Share your SWITCH v2.0 Experience

Could someone please send me some valid material?

weirdsega @ gmail . com

Hi All,

passed the exam, everything on certprepare is valid, everything i studied came up. no new questions. i have about 3 D&D and 3 sims. my very last question was infact a sim. the 1 with 4 routers, with router 1 and 2 both in a vtp server mode. I would advise doing updated q’s 6,7 & 8 and defo learn the material (practice questions) under each heading. best of luck guys!

Did any1 get the AAAdot1x Simulator recently?
Is it wise to study it ?

How many questions from updates 6,7,and 8 appeared in recent exams please…..some or most??

Passed the exam today with very high score, 989. and as I promised here is my feedback.

which materials did I use?
i only used certprepare and August IPhelper VCE, I am a premium member in this site and I studyed every corner of this site, I focused on grasping the concepts rather than cramming the answers. I have spent hours doing and doing and redoing the composite quizez in this website, I strongly recomend that you get premium membership.

any new questions?
NOPE NOPE NOPE, there was no any new question, because I have studied everything from this site and IP helper, you know I have come to realise that a lot of people say that they have encountered new questions in the exam but its not true, the truth is they havent used the right dumps to study

what about the questions posted by @RICK today?
well 70% of my exam was from those questions, I strongly recomend you to study the questions, I ll post then down this comment again so everyone can study them.

need some dumps I used!!
if you need the IPhelper vce file please drop me an email and I ll send it to you free of charge, as I was given for free. my email is princesselicious at gmail dot com

what about the labs?
well well well the labs were very interesting, i got the 3 usual labs STP LACP, VTP3 and HSRP
the stp was exactly like the one in this site, all configs are done at the interface level, dont forget to no shut all if your physical interfaces, and DONT FORGET COPY RUN START, it works in this lab.
about the VTP lab was slightly altered, now we dont have any PRIMARY SERVER. so I choose Configure VLAN 500 & VLAN 600 on both SW1 & SW2 and I also choose Disable VTP pruning on SW4 only. the other lab was exactly the same as the one in this site.

why did I not score 1000/1000
for this I dont have answer because I new all the questions, maybe there is something I missed in the labs, I dont know, But anyways I have passed!!!

any more questions?
feel free to ask some question, I ll be answering your questions in the comment sections

goodluck on your preparations.

@Laga

Good Job!!

im really happy for you. And im happy that you are giving back to the community as well… IF i study the Oct dump and the iphelper, is that enough? Also, are there mistakes on those dumps? did you happen to make corrections that you can share by any chance?

Interesting, my VTPv3 lab still had a primary server. VTPv3 always has to have a primary server, you can’t configure VLAN’s on anything else. In my opinion, this question is terribly written by Cisco but in a months time it won’t matter so oh well.

Are the questions on the site all that you need or are there different questions on the Aug ip helper and October doc?
Lot of conflicts between the 3 so which is the most up to date?

