Switch(config-vlan)#switchport access vlan 20

C. Switch(config)#vlan 20
Switch(config)#Interface vlan 20
Switch(config-if)#switchport trunk native vlan 20

D. Switch(config)#vlan 20
Switch(config)#Interface vlan 20
Switch(config-if)#switchport access vlan 20

E. Switch(config)#vlan 20
Switch (config)#Interface vlan 20
Switch(config-if)#switchport trunk allowed vlan 20

2. Refer to the exhibit. What is the most appropriate summarization for these routes?

A. 10.0.0.0 /21
B. 10.0.0.0 /22
C. 10.0.0.0 /23
D. 10.0.0.0 /24

Explanation/Reference: The 10.0.0.0/22 subnet mask will include the 10.0.0.0, 10.0.1.0,
10.0.2.0, and 10.0.3.0 networks, and only those four networks.
3. Which set of commands is recommended to prevent the use of a hub in the access layer?

A. switch(config-if)#switchport mode trunk

switch(config-if)#switchport port-security maximum 1

B. switch(config-if)#switchport mode trunk

switch(config-if)#switchport port-security mac-address 1

C. switch(config-if)#switchport mode access

switch(config-if)#switchport port-security maximum 1

D. switch(config-if)#switchport mode access

switch(config-if)#switchport port-security mac-address 1

Explanation/Reference: Port security is only used on access port (which connects to hosts)
so we need to set that port to “access” mode, then we need to specify the maximum number of
hosts which are allowed to connect to this port -> C is correct. Note: If we want to allow a
fixed MAC address to connect, use the “switchport port-security mac-address ” command

4. What will be the result if the following configuration commands are implemented on a Cisco
switch?
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky

A. A dynamically learned MAC address is saved in the startup-configuration file.

B. A dynamically learned MAC address is saved in the running-configuration file.
C. A dynamically learned MAC address is saved in the VLAN database.
D. Statically configured MAC addresses are saved in the startup-configuration file if frames
from that address are received.
E. Statically configured MAC addresses are saved in the running-configuration file if frames
from that address are received.

5. What are three advantages of VLANs? (Choose three.)

A. VLANs establish broadcast domains in switched networks.

B. VLANs utilize packet filtering to enhance network security.
C. VLANs provide a method of conserving IP addresses in large networks.
D. VLANs provide a low-latency internetworking alternative to routed networks.
E. VLANs allow access to network services based on department, not physical location.
F. VLANs can greatly simplify adding, moving, or changing hosts on the network.

6. Which two commands can be used to verify a trunk link configuration status on a given Cisco
switch interface? (Choose two.)

A. show interface trunk

B. show interface interface
C. show ip interface brief
D. show interface vlan
E. show interface switchport

Explanation/Reference: The “show interfaces trunk” command and “show interfaces

switchport” command can be used to verify the status of an interface (trunking or not).
7. Refer to the exhibit. A technician has installed Switch B and needs to configure it for remote
access from the management workstation connected to Switch A . Which set of commands is
required to accomplish this task?

A. SwitchB(config)# interface FastEthernet 0/1

SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# no shutdown

B. SwitchB(config)# interface vlan 1

SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# ip default gateway 192.168.8.254 255.255.255.0
SwitchB(config-if)# no shutdown

C. SwitchB(config)# ip default-gateway 192.168.8.254

SwitchB(config)# interface vlan 1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# no shutdown

D. SwitchB(config)# ip default-network 192.168.8.254

SwitchB(config)# interface vlan 1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# no shutdown

E. SwitchB(config)# ip route 192.168.8.254 255.255.255.0

SwitchB(config)# interface FastEthernet 0/1
SwitchB(config-if)# ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)# no shutdown

8. How to create a trunk port and allow VLAN 20? (Choose Three.)
A. switchport trunk encapsulation dot1q
B. switchport mode trunk
C. switchport trunk allowed vlan 20
D. switchport trunk native vlan 20
E. switchport mode dynamic desirable

Explanation/Reference: In switches that support both InterSwitch Link (ISL) and 802.1Q
trunking encapsulations, we need to specify an trunking protocol so we must use the
command “switchport trunk encapsulation dot1q” command first to set the trunk mode to
802.1Q. Then we configure trunking interface with the “switchport mode trunk” command.
Then we explicitly allow vlan 20 with the command “switchport trunk allowed vlan 20”
command. By default all VLANs are allowed to pass but after entering this command, only
VLAN 20 is allowed.
 9. Which mode is compatible with Trunk, Access, and desirable ports?

A. Trunk Ports
B. Access Ports
C. Dynamic Auto
D. Dynamic Desirable
Explanation/Reference: Maybe this question wanted to ask “if the other end is configured
with trunk/access/desirable mode” then which mode is compatible so that the link can work.
In that case both “dynamic auto” and “dynamic desirable” mode are correct. The difference
between these two modes is “dynamic auto” is passively waiting for the other end to request
to form a trunk while “dynamic desirable” will actively attempt to negotiate to convert the
link into a trunk.

