CHAPTER 2

1 Top of Form

Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons,
the servers do not have to communicate with each other although they are located on the same subnet. Both servers need to
communicate with the data server that is located on the inside network. Which configuration will isolate the servers from inside
attacks?

Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN promiscuous ports.

Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary VLAN community ports.

Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated ports. Ports Fa3/34 and Fa3/35 will be
defined as primary VLAN promiscuous ports.

Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN community ports. Ports Fa3/34 and Fa3/35 will be
defined as primary VLAN promiscuous ports.
Bottom of Form

2 Top of Form

Refer to the exhibit. The DNS servers DNS1 and DNS2 are redundant copies so they need to communicate with each other
and to the Internet. The web server and the SMTP server need to communicate with the Internet, but for security purposes
the web and the SMTP servers should not be reachable from the DNS servers. What private VLAN design should be
implemented?

All servers should be configured in separate isolated VLANs. All isolated VLANs should be in the same primary VLAN.
 All servers should be configured in separate community VLANs. All community VLANs should be in the same primary VLAN.

The DNS1 and DNS2 servers should be configured in a community VLAN. The web and SMTP servers should be
configured in an isolated VLAN. Both the community and isolated VLANs should be part of the primary VLAN.
The DNS1 and DNS2 servers should be configured in an isolated VLAN. The web and SMTP servers should be
configured in a community VLAN. Both the community and isolated VLANs should be in the same primary VLAN.
Bottom of Form

3 Top of Form

Refer to the exhibit. Switch SW2 was tested in a lab environment and later inserted into the production network. Before a
trunk link has been connected between the two switches SW1 and SW2, a network administrator issued the show vtp status
command as displayed in the exhibit. Immediately after the switches were interconnected, all users lost connectivity to the
network. What could be the possible reason for the problem?

The switches can exchange VTP information only through an access link.

Switch SW2 receives more VLANs from switch SW1 than can be supported.

Switch SW2 has the pruning eligible parameter enabled, which causes pruning of all VLANs from the trunk port.

Switch SW2 has a higher VTP server revision number, which causes deletion of the VLAN information in the VTP domain.

Bottom of Form

4 Top of Form
What happens when an ISL-enabled trunk receives an unencapsulated frame?

The frame is dropped.

The frame is processed as part of the native VLAN frames.

 The switch will hold the untagged frame and send a BPDU to the originating switch.

The switch will associate the frame with the VLAN that the receiving port is assigned to.

Bottom of Form

5 Top of Form
In the context of the Enterprise Composite Architecture, which statement is true about best-practice design of local VLANs?

Local VLAN is a feature that has only local significance to the switch.

Local VLANs do not extend beyond the building distribution layer.

Local VLANs should be created based upon the job function of the end user.

Local VLANs should be advertised to all switches in the network.

Bottom of Form

6 Top of Form

Refer to the exhibit. During the network upgrade process, a network administrator included switch SW2 in the network.
Immediately afterward, the users on VLAN10 who were connected to SW10 lost connectivity to the network. Based on the
show vtp statuscommand outputs that are provided, what could be done to remedy the problem?

Configure switch SW2 in VTP client mode.

 Configure switch SW2 with VTP version 1.

Configure switch SW2 with the higher revision number.

Configure switch SW2 with the same VTP domain name that SW1 has.

Bottom of Form

7 Top of Form
When configuring an EtherChannel, given that one end of the link is configured with PAgP mode desirable, which PAgP
modes can be configured on the opposite end of the link in order to form an active channel? (Choose two.)

off

on

desirable

auto

Bottom of Form

8 Top of Form
Which two items are benefits of implementing local VLANs within the Enterprise Architecture? (Choose two.)

A single VLAN can extend further than its associated distribution-layer switch.

Failures at Layer 2 are isolated to a small subset of users.

High availability is made possible because local VLAN traffic on access switches can now be passed directly to the core
switches across an alternate Layer 3 path.

Layer 3 routing between VLANs can now be applied at the access layer.

Local VLANs are limited to the access and distribution layer.

Bottom of Form

9 Top of Form
 Refer to the exhibit. How should SW2 be configured in order to participate in the same VTP domain and populate the VLAN
information across the domain?

Switch SW2 should be configured as a VTP client.