Could anyone give the correct answer for those MCQS

@Rick MCQS

1. Which statement about VSPAN is true?
A. It can monitor ingress and egress traffic on the source VLAN
B. It sends all VLAN traffic to the destination port regardless of the VLAN’s status
C. It can monitor destination port traffic that belongs to a source VLAN
D. It can monitor token ring VLANs
2. Which mechanism is specific for RSPAN and not for SPAN?
A. source port
B. monitor port
C. reflector port
D. redundant port
E. destination port
3. Which two statements about source port monitoring in a SPAN are true? (Choose two.)
A. Traffic through a destination port can be copied and included in the SPAN session.
B. The entire EtherChannel must be monitored.
C. It can monitor only FastEthernet and GigabitEthernet port types.
D. It can monitor individual interfaces within a port channel.
E. It can monitor ingress and egress traffic.
4. A switch has been configured with the vlan dot1q tag native command. Which statement describes what the switch does with untagged frames that it receive?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunked port is put in err-disable state
D. Untagged frames are forwarded via the native VLAN
5. Which two operational attributes can be checked for EtherChannel ports that are in err-disabled state?
A. Port mode B. Port cost C. Duplex D. DTP E. VLAN
6. Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15
7. Which two statements are true about port security? (Choose two)
A. It is used on EtherChannel bundle.
B. It must be used on the switch interface.
C. It can be configured for SPAN.
D. It is configured on an access port.
E. ?
8. Which two statements about static MAC addresses are true? (Choose two)
A. They are configured without an aging time.
B. They have a default aging time of 300 seconds.
C. They supersede dynamically learned MAC address.
D. They can be configured on multiple interfaces in the same VLAN.
E. They have a default aging time of 60 seconds.
9. Which security feature inspects ARP packets based on valid IP-to-MAC address bindings?
A. BPDU guard
B. port security
C. DAI
D. IP source Guard
10. In which two ways can a port respond to a port-security violation? (Choose two)
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
C. The Security Violation counter is incremented and the port sends a critical syslog message to the console.
D. The port triggers an EEM script to notify support staff and continues to forward traffic normally.
E. The port immediately begins to drop all traffic.
F. The port enters the shutdown state.
11. Which three features can be optimized by using SDM templates? (Choose three)
A. port security
B. Trunk
C. VLAN
D. access
E. DHCP snooping
F. routing
12. What types of SDM templates you can use in switch? (Choose three)
A. Access B. Default C. Routing D. VLANs E. ? F. ?
13. Which two statements about default FHRP behavior are true? (Choose two)
A. A backup GLBP active virtual gateway can become active only if the current active virtual gateway fails
B. Preemption is enabled by default
C. Unless specifically configured, the priority of an HSRP router is 200
D. A standby HSRP router becomes active if it has a higher priority than the priority of the current active router
E. A VRRP backup virtual router becomes the master router if its priority is higher than the priority of the current master router
14. How many AVGs can be elected by GLBP member?
A. 1
B. 2
C. 4
D. 6
15. Which option is the minimum number of bindings that the DHCP snooping database can store?
A. 1000 bindings
B. 2000 bindings
C. 5000 bindings
D. 8000 bindings
16. A switch has been configured with the VLAN dot1q tag native command. Which statement describes what the switch does with untagged frames when it
receives on a trunked interface?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunk ports is put in err-disable state.
D. Untagged frames are forward via the native vlan
17. Which two commands display the VLANs that are present in the VLAN database? (Choose two.)
A. show running-config
B. show vlan database
C. show vlan brief
D. show vlan
E. show vlan id
18. Which two commands do you enter to add VLAN 20 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 20
B. switchport access vlan 20
C. vlan 20
D. switchport trunk allowed vlan 20
E. encapsulation dot1q 20
19. Which two commands do you enter to add VLAN 15 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 15
B. switchport access vlan 15
C. vlan 15
D. switchport trunk allowed vlan 15
E. encapsulation dot1q 15
20. Refer to the exhibit. A single server in Company 123 is connected via EtherChannel to a single upstream switch. Which EtherChannel load balancing method on the switch makes optimal use of the redundant links as traffic flows from the routers to the server?
A. source MAC address