10. Two hosts are attached to a switch with the default configuration. Which statement about the
configuration is true?

A. IP routing must be enabled to allow the two hosts to communicate.

B. The two hosts are in the same broadcast domain.
C. The switch must be configured with a VLAN to allow the two hosts to communicate.
D. Port security prevents the hosts from connecting to the switch.
Explanation/Reference: All ports on a Layer 2 switch are in the same broadcast domain.
Only router ports separate broadcast domains

11. What parameter can be different on ports within an EtherChannel?

A. speed
B. DTP negotiation settings
C. trunk encapsulation
D. duplex
Explanation/Reference: All interfaces in an EtherChannel must be configured identically to
form an EtherChannel. Specific settings that must be identical include:
+ Speed settings
+ Duplex settings
+ STP settings
+ VLAN membership (for access ports)
+ Native VLAN (for trunk ports)
+ Allowed VLANs (for trunk ports)
+ Trunking Encapsulation (ISL or 802.1Q, for trunk ports)

12. A network administrator needs to configure port security on a switch. Which two statements
are true? (Choose two.)

A. The network administrator can apply port security to dynamic access ports
B. The network administrator can configure static secure or sticky secure mac addresses in
the voice vlan.
C. The sticky learning feature allows the addition of dynamically learned addresses to the
running configuration.
D. The network administrator can apply port security to EtherChannels.
E. When dynamic mac address learning is enabled on an interface, the switch can learn new
addresses up to the maximum defined.
 Explanation/Reference Follow these guidelines when configuring port security:

+ Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel
ports.
+ A secure port cannot be a dynamic access port.
+ A secure port cannot be a destination port for Switched Port Analyzer (SPAN).
+ A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
+ You cannot configure static secure or sticky secure MAC addresses on a voice VLAN.
+ When you enable port security on an interface that is also configured with a voice VLAN,
you must set the maximum allowed secure addresses on the port to at least two.
+ If any type of port security is enabled on the access VLAN, dynamic port security is
automatically enabled on the voice VLAN.
+ When a voice VLAN is configured on a secure port that is also configured as a sticky
secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses,
and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky
secure addresses.
+ The switch does not support port security aging of sticky secure MAC addresses.
+ The protect and restrict options cannot be simultaneously enabled on an interface.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/soft
ware/release/12 1_19_ea1/configuration/guide/3550scg/swtrafc.html#wp1038546)
Note: Dynamic access port or Dynamic port VLAN membership must be connected to an end
station. This type of port can be configured with the “switchport access vlan dynamic
command in the interface configuration mode. Please read more about Dynamic access port
here:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-
1_19_ea1/configuration/guide/3550scg/swvlan.html#wp1103064

13. Which switching method duplicates the first six bytes of a frame before making a switching
decision?

A. fragment-free switching
B. store-and-forward switching
C. cut-through switching
D. ASIC switching
Explanation/Reference: In cut-through switching, the switch copies into its memory only the
destination MAC address (first six bytes of the frame) of the frame. After processing these
first six bytes, the switch had enough information to make a forwarding decision and move
the frame to the appropriate switchport. This switching method is faster than store-and-
forward switching method. In store-and-forward switching, the switch copies each complete
Ethernet frame into the switch memory and computes a Cyclic Redundancy Check (CRC) for
errors. If a CRC error is found, the Ethernet frame is dropped. If no CRC error is found then
that frame is forwarded

14. Which type of device can be replaced by the use of subinterfaces for VLAN routing?

A. Layer 2 bridge
B. Layer 2 switch
C. Layer 3 switch
D. router
15. What are two benefits of using NAT? (Choose two.)

A. NAT protects network security because private networks are not advertised.
B. NAT accelerates the routing process because no modifications are made on the packets.
C. Dynamic NAT facilitates connections from the outside of the network.
D. NAT facilitates end-to-end communication when IPsec is enable.
E. NAT eliminates the need to re-address all host that require external access.
F. NAT conserves addresses through host MAC-level multiplexing.

Explanation/Reference: By not reveal the internal IP addresses, NAT adds some security to
the inside network -> A is correct.

NAT has to modify the source IP addresses in the packets -> B is not correct.

Connection from the outside to a network through “NAT” is more difficult than a normal
network because IP addresses of inside hosts are hidden -> C is not correct.

In order for IPsec to work with NAT we need to allow additional protocols, including
Internet Key Exchange (IKE), Encapsulating Security Payload (ESP) and Authentication
Header (AH) -> more complex -> D is not correct.

By allocating specific public IP addresses to inside hosts, NAT eliminates the need to re-
address the inside hosts -> E is correct.

NAT does conserve addresses but not through host MAC-level multiplexing. It conserves
addresses by allowing many private IP addresses to use the same public IP address to go to
the Internet -> F is not correct.

16. Which two commands correctly verify whether port security has been configured on port
FastEthernet 0/12 on a switch? (Choose two.)

A. SW1#show port-secure interface FastEthernet 0/12

B. SW1#show switchport port-secure interface FastEthernet 0/12
C. SW1#show running-config
D. SW1#show port-security interface FastEthernet 0/12
E. SW1#show switchport port-security interface FastEthernet 0/12

Explanation/Reference: We can verify whether port security has been configured by using
the “show running-config” or “show port-security interface ” for more detail.
17. Refer to the exhibit. A junior network administrator was given the task of configuring port
security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If
any other device is detected, the port is to drop frames from this device. The administrator
configured the interface and tested it with successful pings from PC_A to RouterA, and then
observes the output from these two show commands. Which two of these changes are
necessary for SwitchA to meet the requirements? (Choose two.)

A. Port security needs to be globally enabled.

B. Port security needs to be enabled on the interface.
C. Port security needs to be configured to shut down the interface in the event of a violation.
D. Port security needs to be configured to allow only one learned MAC address.
E. Port security interface counters need to be cleared before using the show command.
F. The port security configuration needs to be saved to NVRAM before it can become active.

