CCNA 2 v7 | SRWE v7.02 | Final Exam Answers Full 100% 2023

CCNA 2 v7 | SRWE v7.02 | Switching, Routing, and Wireless Essentials (Version 7.00) – SRWE Final Exam Answers Full 100% v7 & v7.02 2023

Cisco Netacad SRWE Version 7.00 CCNA 2 v7 & v7.02 SRWE Final Exam Answers 2023 – Switching, Routing, and Wireless Essential Full 100% 2023

A network administrator is preparing the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces?
- Link types can only be determined if PortFast has been configured.
- Link types can only be configured on access ports configured with a single VLAN.
- Link types are determined automatically.
- Link types must be configured with specific port configuration commands.
  
  Explanation:
  
  When Rapid PVST+ is being implemented, link types are automatically determined but can be specified manually. Link types can be either point-to-point, shared, or edge.

Which two types of spanning tree protocols can cause suboptimal traffic flows because they assume only one spanning-tree instance for the entire bridged network? (Choose two.)

STP
Rapid PVST+
MSTP
PVST+
RSTP

Answers Explanation & Hints:

STP and PVST+ are two types of spanning tree protocols that can cause suboptimal traffic flows because they assume only one spanning-tree instance for the entire bridged network.

What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port?

The switch purges the entire MAC address table.
The switch replaces the old entry and uses the more current port.
The switch updates the refresh timer for the entry.
The switch forwards the frame out of the specified port.

Answers Explanation & Hints:

When the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port, the switch replaces the old entry with the new one and uses the more current port.

A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

warning
restrict
shutdown
protect

Answers Explanation & Hints:

The “restrict” security violation mode is configured for a port with port security enabled, the port will not shut down when the maximum number of MAC addresses is reached. Instead, the switch will forward frames from known MAC addresses and discard frames with unknown source MAC addresses. Additionally, a notification is sent to the syslog server to alert the network administrator of the violation.

This mode is useful when the network administrator wants to be notified of unauthorized devices being connected to the network, but does not want to completely shut down the port and disrupt network connectivity. The administrator can then investigate the issue and take appropriate actions, such as disabling the port or configuring the MAC address of the authorized device on the port.

Which network attack is mitigated by enabling BPDU guard?

rogue switches on a network
rogue DHCP servers on a network
MAC address spoofing

CAM table overflow attacks

Explanation:

There are several recommended STP stability mechanisms to help mitigate STP manipulation attacks:

PortFast – used to immediately bring an interface configured as an access or trunk port to the forwarding state from a blocking state. Applied to all end-user ports.
BPDU guard – immediately error-disables a port that receives a BPDU. Applied to all end-user ports.The receipt of BPDUs may be part of an unauthorized attempt to add a switch to the network.
Root guard – prevents a switch from becoming the root switch. Applied to all ports where the root switch should not be located.
Loop guard – detects unidirectional links to prevent alternate or root ports from becoming designated ports. Applied to all ports that are or can become nondesignated.

A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on a switch. However, BPDU guard is not activated on all access ports. What is the cause of the issue?

PortFast is not configured on all access ports.
Access ports belong to different VLANs.
BPDU guard needs to be activated in the interface configuration command mode.
Access ports configured with root guard cannot be configured with BPDU guard.

Answers Explanation & Hints:

The most likely cause of the issue is that PortFast is not configured on all access ports. By default, BPDU guard is only enabled on ports with PortFast enabled. Therefore, if PortFast is not enabled on a particular access port, BPDU guard will not be activated on that port even if it is globally enabled with the spanning-tree portfast bpduguard default command. To enable BPDU guard on an access port, the administrator needs to configure PortFast on that port with the spanning-tree portfast interface configuration command.

A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) *

creating SVI interfaces
creating VLANs
installing a static route
adjusting the route metric
implementing a routing protocol
modifying the default VLAN
assigning ports to VLANs

Answers Explanation & Hints:

The three steps required for the configuration of a new Layer 3 switch for interVLAN routing are:

Creating VLANs: Create the VLANs that need to communicate with each other.
Creating SVI interfaces: Create a Switched Virtual Interface (SVI) for each VLAN that needs to communicate with other VLANs.
Implementing a routing protocol: Configure a routing protocol, such as OSPF or EIGRP, to enable communication between the Layer 3 switch and the router.

Note: installing a static route, adjusting the route metric, modifying the default VLAN, and assigning ports to VLANs may be necessary for other configurations, but they are not specific to the configuration of a Layer 3 switch for interVLAN routing.