B. source IP address
C. source and destination MAC address
D. destination MAC address
21. Which command enables root guard on a Cisco switch?
A. Switch(config)#spanning-tree guard root
B. Switch(config)#spanning-tree root guard
C. Switch(config-if)#spanning-tree guard-root
D. Switch(config-if)#spanning-tree guard root
E. Switch(config-if)#spanning-tree root guard
22. Which two configuration requirements for port security are true? (Choose two.)
A. Port must be in access mode
B. Port security must be enabled on the port level
C. Port must be in interface VLAN mode
D. Port security must be disabled on the port level
E. Port must be in encapsulation mode
23. Which two configuration requirements for port security are true? (Choose two.)
A. The port must be part of a trunk.
B. Port security must be enable at the port level
C. Port security must be enabled at the global level.
D. The port must be SPAN port.
E. The port must be part of an EtherChannel bundle.
F. The port must be in access mode.
24. Which type of failure has occurred, if a link fails and the MEC successfully redistributes the load among the remaining operational links?
A. multiple MEC link failure
B. standby switch failure
C. active switch failure
D. single MEC link failure
25. Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?
A. aaa authorization exec default group tacacs+ if-authenticated
B. aaa authorization exec default group tacacs+ local-case
C. aaa authorization exec default group tacacs+ enable
D. aaa authentication exec default group tacacs+ if-authenticated
26. Which two statements about the local user database are true? (Choose two.)
A. For console connections, it can be used only as a backup authentication method.
B. It can be configured to grant a user-specific privilege level.
C. It can store passwords in clear text only.
D. For VTY connections, it can be used only as a backup authentication method.
E. It can be used as the only method of authentication or as a backup for other methods.
27. What is the value of the TPID/tag protocol identifier in dot1q?
A. 0x8100
B. 0x8a88
C. 0x8b45
D. 0x8200
28. Which two TLVs are included in Cisco Discovery Protocol advertisements? (Choose two.)
A. Network Policy TLV
B. VTP Management Domain TLV
C. System Name TLV
D. Inventory Management TLV
E. Native VLAN TLV
29. Which two statements about sticky MAC address learning are true? (Choose two.)
A. A single device can learn up to three sticky MAC addresses.
B. Devices can learn sticky MAC addresses dynamically.
C. Learned addresses are saved to the startup configuration file by default.
D. Learned addresses are saved to the running configuration by default.
E. Learned addresses are automatically preserved when the device reboots.
F. It can be used only on devices that operate in a single layer.
30. After you connected a host to switch port G0/1, the port is error disabled. Which command can you enter to determine the reason?
A. show interfaces g0/1 status
B. show log
C. show run interface g0/1
D. show ip interface brief
31. Refer to the exhibit.
Which option is the most likely explanation of the duplicate address message logged?
A. spanning-tree loop
B. HSRP misconfiguration
C. a PC with IP of 10.10.1.1
D. a hardware problem
32. Which feature can prevent ARP poisoning attacks on a device?
A. Dynamic ARP Inspection
B. DHCP snooping
C. MAC snooping
D. CGMP snooping
E. Dynamic MAC Inspection
F. Static ARP Inspection
33. Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices
34. You want to correctly configure IP Source Guard on a switch. Which two tasks must you perform? (Choose two.)
A. Enable DHCP snooping on the switch.
B. Enable DHCP packet validation on the device.
C. Configure the DHCP snooping relay.
D. Enable DHCP option 82.
E. Configure the ip verify source vlan dhcp-snooping command.
35. Refer to the exhibit. An engineer is configuring a trunking port-channel between switch 1 and switch 2 and receives an error message on switch 1. Which
option corrects this error?
A. enabling BPDU guard on interface Fa0/23 of switch 2.
B. enabling BPDU guard on interface Fa0/23 of switch 1.
C. disabling BPDU guard on interface Fa0/23 of switch 2.
D. disabling BPDU guard on interface Fa0/23 of switch 1.
Drag and Drop – PVST+ / Rapid PVST+ / MSTP
PVST + 802.1d standard + default STP
RapidPVST + 802.1w standard + has Discarding port state
MST + 802.1s standard + group vlan int instance
Drag and Drop – SPAN Source and Destination Ports
Source port:
1. It can be trunk or an access port
2. It can be monitored as a bundled logical port or as individual physical ports
3. Multiple VLANs can be included in a single session
Destination switch:
1. It acts as the monitoring port
2. It is not supported as part of a VLAN
3. Its original configuration is overwritten by the SPAN configuration