Explanation/Reference: As we see in the output, the “Port Security” is in “Disabled” state

(line 2 in the output). To enable Port security feature, we must enable it on that interface
first with the command:

SwitchA(config-if)#switchport port-security

Also from the output, we learn that the switch is allowing 2 devices to connect to it
(switchport portsecurity maximum 2) but the question requires allowing only PC_A to
access the network so we need to reduce the maximum number to 1

18. Which three statements about static routing are true? (Choose three.)

A. It uses consistent route determination.

B. It is best used for small-scale deployments.
C. Routing is disrupted when links fail.
D. It requires more resources than other routing methods.
E. It is best used for large-scale deployments.
F. Routers can use update messages to reroute when links fail.

Explanation/Reference: The static routing specifies a fixed destination so it is “consistent”. It

is best used for small scaled places where there are a few routers only. When links fail, static
route cannot automatically find an alternative path like dynamic routing so routing is
disrupted.
19. Which feature facilitates the tagging of frames on a specific VLAN?

A. Routing
B. Hairpinning
C. Encapsulation
D. Switching

20. Refer to the exhibit. Switch-1 needs to send data to a host with a MAC address of
00b0.d056.efa4. What will Switch-1 do with this data?

A. Switch-1 will drop the data because it does not have an entry for that MAC address.
B. Switch-1 will flood the data out all of its ports except the port from which the data
originated.*
C. Switch-1 will send an ARP request out all its ports except the port from which the data
originated.
D. Switch-1 will forward the data to its default gateway.

Explanation/Reference: The MAC address of 00b0.d056.efa4 has not been learned in its
MAC address table so Switch-1 will broadcast the frame out all of its ports except the port
from which the data originated

21. Standard industrialized protocol of etherchannel?

A. LACP
B. PAGP
C. PRP
D. REP

22. What are contained in layer 2 ethernet frame? (Choose Three.)

A. Preamble
B. TTL
C. Type/length
D. Frame check sequence
E version
F. others

Explanation/Reference: At the end of each frame there is a Frame Check Sequence (FCS)
field. FCS can be analyzed to determine if errors have occurred. FCS uses cyclic redundancy
check (CRC) algorithm to detect errors in the transmitted frames. Before sending data, the
sending host generates a CRC based on the header and data of that frame. When this frame
 arrives, the receiving host uses the same algorithm to generate its own CRC and compare
them. If they do not match then a CRC error will occur.

Preamble is used to indicate the start of the frame by arranging the first 62 bits as
alternating “1/0s” and the last two bits as “1”s. Like so,
010101010101010………………………10101011. Therefore when the receiving end sees the “11” it
knows where the actual Ethernet header starts. The alternating 1s and 0s will also allow the
two endpoints to sync their internal clocks. In summary, preamble is used for
synchronization.

The “Type/Length” field is used to indicate the “Type”of the payload (Layer 3 protocol)
which is indicated as a Hexadecimal value.
Note: Ethernet II uses “Type” while the old Ethernet version use “Length

23. Which three options are switchport config that can always avoid duplex mismatch error
between the switches? (Choose Three.)

A. set both side on auto-negotation.

B. set both sides on half-duplex
C. set one side auto and other side half-duplex
D. set both side of connection to full-duplex
E. set one side auto and other side on full-duplex
F. set one side full-duplex and other side half-duplex

Explanation/Reference: http://www.pathsolutions.com/network-enemy-1-duplex-
mismatch/

24. Which two of these are characteristics of the 802.1Q protocol? (Choose two.)

A. It is used exclusively for tagging VLAN frames and does not address network
reconvergence following switched network topology changes.
B. It modifies the 802.3 frame header, and thus requires that the FCS be recomputed.
C. It is a Layer 2 messaging protocol which maintains VLAN configurations across networks.
D. It includes an 8-bit field which specifies the priority of a frame.
E. It is a trunking protocol capable of carrying untagged frames.

Explanation/Reference: IEEE 802.1Q is the networking standard that supports Virtual

LANs (VLANs) on an Ethernet network. It is a protocol that allows VLANs to communicate
with one another using a router. 802.1Q trunks support tagged and untagged frames.

If a switch receives untagged frames on a trunk port, it believes that frame is a part of the
native VLAN. Also, frames from a native VLAN are not tagged when exiting the switch via a
trunk port.

The 802.1q frame format is same as 802.3. The only change is the addition of 4 bytes fields.
That additional header includes a field with which to identify the VLAN number. Because
inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the
original FCS field in the Ethernet trailer.

Note: Frame Check Sequence (FCS) is a four-octet field used to verify that the frame was
received without loss or error. FCS is based on the contents of the entire frame.
25. Which port security mode can assist with troubleshooting by keeping count of violations?

A. access.
B. protect.
C. restrict.
D. shutdown.

26. Which two steps must you perform to enbale router- on- stick on a switch?

A. connect the router to a trunk port

B. config the subint number exactly the same as the matching VLAN
C. config full duplex
D. cofigure an ip route to the vlan destn net
E. assign the access port to the vlan

Explanation/Reference: This question only asks about enable router-on-stick on a switch,

not a router. We don‟t have subinterface on a switch so B is not a correct answer.