A company is deploying a wireless network in the distribution facility in a Boston suburb. The warehouse is quite large and it requires multiple access points to be used. Because some of the company devices still operate at 2.4GHz, the network administrator decides to deploy the 802.11g standard. Which channel assignments on the multiple access points will make sure that the wireless channels are not overlapping?

channels 1, 6, and 11
channels 2, 6, and 10
channels 1, 5, and 9
channels 1, 7, and 13

Answers Explanation & Hints:

To avoid overlapping channels, the company should use channels 1, 6, and 11. These channels are the only non-overlapping channels available in the 2.4GHz frequency band. By using these channels, each access point can use a different channel and minimize interference from other access points operating on the same frequency.

What method of wireless authentication is dependent on a RADIUS authentication server?

WEP
WPA2 Enterprise
WPA Personal
WPA2 Personal

Answers Explanation & Hints:

WPA2 Enterprise is the method of wireless authentication that is dependent on a RADIUS authentication server. WPA2 Enterprise uses 802.1X/EAP authentication, where the client device connects to the wireless network and sends its credentials to a RADIUS authentication server for verification. If the credentials are valid, the RADIUS server sends a message to the access point to allow the client device to access the network. This provides a more secure form of authentication than WPA Personal or WPA2 Personal, which use a pre-shared key for authentication.

An administrator notices that large numbers of packets are being dropped on one of the branch routers. What should be done or checked?

Create extra static routes to the same location with an AD of 1.
Check the routing table for a missing static route.
Create static routes to all internal networks and a default route to the internet.
Check the statistics on the default route for oversaturation.

Answers Explanation & Hints:

To troubleshoot dropped packets on a branch router, the routing table should be checked for a missing static route. The dropped packets could indicate that the router does not know how to reach a certain destination network. By adding a static route to that destination network, the packets can be forwarded correctly. Creating extra static routes or adding a default route may not solve the issue if the problem is a missing route to a specific network. Checking the statistics on the default route may help to identify any oversaturation issues, but it is not the first step in troubleshooting dropped packets.

What IPv6 prefix is designed for link-local communication?

ff00::/8
fe80::/10
2001::/3
fc::/07

Answers Explanation & Hints:

The IPv6 prefix that is designed for link-local communication is fe80::/10.

This prefix is reserved for link-local addresses, which are used to communicate between devices on the same network segment or link. Link-local addresses are automatically assigned to network interfaces by the operating system and are not routable beyond the link. The fe80::/10 prefix is used to identify these link-local addresses, which are unique within the local network segment.

Which mitigation technique would prevent rogue servers from providing false IPv6 configuration parameters to clients?

implementing port security on edge ports
disabling CDP on edge ports
enabling RA Guard
enabling DHCPv6 Guard

Answers Explanation & Hints:

Enabling RA (Router Advertisement) Guard would prevent rogue servers from providing false IPv6 configuration parameters to clients.

RA Guard is a security feature in IPv6 networks that helps prevent rogue routers or servers from sending unauthorized Router Advertisements. RA Guard is typically implemented on the edge ports of a network and checks the source address and other information in the received RA packets to determine whether they are valid or not.

Enabling DHCPv6 Guard would also be effective in preventing rogue DHCPv6 servers from providing false configuration parameters, but it would only protect against attacks that use the DHCPv6 protocol. RA Guard, on the other hand, protects against attacks that use the Router Advertisement protocol, which is commonly used in IPv6 networks.

Implementing port security on edge ports and disabling CDP on edge ports are techniques that can be used to prevent unauthorized access to the network, but they would not specifically protect against rogue IPv6 configuration attacks.

What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server?

the ip routing command
the ipv6 unicast-routing command
a static route
the ipv6 route ::/0 command

Answers Explanation & Hints:

The command that will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server is the “ipv6 unicast-routing” command.

This command enables IPv6 unicast routing on a router, allowing it to forward IPv6 packets between networks. It also enables the router to generate link-local addresses using the Router Advertisement (RA) protocol, without the need for an IPv6 DHCP server.

The “ip routing” command is used in IPv4 networks to enable IP routing on a router, while a static route is a manually configured routing entry that specifies the next hop for a particular destination network. The “ipv6 route ::/0” command is used to configure a default route in IPv6 networks.

What is the effect of entering the ip dhcp snooping limit rate 6 configuration command on a switch?

It displays the IP-to-MAC address associations for switch interfaces.
It enables port security globally on the switch.
It dynamically learns the L2 address and copies it to the running configuration.
It restricts the number of discovery messages, per second, to be received on the interface.

Answers Explanation & Hints:

The effect of entering the “ip dhcp snooping limit rate 6” configuration command on a switch is that it restricts the number of DHCP discovery messages, per second, that can be received on an interface.

This command sets a rate limit on the number of DHCP discovery messages that can be received on an interface, preventing a potential denial-of-service (DoS) attack in which an attacker floods the switch with DHCP requests. In this case, the limit is set to 6 messages per second.

This command does not display the IP-to-MAC address associations for switch interfaces, enable port security globally on the switch, or dynamically learn the L2 address and copy it to the running configuration. These are separate configuration commands with their own functions:

“show arp” or “show mac-address-table” can be used to display the IP-to-MAC address associations for switch interfaces.
“switchport port-security” can be used to enable port security on a switch port.
“mac-address-table” or “static-mac-address” commands can be used to manually configure the L2 address on a switch port.