Hi, I pass my exam today! Some new question maybe 5-6 (all in Rick post of yesterday), same labs than here!! Thanks certprepare!!

Could you share your answers ?

Hi,
I have been studying since the TEN final, I can send an updated dump,
I am in the final stretch.

someone , someone ?

Thanks so much

wagn er.in fra @ gmai l com

@Dan21

the october dump is exactly the same as what is on premium membership on this site so I used the same questions, and about the questions with wrong answers in the dumps, its true there are some questions with wrong answers thats why I encourage to grasp the concept for core knowledge.

I today passed the exam score 9XX , valid aug dumps and oct dumps,
My Lab exam seems like some configuration is already on the exam.
Thanks folks good luck everyone

33. Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices

A and B correct ??

@Laga

Are there errors in the Oct dump too? if so can you share the corrections you made? I mean that would be the best thing ever if you could… :)

what is the correct, A or B ?

A – SPAN Source and Destination Ports
Source port:
1. It can be trunk or an access port
2. It can be monitored as a bundled logical port or as individual physical ports
3. Multiple VLANs can be included in a single session
Destination switch:
1. It acts as the monitoring port
2. It is not supported as part of a VLAN
3. Its original configuration is overwritten by the SPAN configuration

===

B – SPAN Source and Destination Ports
Source port:
1. It acts as the monitoring port
2. It can be monitored as a bundled logical port or as individual physical ports
3. Multiple VLANs can be included in a single session
Destination switch:
1. It can be trunk or an access port 1.
2. It is not supported as part of a VLAN
3. Its original configuration is overwritten by the SPAN configuration

A

Is digitaltut out ?

yea.. digitaltut is unreachable for me

************************MCQS & Rick Ragnar**********************

THESE QUESTIONS ARE THOSE OF THE EXAM?