27. Which two statements about data VLANs on access ports are true? (Choose two)

A. They can be configured as trunk ports.

B. Two or more VLANs can be configured on the interface.
C. 802.1Q encapsulation must be configured on the interface.
D. Exactly one VLAN can be configured on the interface.
E. They can be configured as host ports.

28. Which three statements correctly describe Network Device A? (Choose three.)

A. With a network wide mask of 255.255.255.128, each interface does not require an IP
address.
B. With a network wide mask of 255.255.255.128, each interface does require an IP address
on a unique IP subnet.
C. With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to
communicate with each other.
D. With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to
communicate with each other.
E. With a network wide mask of 255.255.254.0, each interface does not require an IP
address.

Explanation/Reference: The principle here is if the subnet mask makes two IP addresses
10.1.0.36 and 10.1.1.70 in the same subnet then the Network device A does not need to have
IP addresses on its interfaces (and we don’t need a Layer 3 device here).
 A quick way to find out the correct answers is notice that all 255.255.255.x subnet masks will
separate these two IP addresses into two separate subnets so we need a Layer 3 device here
and each interface must require an IP address on a unique IP subnet -> A, C are not correct
while B, D are correct.

With 255.255.254.0 subnet mask, the increment here is 2 in the third octet -> the first subnet
is from 10.1.0.0 to 10.1.1.255, in which two above IP addresses belong to -> each interface of
Network device A does not require an IP address -> E is correct.

29. If router R1 knows a static route to a destination network and then learns about the same
destination network through a dynamic routing protocol, how does R1 respond?

A. It refuses to advertise the dynamic route to other neighbors

B. It sends a withdrawal signal to the neighboring router
C. It disables the routing protocol
D. It prefers the static route
Explanation/Reference: By default the administrative distance of a static route is 1, meaning
it will be preferred over all dynamic routing protocols. If you want to have the dynamic
routing protocol used and have the static route be used only as a backup, you need to increase
the AD of the static route so that it is higher than the dynamic routing protocol.

30. Refer to the exhibit. If R1 receives a packet destined to 172.16.1.1, to which IP address does
it send the packet?

A. 192.168.14.4
B. 192.168.12.2
C.192.168.13.3
D. 192.168.15.5
Explanation/Reference: It can't find the address 172.16.1.1 so it will be directed to the Gate of
last resort 192.168.14.4
31. What is the danger of the permit any entry in a NAT access list?

A. It can lead to overloaded resources on the router.

B. It can cause too many addresses to be assigned to the same interface.
C. It can disable the overload command.
D. It prevents the correct translation of IP addresses on the inside network.
Explanation/Reference: Using permit any can result in NAT consuming too many router
resources, which can cause network problems. You should only limit the NAT access list to a
specific range of IP addresses

32. Which path does a router choose when it receives a packet with multiple possible paths to the
destination over different routing protocols?

A. the path with both the lowest administrative distance and the highest metric
B. the path with the lowest administrative distance
C. the path with the lowest metric
D. the path with both the lowest administrative distance and lowest metric

33. On which type of port can switches interconnect for multi-VLAN communication?

A. interface port
B. access port
C. switch port
D. trunk port

34. Refer to exhibit. Which command can you enter to verify link speed and duplex setting on the
interface?
R1(config)#interface gigabitEthernet0/1
R1(config-if)#ip address 192.168.1.1. 255.255.255.0
R1(config-if)#speed 100
R1(config-if)#duplex full

A. router#show ip protocols
B. router#show startup-config
C. router#show line
D. router#show interface gig 0/1

Explanation/Reference: The “show interfaces …” command gives us information about

speed and duplex mode of the interface. In the output below, the link speed is 100Mbps and it
is working in Full-duplex mode.

35. Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in
trunk mode, dynamic desirable mode, or desirable auto mode?
A. trunk
B. access
C. dynamic desirable
D. dynamic auto
Explanation/Reference: The Dynamic Trunking Protocol (DTP) is a proprietary networking
protocol developed by Cisco for the purpose of negotiating trunking on a link between two
switches, and for negotiating the type of trunking encapsulation to be used.
In dynamic auto mode, the interface is able to convert the link to a trunk link. The interface
becomes a trunk interface if the neighboring interface is set to trunk or desirable mode. The
default switchport mode for newer Cisco switch Ethernet interfaces is dynamic auto. Note
 that if two Cisco switches are left to the common default setting of auto, a trunk will never
form.

In dynamic desirable mode, the interface actively attempt to convert the link to a trunk link.
The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable,
or auto mode. This is the default switchport mode on older switches, such as the Catalyst
2950 and 3550 Series switches -> This is the best answer in this question.

36. Which method does a connected trunk port use to tag VLAN traffic?

A. IEEE 802 1w
B. IEEE 802 1D
C. IEEE 802 1Q
D. IEEE 802 1p
Explanation/Reference: IEEE 802.1Q is the networking standard that supports virtual LANs
(VLANs) on an Ethernet network. When a frame enters the VLAN-aware portion of the
network (a trunk link, for example), a VLAN ID tag is added to represent the VLAN
membership of that frame. The picture below shows how VLAN tag is added and removed
while going through the network.