Refer to the exhibit. What are the possible port roles for ports A, B, C, and D in this RSTP-enabled network?

designated, alternate, root, root
designated, root, alternate, root
alternate, root, designated, root

alternate, designated, root, root

Answers Explanation & Hints:

Because S1 is the root bridge, B is a designated port, and C and D root ports. RSTP supports a new port type, alternate port in discarding state, that can be port A in this scenario.

Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to the default gateway?

MAC address of the virtual router
MAC addresses of both the forwarding and standby routers
MAC address of the standby router

MAC address of the forwarding router

Answers Explanation & Hints:

The IP address of the virtual router acts as the default gateway for all the workstations. Therefore, the MAC address that is returned by the Address Resolution Protocol to the workstation will be the MAC address of the virtual router.

What is a secure configuration option for remote access to a network device?

Configure SSH.
Configure 802.1x.
Configure an ACL and apply it to the VTY lines.
Configure Telnet.

Answers Explanation & Hints:

A secure configuration option for remote access to a network device is to configure SSH (Secure Shell).

SSH is a secure protocol for remote access to network devices that provides confidentiality, integrity, and authentication. SSH encrypts all data transmitted between the client and server, preventing eavesdropping and unauthorized access to sensitive information. SSH also uses public key cryptography for user authentication, ensuring that only authorized users can access the device.

On the other hand, Telnet is an insecure protocol that transmits data in plain text, allowing attackers to intercept and read sensitive information. Configuring 802.1x can enhance network security by enforcing port-based access control, but it is not specifically designed for remote access to network devices. Configuring an ACL and applying it to the VTY lines can help restrict access to authorized users, but it does not provide encryption or user authentication, making it less secure than SSH.

After a host has generated an IPv6 address by using the DHCPv6 or SLAAC process, how does the host verify that the address is unique and therefore usable?

The host checks the local neighbor cache for the learned address and if the address is not cached, it it considered unique.
The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address and if no neighbor advertisement is returned, the address is considered unique.
The host sends an ICMPv6 echo request message to the DHCPv6 or SLAAC-learned address and if no reply is returned, the address is considered unique.

The host sends an ARP broadcast to the local link and if no hosts send a reply, the address is considered unique.

Answers Explanation & Hints:

Before a host can actually configure and use an IPv6 address learned through SLAAC or DHCP, the host must verify that no other host is already using that address. To verify that the address is indeed unique, the host sends an ICMPv6 neighbor solicitation to the address. If no neighbor advertisement is returned, the host considers the address to be unique and configures it on the interface.

Refer to the exhibit. Host A has sent a packet to host B. What will be the source MAC and IP addresses on the packet when it arrives at host B?

Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.10
Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.1
Source MAC: 00E0.FE10.17A3
Source IP: 10.1.1.10
Source MAC: 00E0.FE10.17A3
Source IP: 192.168.1.1

Source MAC: 00E0.FE91.7799
Source IP: 192.168.1.1

Explanation:

As a packet traverses the network, the Layer 2 addresses will change at every hop as the packet is de-encapsulated and re-encapsulated, but the Layer 3 addresses will remain the same.

After attaching four PCs to the switch ports, configuring the SSID and setting authentication properties for a small office network, a technician successfully tests the connectivity of all PCs that are connected to the switch and WLAN. A firewall is then configured on the device prior to connecting it to the Internet. What type of network device includes all of the described features?

standalone wireless access point
firewall appliance
switch
wireless router

Answers Explanation & Hints:

The type of network device that includes all of the described features is a wireless router.

A wireless router is a networking device that combines the functions of a traditional wired router and a wireless access point. It includes Ethernet ports for connecting wired devices such as PCs and a wireless radio for connecting wireless devices. It also includes built-in software for configuring the SSID and setting authentication properties for the wireless network, as well as a firewall for securing the network from external threats.

In the described scenario, the technician attached PCs to switch ports, configured the SSID, set authentication properties for the WLAN, and tested connectivity, which are all functions of a wireless router. The firewall was then configured on the device prior to connecting it to the Internet, which is also a function of a wireless router. Therefore, a wireless router would be the network device that includes all of the described features.

Which wireless encryption method is the most secure?

WPA2 with AES
WPA2 with TKIP
WEP
WPA

Answers Explanation & Hints:

WPA2 with AES is the most secure wireless encryption method.

WPA2 (Wi-Fi Protected Access version 2) is a security protocol that is commonly used to secure Wi-Fi networks. It uses either AES (Advanced Encryption Standard) or TKIP (Temporal Key Integrity Protocol) encryption to protect data transmitted over the wireless network.

