Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. - (Topic 6)
Refer to the exhibit.
The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security
2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1
The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.)
A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF.
B. Only host A will be allowed to transmit frames on fa0/1.
C. This frame will be discarded when it is received by 2950Switch.
D. All frames arriving on 2950Switch with a destination of 0000.00aa.aaaa will be forwarded out fa0/1.
E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.
F. Only frames from source 0000.00bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1.
Answer: B,D
Explanation:
The configuration shown here is an example of port security, specifically port security using sticky addresses. You can use port security with dynamically learned and static MAC addresses to restrict a port's ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.
Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.
Q2. - (Topic 5)
What authentication type is used by SNMPv2?
A. HMAC-MD5
B. HMAC-SHA
C. CBC-DES
D. community strings
Answer: D
Explanation:
SNMP Versions
Cisco IOS software supports the following versions of SNMP:
•SNMPv1 — The Simple Network Management Protocol: A Full Internet Standard, defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.
•SNMPv2c — The community-string based Administrative Framework for SNMPv2. SNMPv2c (the "c" stands for "community") is an Experimental Internet Protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic), and uses the community-based security model of SNMPv1.
•SNMPv3 — Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 2273 to 2275. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network.
SNMP Security Models and Levels
Model Level
Authentication Encryption What Happens v1 noAuthNoPriv
Community String No
Uses a community string match for authentication. v2c
noAuthNoPriv Community String No
Uses a community string match for authentication. v3
noAuthNoPriv Username
No
Uses a username match for authentication. v3
authNoPriv MD5 or SHA
No
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. v3
authPriv MD5 or SHA DES
Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard.
Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.h tml
Q3. - (Topic 8)
Which option is the default switch port port-security violation mode?
A. shutdown
B. protect
C. shutdown vlan
D. restrict
Answer: A
Explanation:
Shutdown—This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and reenabling the switchport.
Shutdown VLAN—This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.
Q4. - (Topic 8)
Which address class includes network 191.168.0.1/27?
A. Class C
B. Class B
C. Class D
D. Class A
Answer: B
Q5. - (Topic 7)
Refer to the exhibit.
A problem with network connectivity has been observed. It is suspected that the cable connected to switch port Fa0/9 on Switch1 is disconnected. What would be an effect of this cable being disconnected?
A. Host B would not be able to access the server in VLAN9 until the cable is reconnected.
B. Communication between VLAN3 and the other VLANs would be disabled.
C. The transfer of files from Host B to the server in VLAN9 would be significantly slower.
D. For less than a minute, Host B would not be able to access the server in VLAN9. Then normal network function would resume.
Answer: D
Explanation:
Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology. STP creates a loop-free tree structure consisting of leaves and branches that span the entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks.
Q6. - (Topic 5)
A network engineer wants to allow a temporary entry for a remote user with a specific username and password so that the user can access the entire network over the Internet.
Which ACL can be used?
A. standard
B. extended
C. dynamic
D. reflexive
Answer: C
Explanation:
We can use a dynamic access list to authenticate a remote user with a specific username and password. The authentication process is done by the router or a central access server such as a TACACS+ or RADIUS server. The configuration of dynamic ACL can be read here: http://www.cisco.com/en/US/tech/tk583/tk822/technologies_tech_note09186a0080094524. shtml
Q7. - (Topic 8)
Which two statements about late collisions are true? (Choose two.)
A. They may indicate a duplex mismatch.
B. By definition, they occur after the 512th bit of the frame has been transmitted.
C. They indicate received frames that did not pass the FCS match.
D. They are frames that exceed 1518 bytes.
E. They occur when CRC errors and interference occur on the cable.
Answer: A,B
Q8. - (Topic 3)
Refer to the exhibit.
What can be determined about the router from the console output?
A. No configuration file was found in NVRAM.
B. No configuration file was found in flash.
C. No configuration file was found in the PCMCIA card.
D. Configuration file is normal and will load in 15 seconds.
Answer: A
Explanation:
When no startup configuration file is found in NVRAM, the System Configuration Dialog will appear to ask if we want to enter the initial configuration dialog or not.
Q9. - (Topic 8)
Which command can you execute to set the user inactivity timer to 10 seconds?