37. Which NAT type is used to translate a single inside address to a single outside address?

A. dynamic NAT
B. NAT overload
C. PAT
D Static NAT
Explanation/Reference: There are two types of NAT translation: dynamic and static.
Static NAT: Designed to allow one-to-one mapping between local and global addresses.
This flavor requires you to have one real Internet IP address for every host on your network

Dynamic NAT: Designed to map an unregistered IP address to a registered IP address

from a pool of registered IP addresses. You don‟t have to statically configure your router to
map an inside to an outside address as in static NAT, but you do have to have enough real IP
addresses for everyone who wants to send packets through the Internet. With dynamic NAT,
you can configure the NAT router with more IP addresses in the inside local address list than
in the inside global address pool. When being defined in the inside global address pool, the
router allocates registered public IP addresses from the pool until all are allocated. If all the
public IP addresses are already allocated, the router discards the packet that requires a
public IP address.

In this question we only want to translate a single inside address to a single outside address
so static NAT should be used

38. Which statement about a router on a stick is true?

A. Its date plane router traffic for a single VI AN over two or more switches.
B. It uses multiple subinterfaces of a single interface to encapsulate traffic for different VLANs
on the same subnet
C. It requires the native VLAN to be disabled.
D. It uses multiple subinterfaces of a single interface to encapsulate traffic for different
VLANs.
Explanation/Reference:
https://www.freeccnaworkbook.com/workbooks/ccna/configuring-inter-vlan-routing-
router-on-a-stick
39. By default, how many MAC addresses are permitted to be learned on a switch port with port
security enabled?

A. 8
B. 2
C. 1
D. 0

Explanation/Reference: By default, port security limits the MAC address that can connect to
a switch port to one. If the maximum number of MAC addresses is reached, when another
MAC address attempting to access the port a security violation occurs

40. When enabled, which feature prevents routing protocols from sending hello messages on an
interface?

A. virtual links
B. passive-interface
C. directed neighbors
D. OSPF areas

Explanation/Reference: You can use the passive-interface command in order to control the
advertisement of routing information.

The command enables the suppression of routing updates over some interfaces while it
allows updates to be exchanged normally over other interfaces. With most routing protocols,
the passive-interface command restricts outgoing advertisements only.

41. Which route source code represents the routing protocol with a default administrative distance
of 90 in the routing table?

A. S
B. E
C. D
D. R
F. O
Explanation/Reference: Default Administrative distance of EIGRP protocol is 90 then
answer is C

42. Which statement about native VLAN traffic is true?

A. Cisco Discovery Protocol traffic travels on the native VLAN by default

B. Traffic on the native VLAN is tagged with 1 by default
C. Control plane traffic is blocked on the native VLAN.
D. The native VLAN is typically disabled for security reasons

43. Which statement about unicast frame forwarding on a switch is true?

A. The TCAM table stores destination MAC addresses

B. If the destination MAC address is unknown, the frame is flooded to every port that is
configured in the same VLAN except on the port that it was received on.
C. The CAM table is used to determine whether traffic is permitted or denied on a switch
D. The source address is used to determine the switch port to which a frame is forwarded
44. Which component of the routing table ranks routing protocols according to their preferences?

A. administrative distance
B. next hop
C. metric
D. routing protocol code

Explanation/Reference: Administrative distance - This is the measure of trustworthiness of

the source of the route. If a router learns about a destination from more than one routing
protocol, administrative distance is compared, and the preference is given to the routes with
lower administrative distance. In other words, it is the believability of the source of the route

45. For what two purposes does the Ethernet protocol use physical addresses? (Choose two.)

A. to uniquely identify devices at Layer 2

B. to allow communication with devices on a different network
C. to differentiate a Layer 2 frame from a Layer 3 packet
D. to establish a priority system to determine which device gets to transmit first
E. to allow communication between different devices on the same network
F. to allow detection of a remote device when its physical address is unknown
Explanation/Reference: Physical addresses or MAC addresses are used to identify devices at
layer 2 -> A is correct.
MAC addresses are only used to communicate on the same network. To communicate on
different network we have to use Layer 3 addresses (IP addresses) -> B is not correct; E is
correct.

Layer 2 frame and Layer 3 packet can be recognized via headers. Layer 3 packet also
contains physical address -> C is not correct.

On Ethernet, each frame has the same priority to transmit by default -> D is not correct.
All devices need a physical address to identify itself. If not, they can not communicate -> F is
not correct.

46. What is the effect of the overload keyword in a static NAT translation configuration?

A. It enables port address translation.

B. It enables the use of a secondary pool of IP addresses when the first pool is depleted
C. It enables the inside interface to receive traffic.
D. It enables the outside interface to forward traffic.
Explanation/Reference:

http://www.firewall.cx/networking-topics/network-address translation-nat/233-
nat-overload-part-1.html

47. Which value is indicated by the next hop in a routing table?

A. preference of the route source

B. IP address of the remote router for forwarding the packets
C. how the route was learned
D. exit interface IP address for forwarding the packets
48. Which statement about the inside interface configuration in a NAT deployment is true?

A. It is defined globally
B. It identifies the location of source addresses for outgoing packets to be translated using
access or route maps.
C. It must be configured if static NAT is used
D. It identifies the public IP address that traffic will use to reach the internet.

Explanation/Reference: When we specify a NAT “inside” interface (via the “ip nat inside”
command under interface mode), we are specifying the source IP addresses. Later in the “ip
nat” command under global configuration mode, we will specify the access or route map for
these source addresses.
For example, the command:
Router(config)# ip nat inside source list 1 pool PoolforNAT
after the keyword “source” we need to specify one of the three keywords:
+ list: specify access list describing local addresses (but this command does not require an
“inside” interface to be configured)
+ route-map: specify route-map
+ static: specify static local -> global mapping

49. Refer to the exhibit. Which two statements are true about interVLAN routing in the topology
that is shown in the exhibit? (Choose two.)