AES is a more secure encryption method than TKIP because it uses a stronger encryption algorithm and has fewer vulnerabilities. WPA2 with AES provides stronger security and is recommended for use in modern wireless networks.

WPA (Wi-Fi Protected Access) and WEP (Wired Equivalent Privacy) are older wireless encryption methods that are less secure than WPA2. WPA2 with TKIP is also less secure than WPA2 with AES because TKIP is an older encryption method that is more vulnerable to attacks.

Match the description to the correct VLAN type. (Not all options are used.)

Answers Explanation & Hints:

A data VLAN is configured to carry user-generated traffic. A default VLAN is the VLAN where all switch ports belong after the initial boot up of a switch loading the default configuration. A native VLAN is assigned to an 802.1Q trunk port, and untagged traffic is placed on it. A management VLAN is any VLAN that is configured to access the management capabilities of a switch. An IP address and subnet mask are assigned to it, allowing the switch to be managed via HTTP, Telnet, SSH, or SNMP.

Refer to the exhibit. A network administrator has connected two switches together using EtherChannel technology. If STP is running, what will be the end result?

The switches will load balance and utilize both EtherChannels to forward packets.
Both port channels will shutdown.
The resulting loop will create a broadcast storm.

STP will block one of the redundant links.

Answers Explanation & Hints:

Cisco switches support two protocols for negotiating a channel between two switches: LACP and PAgP. PAgP is Cisco-proprietary. In the topology shown, the switches are connected to each other using redundant links. By default, STP is enabled on switch devices. STP will block redundant links to prevent loops.

What are three techniques for mitigating VLAN attacks? (Choose three.)

Enable BPDU guard.
Set the native VLAN to an unused VLAN.
Use private VLANs.
Disable DTP.
Enable Source Guard.

Enable trunking manually.

Answers Explanation & Hints:

Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use.

An administrator is trying to remove configurations from a switch. After using the command erase startup-config and reloading the switch, the administrator finds that VLANs 10 and 100 still exist on the switch. Why were these VLANs not removed?

These VLANs cannot be deleted unless the switch is in VTP client mode.
These VLANs can only be removed from the switch by using the no vlan 10 and no vlan 100 commands.
These VLANs are default VLANs that cannot be removed.

Because these VLANs are stored in a file that is called vlan.dat that is located in flash memory, this file must be manually deleted.

Answers Explanation & Hints:

Standard range VLANs (1-1005) are stored in a file that is called vlan.dat that is located in flash memory. Erasing the startup configuration and reloading a switch does not automatically remove these VLANs. The vlan.dat file must be manually deleted from flash memory and then the switch must be reloaded.

Refer to the exhibit. Which static route would an IT technician enter to create a backup route to the 172.16.1.0 network that is only used if the primary RIP learned route fails?

ip route 172.16.1.0 255.255.255.0 s0/0/0
ip route 172.16.1.0 255.255.255.0 s0/0/0 91
ip route 172.16.1.0 255.255.255.0 s0/0/0 111

ip route 172.16.1.0 255.255.255.0 s0/0/0 121

Answers Explanation & Hints:

A backup static route is called a floating static route. A floating static route has an administrative distance greater than the administrative distance of another static route or dynamic route.

Refer to the exhibit. In addition to static routes directing traffic to networks 10.10.0.0/16 and 10.20.0.0/16, Router HQ is also configured with the following command: ip route 0.0.0.0 0.0.0.0 serial 0/1/1 What is the purpose of this command?

Packets from the 10.10.0.0/16 network will be forwarded to network 10.20.0.0/16, and packets from the 10.20.0.0/16 network will be forwarded to network 10.10.0.0/16.
Packets that are received from the Internet will be forwarded to one of the LANs connected to R1 or R2.
Packets with a destination network that is not 10.10.0.0/16 or is not 10.20.0.0/16 or is not a directly connected network will be forwarded to the Internet.
Packets that are destined for networks that are not in the routing table of HQ will be dropped.

Answers Explanation & Hints:

The purpose of the command “ip route 0.0.0.0 0.0.0.0 serial 0/1/1” on Router HQ is to forward packets with a destination network that is not in the routing table of HQ to the Internet.

This is a default route, also known as a gateway of last resort. It is used when a router does not have a specific route for a destination network in its routing table. The IP address 0.0.0.0 with the subnet mask 0.0.0.0 represents all possible destinations, and the serial interface 0/1/1 is the next hop towards the Internet.

Therefore, any packets that are not destined for networks 10.10.0.0/16 or 10.20.0.0/16 or any directly connected network will be forwarded to the Internet via the serial interface 0/1/1.

Refer to the exhibit. A network administrator is configuring inter-VLAN routing on a network. For now, only one VLAN is being used, but more will be added soon. What is the missing parameter that is shown as the highlighted question mark in the graphic?

It identifies the number of hosts that are allowed on the interface.
It identifies the type of encapsulation that is used.
It identifies the subinterface.
It identifies the native VLAN number.