1. Which statement about VSPAN is true?
A. It can monitor ingress and egress traffic on the source VLAN
B. It sends all VLAN traffic to the destination port regardless of the VLAN’s status
C. It can monitor destination port traffic that belongs to a source VLAN
D. It can monitor token ring VLANs
2. Which mechanism is specific for RSPAN and not for SPAN?
A. source port
B. monitor port
C. reflector port
D. redundant port
E. destination port
3. Which two statements about source port monitoring in a SPAN are true? (Choose two.)
A. Traffic through a destination port can be copied and included in the SPAN session.
B. The entire EtherChannel must be monitored.
C. It can monitor only FastEthernet and GigabitEthernet port types.
D. It can monitor individual interfaces within a port channel.
E. It can monitor ingress and egress traffic.
4. A switch has been configured with the vlan dot1q tag native command. Which statement describes what the switch does with untagged frames that it receive?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunked port is put in err-disable state
D. Untagged frames are forwarded via the native VLAN
5. Which two operational attributes can be checked for EtherChannel ports that are in err-disabled state?
A. Port mode B. Port cost C. Duplex D. DTP E. VLAN
6. Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15
7. Which two statements are true about port security? (Choose two)
A. It is used on EtherChannel bundle.
B. It must be used on the switch interface.
C. It can be configured for SPAN.
D. It is configured on an access port.
E. ?
8. Which two statements about static MAC addresses are true? (Choose two)
A. They are configured without an aging time.
B. They have a default aging time of 300 seconds.
C. They supersede dynamically learned MAC address.
D. They can be configured on multiple interfaces in the same VLAN.
E. They have a default aging time of 60 seconds.
9. Which security feature inspects ARP packets based on valid IP-to-MAC address bindings?
A. BPDU guard
B. port security
C. DAI
D. IP source Guard
10. In which two ways can a port respond to a port-security violation? (Choose two)
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
C. The Security Violation counter is incremented and the port sends a critical syslog message to the console.
D. The port triggers an EEM script to notify support staff and continues to forward traffic normally.
E. The port immediately begins to drop all traffic.
F. The port enters the shutdown state.
11. Which three features can be optimized by using SDM templates? (Choose three)
A. port security
B. Trunk
C. VLAN
D. access
E. DHCP snooping
F. routing
12. What types of SDM templates you can use in switch? (Choose three)
A. Access B. Default C. Routing D. VLANs E. ? F. ?
13. Which two statements about default FHRP behavior are true? (Choose two)
A. A backup GLBP active virtual gateway can become active only if the current active virtual gateway fails
B. Preemption is enabled by default
C. Unless specifically configured, the priority of an HSRP router is 200
D. A standby HSRP router becomes active if it has a higher priority than the priority of the current active router
E. A VRRP backup virtual router becomes the master router if its priority is higher than the priority of the current master router
14. How many AVGs can be elected by GLBP member?
A. 1
B. 2
C. 4
D. 6
15. Which option is the minimum number of bindings that the DHCP snooping database can store?
A. 1000 bindings
B. 2000 bindings
C. 5000 bindings
D. 8000 bindings
16. A switch has been configured with the VLAN dot1q tag native command. Which statement describes what the switch does with untagged frames when it
receives on a trunked interface?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunk ports is put in err-disable state.
D. Untagged frames are forward via the native vlan
17. Which two commands display the VLANs that are present in the VLAN database? (Choose two.)
A. show running-config
B. show vlan database
C. show vlan brief
D. show vlan
E. show vlan id
18. Which two commands do you enter to add VLAN 20 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 20
B. switchport access vlan 20
C. vlan 20
D. switchport trunk allowed vlan 20
E. encapsulation dot1q 20
19. Which two commands do you enter to add VLAN 15 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 15
B. switchport access vlan 15
C. vlan 15
D. switchport trunk allowed vlan 15
E. encapsulation dot1q 15
20. Refer to the exhibit. A single server in Company 123 is connected via EtherChannel to a single upstream switch. Which EtherChannel load balancing method on the switch makes optimal use of the redundant links as traffic flows from the routers to the server?
A. source MAC address
B. source IP address
C. source and destination MAC address
D. destination MAC address
21. Which command enables root guard on a Cisco switch?
A. Switch(config)#spanning-tree guard root
B. Switch(config)#spanning-tree root guard
C. Switch(config-if)#spanning-tree guard-root
D. Switch(config-if)#spanning-tree guard root
E. Switch(config-if)#spanning-tree root guard
22. Which two configuration requirements for port security are true? (Choose two.)
A. Port must be in access mode
B. Port security must be enabled on the port level
C. Port must be in interface VLAN mode
D. Port security must be disabled on the port level
E. Port must be in encapsulation mode
23. Which two configuration requirements for port security are true? (Choose two.)
A. The port must be part of a trunk.
B. Port security must be enable at the port level
C. Port security must be enabled at the global level.
D. The port must be SPAN port.
E. The port must be part of an EtherChannel bundle.
F. The port must be in access mode.
24. Which type of failure has occurred, if a link fails and the MEC successfully redistributes the load among the remaining operational links?
A. multiple MEC link failure
B. standby switch failure
C. active switch failure
D. single MEC link failure
25. Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?
A. aaa authorization exec default group tacacs+ if-authenticated
B. aaa authorization exec default group tacacs+ local-case
C. aaa authorization exec default group tacacs+ enable
D. aaa authentication exec default group tacacs+ if-authenticated
26. Which two statements about the local user database are true? (Choose two.)
A. For console connections, it can be used only as a backup authentication method.
B. It can be configured to grant a user-specific privilege level.
C. It can store passwords in clear text only.
D. For VTY connections, it can be used only as a backup authentication method.
E. It can be used as the only method of authentication or as a backup for other methods.
27. What is the value of the TPID/tag protocol identifier in dot1q?
A. 0x8100
B. 0x8a88
C. 0x8b45
D. 0x8200
28. Which two TLVs are included in Cisco Discovery Protocol advertisements? (Choose two.)
A. Network Policy TLV
B. VTP Management Domain TLV
C. System Name TLV
D. Inventory Management TLV
E. Native VLAN TLV
29. Which two statements about sticky MAC address learning are true? (Choose two.)
A. A single device can learn up to three sticky MAC addresses.
B. Devices can learn sticky MAC addresses dynamically.
C. Learned addresses are saved to the startup configuration file by default.
D. Learned addresses are saved to the running configuration by default.
E. Learned addresses are automatically preserved when the device reboots.
F. It can be used only on devices that operate in a single layer.
30. After you connected a host to switch port G0/1, the port is error disabled. Which command can you enter to determine the reason?
A. show interfaces g0/1 status
B. show log
C. show run interface g0/1
D. show ip interface brief
31. Refer to the exhibit.
Which option is the most likely explanation of the duplicate address message logged?
A. spanning-tree loop
B. HSRP misconfiguration
C. a PC with IP of 10.10.1.1
D. a hardware problem
32. Which feature can prevent ARP poisoning attacks on a device?
A. Dynamic ARP Inspection
B. DHCP snooping
C. MAC snooping
D. CGMP snooping
E. Dynamic MAC Inspection
F. Static ARP Inspection
33. Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices
34. You want to correctly configure IP Source Guard on a switch. Which two tasks must you perform? (Choose two.)
A. Enable DHCP snooping on the switch.
B. Enable DHCP packet validation on the device.
C. Configure the DHCP snooping relay.
D. Enable DHCP option 82.
E. Configure the ip verify source vlan dhcp-snooping command.
35. Refer to the exhibit. An engineer is configuring a trunking port-channel between switch 1 and switch 2 and receives an error message on switch 1. Which
option corrects this error?
A. enabling BPDU guard on interface Fa0/23 of switch 2.
B. enabling BPDU guard on interface Fa0/23 of switch 1.
C. disabling BPDU guard on interface Fa0/23 of switch 2.
D. disabling BPDU guard on interface Fa0/23 of switch 1.
Drag and Drop – PVST+ / Rapid PVST+ / MSTP
PVST + 802.1d standard + default STP
RapidPVST + 802.1w standard + has Discarding port state
MST + 802.1s standard + group vlan int instance
Drag and Drop – SPAN Source and Destination Ports
Source port:
1. It can be trunk or an access port
2. It can be monitored as a bundled logical port or as individual physical ports
3. Multiple VLANs can be included in a single session
Destination switch:
1. It acts as the monitoring port
2. It is not supported as part of a VLAN
3. Its original configuration is overwritten by the SPAN configuration