A. Host E and host F use the same IP gateway address.

B. Router1 and Switch2 should be connected via a crossover cable.
C. Router1 will not play a role in communications between host A and host D.
D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.
E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the
exhibit.
F. The FastEthernet 0/0 interface on Router1 and the FastEthernet 0/1 interface on Switch
trunk ports must be configured using the same encapsulation type.
Explanation/Reference: In order for multiple VLANs to connect to a single physical interface
on a Cisco router, subinterfaces must be used, one for each VLAN. This is known as the
router on a stick configuration. Also, for any trunk to be formed, both ends of the trunk must
agree on the encapsulation type, so each one must be configured for 802.1q or ISL.
50. VLAN 2 is not yet configured on your switch. What happens if you set the switchport access
vlan 2 command in interface configuration mode?

A. The command is rejected.

B. The port turns amber.
C. The command is accepted and the respective VLAN is added to vlan.dat.
D. The command is accepted and you must configure the VLAN manually.
Explanation/Reference: The "switchport access vlan 3"will put that interface as belonging to
VLAN 3 while also updated the VLAN database automatically to include VLAN 2

51. Refer to the exhibit. All switch ports are assigned to the correct VLANs, but none of the hosts
connected to SwitchA can communicate with hosts in the same VLAN connected to SwitchB.
Based on the output shown, what is the most likely problem?

A. The access link needs to be configured in multiple VLANs.

B. The link between the switches is configured in the wrong VLAN.
C. The link between the switches needs to be configured as a trunk.
D. VTP is not configured to carry VLAN information between the switches.
E. Switch IP addresses must be configured in order for traffic to be forwarded between the
switches.

Explanation/Reference: In order to pass traffic from VLANs on different switches, the

connections between the switches must be configured as trunk ports.
52. Which command you enter on a switch to display the ip address associated with connected
devices?

A. Show cdp neighbors detail

B. Show cdp neighbor
C. Show cdp interface
D. Show cdp traffic

Explanation/Reference: Only the “show cdp neighbor detail” gives us information about the
IP address of the connected device.

53. Which technology can enable multiple vlan to communicate with one another?

A. Intra-vlan routing using a layer 3 switch

B. Inter-vlan routing using a layer 3 switch
C. Inter-vlan routing using a layer 2 switch
D. Intra-vlan routing using router on a stick

54. Which DTP switch port mode allows the port to create a trunk link if the neighboring port is in
trunk mode, dynamic desirable mode, or desirable or auto mode?

A. Dynamic Auto
B. Dynamic Desirable
C. Access
D. Trunk
55. Refer to the exhibit. Assuming that the entire network topology is shown, what is the
operational status of the interfaces of R2 as indicated by the command output shown?

A. One interface has a problem.

B. Two interfaces have problems.
C. The interfaces are functioning correctly.
D. The operational status of the interfaces cannot be determined from the output shown.

56. Which configuration can be used with PAT to allow multiple inside address to be translated to
a single outside address?

A. Dynamic Routing
B. DNS
C. Preempt
D. Overload

57. Which two types of information are held in the MAC address table? (Choose two)

A. MAC address
B. soure IP address
C. destination IP address
D. Protocols
E. Port numbers
Explanation/Reference: We can check the MAC address table with the command “show mac
address-table”: As we can see here, the “MAC address” field is the source MAC address and
the “Ports” field are the ports of the switch from which the frames (with corresponding
source MAC address) were received.

58. Which three are valid modes for a switch port used as a VLAN trunk? (choose three)

A. Desirable
B. Auto
C. On
D. Blocking
E. Transparent
F. Forwarding
59. Refer to the exhibit. What set of commands was configured on interface Fa0/3 to produce the
given the output?

A. interface FastEthernet 0/3

Channel-group 1 mode desirable
Switchport trunk encapsulation dot1q
Switchport mode trunk

B. interface FastEthernet 0/3

Channel-group 2 mode passive
Switchport trunk encapsulation dot1q
Switchport mode trunk*

C. interface FastEthernet 0/3

Channel-group 2 mode on
Switchport trunk encapsulation dot1q
Switchport mode trunk

D. interface FastEthernet 0/3

Channel-group 2 mode active
Switchport trunk encapsulation dot1q
Switchport mode trunk

60. To enable router on a router subinterface,which two steps must you perform?(choose two)

A. Configure full duplex and speed

B. configure the subinterface with an IP address
C. Configure an IP route to the VLAN destination network
D. Configure a default to route traffic between subinterface
E. Configure encapsulation dot1q

61. Assuming the default switch configuration which vlan range can be added modified and
removed on a cisco switch?

A. 2 through 1001
B. 1 through 1001
C. 1 through 1002
D. 2 through 1005
62. Refer to the exhibit. Which two statements are true of the interfaces on switch1?(choose two)

A. A hub is connected directly to FastEthernet0/5

B. FastEthernet0/1 is configured as a trunk link.
C. FastEthernet0/5 has statically assigned mac address
D. Interface FastEthernet0/2 has been disable.
E. Multiple devices are connected directly to FastEthernet0/1.
F. FastEthernet0/1 is connected to a host with multiple network interface cards.