It identifies the VLAN number.

Answers Explanation & Hints:

The completed command would be encapsulation dot1q 7 . The encapsulation dot1q part of the command enables trunking and identifies the type of trunking to use. The 7 identifies the VLAN number.

Match the link state to the interface and protocol status. (Not all options are used.)

CCNA 2 v7 SRWE Final Exam Answers 002

Explanation:

The login and password cisco commands are used with Telnet switch configuration, not SSH configuration.

Refer to the exhibit. How is a frame sent from PCA forwarded to PCC if the MAC address table on switch SW1 is empty?

SW1 forwards the frame directly to SW2. SW2 floods the frame to all ports connected to SW2, excluding the port through which the frame entered the switch.
SW1 floods the frame on all ports on the switch, excluding the interconnected port to switch SW2 and the port through which the frame entered the switch.
SW1 drops the frame because it does not know the destination MAC address.

SW1 floods the frame on all ports on SW1, excluding the port through which the frame entered the switch.

Answers Explanation & Hints:

When a switch powers on, the MAC address table is empty. The switch builds the MAC address table by examining the source MAC address of incoming frames. The switch forwards based on the destination MAC address found in the frame header. If a switch has no entries in the MAC address table or if the destination MAC address is not in the switch table, the switch will forward the frame out all ports except the port that brought the frame into the switch.

Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)

CCNA 2 SRWE v7 Modules 7 – 9 – Available and Reliable Networks Exam Answers 007

Answers Explanation & Hints:

The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the DHCPv4 server receives a DHCPDISCOVER message, it reserves an available IPv4 address to lease to the client and sends the unicast DHCPOFFER message to the requesting client. When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST. On receiving the DHCPREQUEST message the server replies with a unicast DHCPACK message. DHCPREPLY and DHCPINFORMATION-REQUEST are DHCPv6 messages.

A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID?

to reduce the risk of interference by external devices such as microwave ovens
to reduce the risk of unauthorized APs being added to the network
to provide privacy and integrity to wireless traffic by using encryption
to eliminate outsiders scanning for available SSIDs in the area

Answers Explanation & Hints:

The administrator would disable the broadcast feature for the SSID to eliminate outsiders scanning for available SSIDs in the area.

By default, the SSID (Service Set Identifier) of a WLAN is broadcast in the beacon frames that are periodically transmitted by the access point (AP). This allows wireless clients to discover and join the network. However, this also makes the network vulnerable to attacks by unauthorized devices that can easily detect the SSID and attempt to connect to the network.

Disabling the broadcast of the SSID helps to increase the security of the WLAN by making it more difficult for attackers to find the network. Wireless clients will need to manually configure the SSID to connect to the network, which makes it more difficult for attackers to gain access. However, this may make it slightly more difficult for legitimate users to connect to the WLAN, as they will need to know the SSID in order to connect.

Compared with dynamic routes, what are two advantages of using static routes on a router? (Choose two.)

They automatically switch the path to the destination network when the topology changes.
They improve the efficiency of discovering neighboring networks.
They use fewer router resources.
They improve network security.
They take less time to converge when the network topology changes.

Answers Explanation & Hints:

The two advantages of using static routes on a router compared to dynamic routes are:

They use fewer router resources: Static routes are manually configured by the network administrator and are not automatically updated, which means they use fewer router resources like CPU and memory.
They improve network security: Static routes do not rely on routing protocols, which means they are not vulnerable to certain types of attacks that can be used to compromise dynamic routing protocols.

The other options mentioned in the question are not advantages of using static routes. Static routes do not automatically switch the path to the destination network when the topology changes, do not improve the efficiency of discovering neighboring networks, and do not take less time to converge when the network topology changes. In fact, static routes can be disadvantageous in dynamic network environments where topology changes are frequent because they do not automatically adapt to changes in the network.

Refer to the exhibit. Which route was configured as a static route to a specific network using the next-hop address?

S 0.0.0.0/0 [1/0] via 10.16.2.2
S 10.17.2.0/24 is directly connected, Serial 0/0/0
C 10.16.2.0/24 is directly connected, Serial0/0/0

S 10.17.2.0/24 [1/0] via 10.16.2.2

Explanation:

The C in a routing table indicates an interface that is up and has an IP address assigned. The S in a routing table signifies that a route was installed using the ip route command. Two of the routing table entries shown are static routes to a specific destination (the 10.17.2.0 network). The entry that has the S denoting a static route and [1/0] was configured using the next-hop address. The other entry (S 10.17.2.0/24 is directly connected, Serial 0/0/0) is a static route configured using the exit interface. The entry with the 0.0.0.0 route is a default static route which is used to send packets to any destination network that is not specifically listed in the routing table.

Refer to the exhibit. What is the metric to forward a data packet with the IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2?