Switch SW2 should be configured for VTP version 1.

Switch SW2 should be configured with no VTP domain password.

Switch SW2 should be configured as a VTP server with a higher revision number.

Bottom of Form

10 Top of Form
Which two statements are true about the 802.1Q trunking protocol? (Choose two.)

Untagged frames will be placed in the configured native VLAN of a port.

It is a proprietary protocol that is supported on Cisco switches only.

Private VLAN configurations are not supported.

The native VLAN interface configurations must match at both ends of the link or frames could be dropped.

Bottom of Form

11 Top of Form
 Refer to the exhibit. A network administrator is unable to ping between two workstations, PC1 and PC2, that are connected to
switch3548. PC1 is connected to port Fa0/19, and PC2 is connected to port Gi0/2. Given the output of the show vlan
command, which statement is true?

Both workstations are on the same VLAN.

Both workstations are in the default VLAN.

Inter-VLAN routing is not properly configured.

The VLAN interface is administratively shut down.

PC2 is connected to a trunk port instead of an access port.

Bottom of Form

12 Top of Form
 Refer to the exhibit. Both SW1 and SW2 are configured with the PAgP desirable mode. Which statement is true?

Both switches will initiate channeling negotiation and will not be able to form a channel.

Both switches will initiate channeling negotiation and will form a channel between them.

Neither switch will initiate channeling negotiation and will not be able to form a channel between them.

Neither switch will initiate channeling negotiation but will form a channel between them.

Bottom of Form

13 Top of Form
Which three effects does the interface command switchport host have when entered on a switch? (Choose three.)

sets the switch port mode to access

enables BPDU guard

enables spanning tree PortFast

enables root guard

disables channel grouping

enables BPDU filtering

Bottom of Form

14 Top of Form
What are three characteristics of a VLAN access port? (Choose three.)

A switch port can become an access port through static or dynamic configuration.

An access port is associated with a single VLAN.

An access port should have the 802.1q encapsulation associated with it.

An access port will send DTP frames by default.

An access port is created with the switchport mode access command and then associated with a VLAN with the
switchport access vlan command.

The VLAN that the access port is assigned to will be automatically deleted if it does not exist in the VLAN database
of the switch.
 Bottom of Form

15 Top of Form

Refer to the exhibit. Given the configuration information of the CAT1 and CAT2 switches, which statement is true?

LACP will form a channel between the switches.

Because the port-channel numbers do not match, LACP will not form a channel between the switches.

Because the channel-group commands on SW2 should be set to "on," LACP will not form a channel between the switches.

LACP will form a 200-Mb/s channel between the switches.

Bottom of Form
16 Top of Form
 Refer to the exhibit. Which two statements are true about the switch CAT2? (Choose two.)

Eleven VLANs were manually configured on the switch.

Six VLANs were either manually configured on the switch or learned via VTP.

Interfaces Fa0/13 and Fa0/14 are in VLAN 1.

Interfaces Fa0/13 and Fa0/14 are in an unspecified VLAN.

VLAN 100 is in dynamic desirable mode.

VLAN 100 has no active access ports.

Bottom of Form

17 Top of Form
Refer to the exhibit. Switch1 and Switch2 are unable to establish an operational trunk connection. What is the problem
between the connection on Switch1 and Switch2?

encapsulation mismatch

switchport mode mismatch

MTU mismatch

VTP mismatch

DTP mismatch

native VLAN mismatch

Bottom of Form
18 Top of Form
A network administrator is tasked with protecting a server farm by implementing private VLANs (PVLANs). A server is only
allowed to communicate with its default gateway and other related servers. Which type of PVLAN should be configured on the
switch ports that connect to the servers?

isolated

promiscuous

secondary VLAN

community

Bottom of Form

19 Top of Form

Refer to the exhibit. Which option correctly describes the function of a switch that is configured in VTP transparent mode?

option 1

option 2

option 3

option 4

option 5

Bottom of Form

20 Top of Form
Refer to the exhibit. Given the exhibited command output, which statement is true?

Interface Fa0/1 is configured for ISL trunking.

Interface Fa0/1 is configured as an access port.

Interface Fa0/1 is configured as an SVI.

Interface Fa0/1 is configured for 802.1Q trunking.

Bottom of Form