Explanation/Reference: From the “show mac address-table” output, we see FastEthernet0/1

can receive traffic from multiple VLANs -> it is configured as a trunk. Also from the “show
cdp neighbors” output, we see Fa0/1 of this switch is connecting to Switch2 so it is
configured as a trunk.
There are two MAC addresses learned from FastEthernet0/5 while FastEthernet0/5 is not
configured as trunk (only Fa0/2 & Fa0/3 are configured as trunk links) -> a hub is used on
this port.

63. Which option is the industry-standard protocol for EtherChannel ?

A. PAgP
B. LACP
C. Cisco Discovery Protocol
D. DTP

Explanation/Reference: LACP is the IEEE Standard (IEEE 802.3ad) and is the most common
dynamic Etherchannel protocol, whereas PAgP is a Cisco proprietary protocol and works
only between supported vendors and Cisco devices
64. Which two types of NAT addresses are used in a Cisco NAT device? (Choose two.)

A. inside local
B. inside global
C. inside private
D. outside private
E. external global
F. external local

Explanation/Reference: NAT use four types of addresses:

* Inside local address – The IP address assigned to a host on the inside network. The address
is usually not an IP address assigned by the Internet Network Information Center
(InterNIC) or service provider. This address is likely to be an RFC 1918 private address.

* Inside global address – A legitimate IP address assigned by the InterNIC or service

provider that represents one or more inside local IP addresses to the outside world.

* Outside local address – The IP address of an outside host as it is known to the hosts on the
inside network.

* Outside global address – The IP address assigned to a host on the outside network. The
owner of the host assigns this address.

65. Which two statements about configuring an Ether Channel on a Cisco switch are
true?(Choose two)

A. The interfaces configured in the Ether Channel must have the same STP port path cost
B. The interfaces configured in the Ether Channel must be on the same physical switch
C. An Ether Channel can operate in Layer 2 mode only
D. The interfaces configured in the Ether Channel must operate at the same speed and
duplex mode
E. The interfaces configured in the Ether Channel must be part of the same VLAN or trunk

66. Which two cable specifications can support 1-Gbps Ethernet? (choose two)

A. Category 5e
B. RG11
C. RG-6
D. Category 6
E. Category 3
67. Refer to the exhibit.What is the effect of the configuration?

A. Traffic from PC A is dropped when it uses the trunk to communicate with PC B

B. Traffic from PC A is sent untagged when it uses the trunk to communicate with PC B
C. Traffic from PC B is dropped when it uses the trunk to communicate with PC A
D. Traffic from PC B is sent untagged when it uses the trunk to communicate with PCA

68. Which statement about switch access ports is true?

A. They drop packets with 802.1Q tags.

B. A VLAN must be assigned to an access port before it is created.
C. They can receive traffic from more than one VLAN with no voice support
D. By default, they carry traffic for VLAN 10.

Explanation/Reference: A VLAN does not need to be assigned to any port -> B is not correct.
An access port can only receive traffic from one VLAN -> C is not correct. If not assigned to a
specific VLAN, an access port carries traffic for VLAN 1 by default -> D is not correct. An
access port will drop packets with 802.1Q tags -> A is correct. Notice that 802.1Q tags are
used to packets moving on trunk links.

69. Technician has installed SwitchB and needs to configure it for remote access from the
management workstation connected SwitchA. Which set of commands is required to
accomplish this task?
A. SwitchB(config)#interface FastEthernet 0/1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#no shutdown

B. SwitchB(config)#ip default-gateway 192.168.8.254

SwitchB(config)#interface vlan 1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#no shutdown

C. SwitchB(config)#interface vlan 1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#ip default-gateway 192.168.8.254 255.255.255.0
SwitchB(config-if)#no shutdown

D. SwitchB(config)#ip default-network 192.168.8.254

SwitchB(config)#interface vlan 1
SwitchB(config-if)#ip address 192.168.8.252 255.255.255.0
SwitchB(config-if)#no shutdown

Explanation/Reference: To remote access to SwitchB, it must have a management IP

address on a VLAN on that switch. Traditionally, we often use VLAN 1 as the management
VLAN (but in fact it is not secure). In the exhibit, we can recognize that the Management
Workstation is in a different subnet from the SwitchB.
For intersubnetwork communication to occur, you must configure at least one default
gateway. This default gateway is used to forward traffic originating from the switch only,
not to forward traffic sent by devices connected to the switch.
70. When a router makes a routing decision for a packet that is received from one network and
destined to another, which portion of the packet does if replace?

A. Layer 2 frame header and trailer

B. Layer 3 IP address
C. Layer 5 session
D. Layer 4 protocol

Explanation/Reference: The Layer 2 information (source and destination MAC) would be

changed when passing through each router. The Layer 3 information (source and
destination IP addresses) remains unchanged.

71. When a packet is routed across a network, the_________________ in the packet changes at
every hop while the__________ does not.

A. MAC address, IP address

B. IP address, MAC address
C. Port number, IP address
D. IP address, port number
Explanation/Reference Since the destination MAC address is different at each hop, it must
keep changing. The IP address, which is used for the routing process, does not.

72. Which two of the following are true regarding the distance-vector and link-state routing
protocols? (Choose two.)

A. Link state sends its complete routing table out of all active interfaces at periodic time
intervals.
B. Distance vector sends its complete routing table out of all active interfaces at periodic time
intervals.
C. Link state sends updates containing the state of its own links to all routers in the
internetwork.
D. Distance vector sends updates containing the state of its own links to all routers in the
internetwork.
Explanation/Reference: The distance-vector routing protocol sends its complete routing
table out of all active interfaces at periodic time intervals. Link-state routing protocols send
updates containing the state of their own links to all routers in the internetwork.