@all could you please let us know if the present dumps on Certprepare are still valid?

33. Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices

A and B correct ??

Guys, do you think that Cisco will change the questions between now and Feb 22nd?
Anybody here taking there exam near the end of Feb?

@Switchy
I am planning to take my TSHOOT near last day which I am certainly not at all prepared for

@ dirtflake can i pass route by 3 weeks study?

Can i pass router by 3 weeks study? Please advise

passed Today with score 86*
premium member and used China 591Lab dump.
4DND (radius,tacacs+ & pvst,rapidpvst,mst&source port , destination port & avg,avf,arp)
labs (lacp & hsrp & vtpv3)
about 6-7 new questions

Thanks Certprepare, Rick, Waseem and all of you.

I have solved Rick QA. i will share it for you.

Pls share me Tshoot dump.

good luck

1. Which statement about VSPAN is true?
A. It can monitor ingress and egress traffic on the source VLAN
B. It sends all VLAN traffic to the destination port regardless of the VLAN’s status
C. It can monitor destination port traffic that belongs to a source VLAN
D. It can monitor token ring VLANs
Ans : A
2. Which mechanism is specific for RSPAN and not for SPAN?
A. source port
B. monitor port
C. reflector port
D. redundant port
E. destination port
Ans : C
3. Which two statements about source port monitoring in a SPAN are true? (Choose two.)
A. Traffic through a destination port can be copied and included in the SPAN session.
B. The entire EtherChannel must be monitored.
C. It can monitor only FastEthernet and GigabitEthernet port types.
D. It can monitor individual interfaces within a port channel.
E. It can monitor ingress and egress traffic.
Ans : D, E
4. A switch has been configured with the vlan dot1q tag native command. Which statement describes what the switch does with untagged frames that it receive?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunked port is put in err-disable state
D. Untagged frames are forwarded via the native VLAN
Ans : B
5. Which two operational attributes can be checked for EtherChannel ports that are in err-disabled state? (Choose 2)
A. Port mode B. Port cost C. Duplex D. DTP E. VLAN
Ans: C, E
6. Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15
Ans: A
7. Which two statements are true about port security? (Choose two)
A. It is used on EtherChannel bundle.
B. It must be used on the switch interface.
C. It can be configured for SPAN.
D. It is configured on an access port.
E. ?