90
128
2170112
2681856
2682112

3193856

Explanation:

The IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2 belongs to the network of 2001:DB8:ACAD:E::/64. In the routing table, the route to forward the packet has Serial 0/0/1 as an exit interface and 2682112 as the cost.

A static route has been configured on a router. However, the destination network no longer exists. What should an administrator do to remove the static route from the routing table?

Remove the route using the no ip route command.
Change the administrative distance for that route.
Nothing. The static route will go away on its own.
Change the routing metric for that route.

Answers Explanation & Hints:

To remove a static route from the routing table, the administrator should use the no form of the ip route command with the same parameters used to configure the static route. For example, if the static route was configured with the command ip route 192.168.1.0 255.255.255.0 10.1.1.1, the administrator can remove it with the command no ip route 192.168.1.0 255.255.255.0 10.1.1.1.

If the destination network no longer exists, the static route will be removed automatically from the routing table when the router detects that the network is no longer reachable. However, it is good practice to remove the static route manually to avoid any potential issues with routing or performance.

Changing the administrative distance or routing metric will not remove the static route from the routing table.

Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.)

In a switched network, they are mostly configured between switches at the core and distribution layers.
They are used for point-to-multipoint links.
They are not associated with a particular VLAN.
They support subinterfaces, like interfaces on the Cisco IOS routers.
The interface vlan <vlan number> command has to be entered to create a VLAN on routed ports.

Answers Explanation & Hints:

Routed ports on a multilayer switch are physical ports that are assigned to a specific IP subnet. They act like a router interface and provide Layer 3 connectivity between different subnets. Routed ports are not associated with a particular VLAN and do not support VLAN tagging. They also support subinterfaces, which allow multiple IP subnets to be configured on a single physical interface. They are typically used to connect to other routers or to provide Layer 3 connectivity between different parts of a network.

Refer to the exhibit. After attempting to enter the configuration that is shown in router RTA, an administrator receives an error and users on VLAN 20 report that they are unable to reach users on VLAN 30. What is causing the problem?

The no shutdown command should have been issued on Fa0/0.20 and Fa0/0.30.
There is no address on Fa0/0 to use as a default gateway.
Dot1q does not support subinterfaces.
RTA is using the same subnet for VLAN 20 and VLAN 30.

Answers Explanation & Hints:

The problem is that RTA is using the same subnet for VLAN 20 and VLAN 30. The IP address assigned to interface Fa0/0 is 192.168.1.1/24, which means it belongs to the 192.168.1.0/24 network. Both VLAN 20 and VLAN 30 are configured with the same IP network address, 192.168.1.0/24. This will cause routing problems because RTA will not be able to differentiate between the two VLANs. The IP network addresses assigned to VLAN 20 and VLAN 30 need to be different.

Refer to the exhibit. Which trunk link will not forward any traffic after the root bridge election process is complete?

Trunk1
Trunk2
Trunk3
Trunk4

Answers Explanation & Hints:

The S4 is the root bridge, so Trunk2 will not forward any traffic after the root bridge election process is complete. This is because S3 is connected to S1 via Trunk2, and S3 is not the root bridge. Therefore, Trunk2 will be designated as a non-root port, and it will not forward any traffic towards the root bridge.

Match the step number to the sequence of stages that occur during the HSRP failover process. (Not all options are used.)

CCNA 2 SRWE v7 Modules 7 – 9 – Available and Reliable Networks Exam Answers 005

Answers Explanation & Hints:

Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow for transparent failover of a first-hop IPv4 device.

In which situation would a technician use the show interfaces switch command?

to determine if remote access is enabled
when an end device can reach local devices, but not remote devices
to determine the MAC address of a directly attached network device on a particular interface

when packets are being dropped from a particular directly attached host

Explanation:

The show interfaces command is useful to detect media errors, to see if packets are being sent and received, and to determine if any runts, giants, CRCs, interface resets, or other errors have occurred. Problems with reachability to a remote network would likely be caused by a misconfigured default gateway or other routing issue, not a switch issue. The show mac address-table command shows the MAC address of a directly attached device.

Refer to the exhibit. If the IP addresses of the default gateway router and the DNS server are correct, what is the configuration problem?

The default-router and dns-server commands need to be configured with subnet masks.
The DNS server and the default gateway router should be in the same subnet.
The IP address of the DNS server is not contained in the excluded address list.

The IP address of the default gateway router is not contained in the excluded address list.

Explanation:

In this configuration, the excluded address list should include the address that is assigned to the default gateway router. So the command should be ip dhcp excluded-address 192.168.10.1 192.168.10.9.

Refer to the exhibit. A network administrator has added a new subnet to the network and needs hosts on that subnet to receive IPv4 addresses from the DHCPv4 server.

What two commands will allow hosts on the new subnet to receive addresses from the DHCP4 server? (Choose two.)