A. SW1(config-line)#exec-timeout 0 10
B. SW1(config-line)#exec-timeout 10
C. SW1(config-line)#absolute-timeout 0 10
D. SW1(config-line)#absolute-timeout 10
Answer: A
Q10. - (Topic 5)
Which statement describes the process of dynamically assigning IP addresses by the DHCP server?
A. Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement.
B. Addresses are permanently assigned so that the hosts uses the same address at all times.
C. Addresses are assigned for a fixed period of time, at the end of the period, a new request for an address must be made.
D. Addresses are leased to hosts, which periodically contact the DHCP server to renew the lease.
Answer: D
Explanation:
The DHCP lifecycle consists of the following:
✑ Allocation: A client begins with no active lease, and hence, no DHCP-assigned address. It acquires a lease through a process of allocation.
✑ Reallocation: If a client already has an address from an existing lease, then when it reboots or starts up after being shut down, it will contact the DHCP server that granted it the lease to confirm the lease and acquire operating parameters. This is sometimes called reallocation; it is similar to the full allocation process but shorter.
✑ Normal Operation: Once a lease is active, the client functions normally, using its assigned IP address and other parameters during the “main part” of the lease. The client is said to be bound to the lease and the address.
✑ Renewal: After a certain portion of the lease time has expired, the client will attempt to contact the server that initially granted the lease, to renew the lease so it can keep using its IP address.
✑ Rebinding. If renewal with the original leasing server fails (because, for example, the server has been taken offline), then the client will try to rebind to any active DHCP server, trying to extend its current lease with any server that will allow it to do so.
✑ Release: The client may decide at any time that it no longer wishes to use the IP address it was assigned, and may terminate the lease, releasing the IP address.
Q11. - (Topic 8)
Which NAT function can map multiple inside addresses to a single outside address?
A. PAT
B. SFTP
C. RARP
D. ARP
E. TFTP
Answer: A
Q12. - (Topic 8)
Which two options are primary responsibilities of the APIC-EM controller? (Choose two.)
A. It automates network actions between different device types.
B. It provides robust asset management.
C. It tracks license usage and Cisco IOS versions.
D. It automates network actions between legacy equipment.
E. It makes network functions programmable.
Answer: A,E
Q13. - (Topic 3)
Which type of EIGRP route entry describes a feasible successor?
A. a backup route, stored in the routing table
B. a primary route, stored in the routing table
C. a backup route, stored in the topology table
D. a primary route, stored in the topology table
Answer: C
Explanation:
EIGRP uses the Neighbor Table to list adjacent routers. The Topology Table list all the learned routers to destination whilst the Routing Table contains the best route to a destination, which is known as the Successor. The Feasible Successor is a backup route to a destination which is kept in the Topology Table.
Q14. - (Topic 8)
Which statement about QoS default behavior is true?
A. Ports are untrusted by default.
B. VoIP traffic is passed without being tagged.
C. Video traffic is passed with a well-known DSCP value of 46.
D. Packets are classified internally with an environment.
E. Packets that arrive with a tag are untagged at the edge of an administrative domain.
Answer: E
Explanation: Frames received from users in the administratively-defined VLANs are
classified or tagged for transmission to other devices. Based on rules that you define, a unique identifier (the tag) is inserted in each frame header before it is forwarded. The tag is examined and understood by each device before any broadcasts or transmissions to other switches, routers, or end stations. When the frame reaches the last switch or router, the tag is removed before the frame is sent to the target end station. VLANs that are assigned on trunk or access ports without identification or a tag are called native or untagged frames. For IEEE 802.1Q frames with tag information, the priority value from the header frame is used. For native frames, the default priority of the input port is used.
Each port on the switch has a single receive queue buffer (the ingress port) for incoming traffic. When an untagged frame arrives, it is assigned the value of the port as its port default priority. You assign this value by using the CLI or CMS. A tagged frame continues to use its assigned CoS value when it passes through the ingress port.
Q15. - (Topic 5)
Which IPv6 address is the equivalent of the IPv4 interface loopback address 127.0.0.1?
A. ::1
B. ::
C. 2000::/3
D. 0::/10
Answer: A
Explanation:
In IPv6 the loopback address is written as, ::1
This is a 128bit number, with the first 127 bits being '0' and the 128th bit being '1'. It's just a single address, so could also be written as ::1/128.