73. What type(s) of route is the following? (Choose all that apply.)
S* 0.0.0.0/0 [1/0] via 172.16.10.5

A. Default
B. Subnetted
C. Static
D. Local
Explanation/Reference: The S* shows that this is a candidate for default route and that it
was configured manually.

74. Which of the following is not an advantage of static routing?

A. Less overhead on the router CPU

B. No bandwidth usage between routers
C. Adds security
D. Recovers automatically from lost routes
 Explanation/Reference: The Recovery from a lost route requires manual intervention by a
human to replace the lost route.

75. If your routing table has a static, an RIP, and an EIGRP route to the same network, which
route will be used to route packets by default?

A. Any available route

B. RIP route
C. Static route
D. EIGRP route
E. They will all load-balance.
Explanation/Reference: Static routes have an administrative distance of 1 by default. Unless
you change this, a static route will always be used over any other dynamically learned
route. EIGRP has an administrative distance of 90, and RIP has an administrative distance
of 120, by default.

76. Which command will create a dynamic pool named Todd that will provide you with 30 global
addresses?

A. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.240

B. ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224
C. ip nat pool todd 171.16.10.65 171.16.10.94 net 255.255.255.224
D. ip nat pool Todd 171.16.10.1 171.16.10.254 net 255.255.255.0
Explanation/Reference: The command ip nat pool name creates the pool that hosts can use to
get onto the global Internet. What makes option B correct is that the range 171.16.10.65
through 171.16.10.94 includes 30 hosts, but the mask has to match 30 hosts as well, and that
mask is 255.255.255.224. Option C is wrong because there is a lowercase t in the pool name.
Pool names are case sensitive.

77. Which command would you place on an interface connected to the Internet?

A. ip nat inside
B. ip nat outside
C. ip outside global
D. ip inside local
Explanation/Reference: You must configure your interfaces before NAT will provide any
translations. On the inside networks you would use the command ip nat inside. On the
outside network interfaces, you will use the command ip nat outside.

78. Which of the following statements are true regarding the command ip route 172.16.4.0
255.255.255.0 192.168.4.2? (Choose two.)

A. The command is used to establish a static route.

B. The default administrative distance is used.
C. The command is used to configure the default route.
D. The subnet mask for the source address is 255.255.255.0.
E. The command is used to establish a stub network.
Explanation/Reference: Although option D almost seems right, it is not; the mask option is
the mask used on the remote network, not the source network. Since there is no number at
the end of the static route, it is using the default administrative distance of 1.
79. The Corporate router receives an IP packet with a source IP address of 192.168.214.20 and a
destination address of 192.168.22.3. Looking at the output from the Corp router, what will the
router do with this packet?

A. The packet will be discarded.

B. The packet will be routed out of the S0/0 interface.
C. The router will broadcast looking for the destination.
D. The packet will be routed out of the Fa0/0 interface.

Explanation/Reference: Since the routing table shows no route to the 192.168.22.0 network,
the router will discard the packet and send an ICMP destination unreachable message out of
interface FastEthernet 0/0, which is the source LAN from which the packet originated

80. On which default interface have you configured an IP address for a switch?
A. int fa0/0
B. int vty 0 15
C. int vlan 1
D. int s/0/0

Explanation/Reference: The IP address is configured under a logical interface, called a

management domain or VLAN 1.

81. In the diagram shown, what will the switch do if a frame with a destination MAC address of
000a.f467.63b1 is received on Fa0/4? (Choose all that apply.)

A. Drop the frame.

B. Send the frame out of Fa0/3.
C. Send the frame out of Fa0/4.
D. Send the frame out of Fa0/5.
E. Send the frame out of Fa0/6.

Explanation/Reference: Since the MAC address is not present in the table, it will send the
frame out of all ports in the same VLAN with the exception of the port on which it was
received.
82. Based on the configuration shown here, what statement is true?
S1(config)#ip routing
S1(config)#int vlan 10
S1(config-if)#ip address 192.168.10.1 255.255.255.0
S1(config-if)#int vlan 20
S1(config-if)#ip address 192.168.20.1 255.255.255.0

A. This is a multilayer switch.

B. The two VLANs are in the same subnet.
C. Encapsulation must be configured.
D. VLAN 10 is the management VLAN.

Explanation/Reference: With a multilayer switch, enable IP routing and create one logical
interface for each VLAN using the interface vlan number command and you’re now doing
inter VLAN routing on the backplane of the switch

83. In the diagram, what should be the default gateway address of Host 4?

A. 192.168.10.1
B. 192.168.1.65
C. 192.168.1.129
D. 192.168.1.2

84. What is true of the output shown here?

A. Interface F0/15 is a trunk port.

B. Interface F0/17 is an access port.
C. Interface F0/21 is a trunk port.
D. VLAN 1 was populated manually

Explanation/Reference: Ports Fa0/15–18 are not present in any VLANs. They are trunk
ports.
85. If your routing table has a static, an RIP, and an EIGRP route to the same network, which
route will be used to route packets by default?
A. Any available route
B. RIP route
C. Static route
D. EIGRP route
E. They will all load-balance.

Explanation/Reference: Static routes have an administrative distance of 1 by default. Unless

you change this, a static route will always be used over any other dynamically learned
route. EIGRP has an administrative distance of 90, and RIP has an administrative distance
of 120, by default.