R2(config-if)# ip helper-address 10.2.0.250
R1(config)# interface G0/1
R1(config-if)# ip helper-address 10.2.0.250
R1(config)# interface G0/0
R1(config-if)# ip helper-address 10.1.0.254
R2(config)# interface G0/0

Answers Explanation & Hints:

The new subnet is connected to router R1 on interface G0/0, so the first step is to configure the helper address on this interface using the “ip helper-address” command with the IPv4 address of the DHCPv4 server (10.2.0.250). This will allow DHCPv4 broadcast messages from the new subnet to be forwarded to the DHCPv4 server.

The second step is to configure the same helper address on the interface of R2 that is connected to R1 (G0/1). This is not explicitly shown in the exhibit, but it is a common practice to configure the helper address on the interface closest to the DHCPv4 server. This will allow DHCPv4 broadcast messages from R1 to be forwarded to the DHCPv4 server.

Therefore, the correct commands are:

R1(config)# interface G0/0 R1(config-if)# ip helper-address 10.2.0.250

Refer to the exhibit. R1 has been configured as shown. However, PC1 is not able to receive an IPv4 address. What is the problem?

R1 is not configured as a DHCPv4 server.
A DHCP server must be installed on the same LAN as the host that is receiving the IP address.
The ip helper-address command was applied on the wrong interface.

The ip address dhcp command was not issued on the interface Gi0/1.

Explanation:

The ip helper-address command has to be applied on interface Gi0/0. This command must be present on the interface of the LAN that contains the DHCPv4 client PC1 and must be directed to the correct DHCPv4 server.

What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?

CAM table attack
IP address spoofing
DHCP spoofing

DHCP starvation

Explanation:

DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages in order to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.

A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation?

VLAN double-tagging
MAC address table overflow
VLAN hopping
DHCP spoofing

Answers Explanation & Hints:

The cybersecurity analyst is targeting a MAC address table overflow attack by using the macof tool to evaluate configurations of switches in the backbone network. The macof tool generates a large number of random MAC addresses and floods them onto the network, overwhelming the MAC address tables of switches and causing them to enter into failopen mode. This allows an attacker to intercept traffic and perform man-in-the-middle attacks.

Which information does a switch use to populate the MAC address table?

the source MAC address and the incoming port
the destination MAC address and the incoming port
the source MAC address and the outgoing port
the source and destination MAC addresses and the outgoing port
the source and destination MAC addresses and the incoming port

the destination MAC address and the outgoing port

Explanation:

To maintain the MAC address table, the switch uses the source MAC address of the incoming packets and the port that the packets enter. The destination address is used to select the outgoing port.

Which statement describes a result after multiple Cisco LAN switches are interconnected?

There is one broadcast domain and one collision domain per switch.
The broadcast domain expands to all switches.
One collision domain exists per switch.

Frame collisions increase on the segments connecting the switches.

Explanation:

In Cisco LAN switches, the microsegmentation makes it possible for each port to represent a separate segment and thus each switch port represents a separate collision domain. This fact will not change when multiple switches are interconnected. However, LAN switches do not filter broadcast frames. A broadcast frame is flooded to all ports. Interconnected switches form one big broadcast domain.

Match the forwarding characteristic to its type. (Not all options are used.)

Answers Explanation & Hints:

appropriate for high-performance computing applications: cut-through switch
error checking before forwarding: store and forward switch
forwarding process can begin after receiving the destination address: cut-through switch
forwarding process only begins after receiving the entire frame: store and forward switch
may forward invalid frames: cut-through switch
only forwards valid frames: store and forward switch

cut-through switch: appropriate for high-performance computing applications, the forwarding process can begin after receiving the destination address, and may forward invalid frames

store and forward switch: error checking before forwarding, forwarding process only begins after receiving the entire frame, only forwards valid frames

Which method of IPv6 prefix assignment relies on the prefix contained in RA messages?

EUI-64
stateful DHCPv6
static
SLAAC

Answers Explanation & Hints:

The method of IPv6 prefix assignment that relies on the prefix contained in RA (Router Advertisement) messages is SLAAC (Stateless Address Autoconfiguration).

On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to configure a particular WLAN with a WPA2 policy?

MANAGEMENT
WLANs
SECURITY
WIRELESS

Answers Explanation & Hints:

On a Cisco 3504 WLC Summary page (Advanced > Summary), the “WLANs” tab allows a network administrator to configure a particular WLAN with a WPA2 policy.

A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?
- a key that matches the key on the AP
- a username and password configured on the AP
- a user passphrase
- the company username and password through Active Directory service
- Answers Explanation & Hints:
  
  Office users will need a user passphrase in order to connect their laptops to the WLAN that is configured with WPA2 PSK method.

What two default wireless router settings can affect network security? (Choose two.)

The SSID is broadcast.
MAC address filtering is enabled.
WEP encryption is enabled.
The wireless channel is automatically selected.