Ans :

8. Which two statements about static MAC addresses are true? (Choose two)
A. They are configured without an aging time.
B. They have a default aging time of 300 seconds.
C. They supersede dynamically learned MAC address.
D. They can be configured on multiple interfaces in the same VLAN.
E. They have a default aging time of 60 seconds.
Ans: A, D

9. Which security feature inspects ARP packets based on valid IP-to-MAC address bindings?
A. BPDU guard
B. port security
C. DAI
D. IP source Guard
Ans: C

10. In which two ways can a port respond to a port-security violation? (Choose two)
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
C. The Security Violation counter is incremented and the port sends a critical syslog message to the console.
D. The port triggers an EEM script to notify support staff and continues to forward traffic normally.
E. The port immediately begins to drop all traffic.
F. The port enters the shutdown state.
Ans : A, B
11. Which three features can be optimized by using SDM templates? (Choose three)
A. port security
B. Trunk
C. VLAN
D. access
E. DHCP snooping
F. routing
Ans: C,D, F

12. What types of SDM templates you can use in switch? (Choose three)
A. Access B. Default C. Routing D. VLANs E. ? F. ?
Ans: A, B, C, D
13. Which two statements about default FHRP behavior are true? (Choose two)
A. A backup GLBP active virtual gateway can become active only if the current active virtual gateway fails
B. Preemption is enabled by default
C. Unless specifically configured, the priority of an HSRP router is 200
D. A standby HSRP router becomes active if it has a higher priority than the priority of the current active router
E. A VRRP backup virtual router becomes the master router if its priority is higher than the priority of the current master router
Ans: A, E
14. How many AVGs can be elected by GLBP member?
A. 1
B. 2
C. 4
D. 6
Ans: 4 or 1
15. Which option is the minimum number of bindings that the DHCP snooping database can store?
A. 1000 bindings
B. 2000 bindings
C. 5000 bindings
D. 8000 bindings
Ans: D
16. A switch has been configured with the VLAN dot1q tag native command. Which statement describes what the switch does with untagged frames when it
receives on a trunked interface?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunk ports is put in err-disable state.
D. Untagged frames are forward via the native vlan
Ans: B

17. Which two commands display the VLANs that are present in the VLAN database? (Choose two.)
A. show running-config
B. show vlan database
C. show vlan brief
D. show vlan
E. show vlan id
Ans: B, D

18. Which two commands do you enter to add VLAN 20 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 20
B. switchport access vlan 20
C. vlan 20
D. switchport trunk allowed vlan 20
E. encapsulation dot1q 20
Ans: B, C
19. Which two commands do you enter to add VLAN 15 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 15
B. switchport access vlan 15
C. vlan 15
D. switchport trunk allowed vlan 15
E. encapsulation dot1q 15
Ans: B, C
20. Refer to the exhibit. A single server in Company 123 is connected via EtherChannel to a single upstream switch. Which EtherChannel load balancing method on the switch makes optimal use of the redundant links as traffic flows from the routers to the server?
A. source MAC address
B. source IP address
C. source and destination MAC address
D. destination MAC address
Ans: B

21. Which command enables root guard on a Cisco switch?
A. Switch(config)#spanning-tree guard root
B. Switch(config)#spanning-tree root guard
C. Switch(config-if)#spanning-tree guard-root
D. Switch(config-if)#spanning-tree guard root
E. Switch(config-if)#spanning-tree root guard
Ans: A
22. Which two configuration requirements for port security are true? (Choose two.)
A. Port must be in access mode
B. Port security must be enabled on the port level
C. Port must be in interface VLAN mode
D. Port security must be disabled on the port level
E. Port must be in encapsulation mode
Ans: A, B
23. Which two configuration requirements for port security are true? (Choose two.)
A. The port must be part of a trunk.
B. Port security must be enable at the port level
C. Port security must be enabled at the global level.
D. The port must be SPAN port.
E. The port must be part of an EtherChannel bundle.
F. The port must be in access mode.
Ans: B, F
24. Which type of failure has occurred, if a link fails and the MEC successfully redistributes the load among the remaining operational links?
A. multiple MEC link failure
B. standby switch failure
C. active switch failure
D. single MEC link failure
25. Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?
A. aaa authorization exec default group tacacs+ if-authenticated
B. aaa authorization exec default group tacacs+ local-case
C. aaa authorization exec default group tacacs+ enable
D. aaa authentication exec default group tacacs+ if-authenticated
Ans: A

26. Which two statements about the local user database are true? (Choose two.)
A. For console connections, it can be used only as a backup authentication method.
B. It can be configured to grant a user-specific privilege level.
C. It can store passwords in clear text only.
D. For VTY connections, it can be used only as a backup authentication method.
E. It can be used as the only method of authentication or as a backup for other methods.
Ans: B, E

27. What is the value of the TPID/tag protocol identifier in dot1q?
A. 0x8100
B. 0x8a88
C. 0x8b45
D. 0x8200
Ans: B

28. Which two TLVs are included in Cisco Discovery Protocol advertisements? (Choose two.)
A. Network Policy TLV
B. VTP Management Domain TLV
C. System Name TLV
D. Inventory Management TLV
E. Native VLAN TLV
Ans:B, E

29. Which two statements about sticky MAC address learning are true? (Choose two.)
A. A single device can learn up to three sticky MAC addresses.
B. Devices can learn sticky MAC addresses dynamically.
C. Learned addresses are saved to the startup configuration file by default.
D. Learned addresses are saved to the running configuration by default.
E. Learned addresses are automatically preserved when the device reboots.
F. It can be used only on devices that operate in a single layer.
Ans: B, D
30. After you connected a host to switch port G0/1, the port is error disabled. Which command can you enter to determine the reason?
A. show interfaces g0/1 status
B. show log
C. show run interface g0/1
D. show ip interface brief
Ans: B

31. Refer to the exhibit.
Which option is the most likely explanation of the duplicate address message logged?
A. spanning-tree loop
B. HSRP misconfiguration
C. a PC with IP of 10.10.1.1
D. a hardware problem
Ans: B
32. Which feature can prevent ARP poisoning attacks on a device?
A. Dynamic ARP Inspection
B. DHCP snooping
C. MAC snooping
D. CGMP snooping
E. Dynamic MAC Inspection
F. Static ARP Inspection
Ans: A
33. Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices
Ans: A, B
34. You want to correctly configure IP Source Guard on a switch. Which two tasks must you perform? (Choose two.)
A. Enable DHCP snooping on the switch.
B. Enable DHCP packet validation on the device.
C. Configure the DHCP snooping relay.
D. Enable DHCP option 82.
E. Configure the ip verify source vlan dhcp-snooping command.
Ans: D, E
35. Refer to the exhibit. An engineer is configuring a trunking port-channel between switch 1 and switch 2 and receives an error message on switch 1. Which
option corrects this error?
A. enabling BPDU guard on interface Fa0/23 of switch 2.
B. enabling BPDU guard on interface Fa0/23 of switch 1.
C. disabling BPDU guard on interface Fa0/23 of switch 2.
D. disabling BPDU guard on interface Fa0/23 of switch 1.
Ans: D

7. Which two statements are true about port security? (Choose two)
A. It is used on EtherChannel bundle.
B. It must be used on the switch interface.
C. It can be configured for SPAN.
D. It is configured on an access port.
E. ?
ANS: B D