A well-known administrator password is set.

Explanation:

Default settings on wireless routers often include broadcasting the SSID and using a well-known administrative password. Both of these pose a security risk to wireless networks. WEP encryption and MAC address filtering are not set by default. The automatic selection of the wireless channel poses no security risks.

Refer to the exhibit. Based on the exhibited configuration and output, why is VLAN 99 missing?

because there is a cabling problem on VLAN 99
because VLAN 1 is up and there can only be one management VLAN on the switch
because VLAN 99 has not yet been created
because VLAN 99 is not a valid management VLAN

Answers Explanation & Hints:

Based on the exhibited configuration and output, VLAN 99 is missing because it has not yet been created on the switch. The “show vlan brief” command shows a brief summary of all configured VLANs, and VLAN 99 is not listed, indicating it has not been created.

Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.)

access – trunk
dynamic auto – dynamic auto
dynamic desirable – dynamic desirable
dynamic desirable – dynamic auto
dynamic desirable – trunk
access – dynamic auto

Answers Explanation & Hints:

access with trunk: This combination will not establish a functional trunk link because access ports do not participate in trunking.
dynamic auto with dynamic auto: This combination will not establish a functional trunk link because both interfaces will wait for the other end to initiate trunking.
dynamic desirable with dynamic desirable: This combination will establish a functional trunk link because both interfaces will actively try to initiate trunking.
dynamic desirable with dynamic auto: This combination will establish a functional trunk link because the dynamic desirable side will initiate trunking and the dynamic auto side will respond and negotiate the trunking.
dynamic desirable with trunk: This combination will establish a functional trunk link because the dynamic desirable side will initiate trunking and the trunk side will accept the trunking.
access with dynamic auto: This combination will not establish a functional trunk link because access ports do not participate in trunking and dynamic auto will not initiate trunking.

Table assumes DTP is enable at both ends.

Which three steps should be taken before moving a Cisco switch to a new VTP management domain? (Choose three.)

Reset the VTP counters to allow the switch to synchronize with the other switches in the domain.
Download the VTP database from the VTP server in the new domain.
Select the correct VTP mode and version.
Reboot the switch.
Configure the VTP server in the domain to recognize the BID of the new switch.

Configure the switch with the name of the new management domain.

Explanation:

When adding a new switch to a VTP domain, it is critical to configure the switch with a new domain name, the correct VTP mode, VTP version number, and password. A switch with a higher revision number can propagate invalid VLANs and erase valid VLANs thus preventing connectivity for multiple devices on the valid VLANs.

Select the three PAgP channel establishment modes. (Choose three.)

active
passive
desirable
on
auto
blocking

Answers Explanation & Hints:

PAgP (Port Aggregation Protocol) is a Cisco proprietary protocol for the automatic bundling of multiple physical ports into a single logical link, and it also has three channel establishment modes:

Desirable
Auto
On

In the desirable mode, the interface actively tries to form a channel with another interface that is also set to “desirable” or “auto” mode. If the other interface is set to “desirable” mode, then the channel is formed using PAgP negotiation. If the other interface is set to “auto” mode, the channel is formed without negotiation.

In the auto mode, the interface passively waits for the other interface to initiate PAgP negotiation. If the other interface is set to “desirable” mode, then the channel is formed using PAgP negotiation. If the other interface is also set to “auto” mode, the channel is formed without negotiation.

In the on mode, the interface is manually configured to be part of an EtherChannel without using PAgP negotiation.

Refer to the exhibit. Which static route command can be entered on R1 to forward traffic to the LAN connected to R2?

CCNA 2 v7 SRWE Final Exam Answers 11
- ipv6 route 2001:db8:12:10::/64 S0/0/0 fe80::2
- ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2
- ipv6 route 2001:db8:12:10::/64 S0/0/1 2001:db8:12:10::1
- ipv6 route 2001:db8:12:10::/64 S0/0/0
- Answers Explanation & Hints:
Refer to the exhibit. R1 was configured with the static route command ip route 209.165.200.224 255.255.255.224 S0/0/0 and consequently users on network 172.16.0.0/16 are unable to reach resources on the Internet. How should this static route be changed to allow user traffic from the LAN to reach the Internet?

CCNA 2 v7 SRWE Final Exam Answers 18
- Add the next-hop neighbor address of 209.165.200.226.
- Change the destination network and mask to 0.0.0.0 0.0.0.0.
- Change the exit interface to S0/0/1.
- Add an administrative distance of 254.
  
  Explanation:
  
  The static route on R1 has been incorrectly configured with the wrong destination network and mask. The correct destination network and mask is 0.0.0.0 0.0.0.0.

Refer to the exhibit. Currently router R1 uses an EIGRP route learned from Branch2 to reach the 10.10.0.0/16 network. Which floating static route would create a backup route to the 10.10.0.0/16 network in the event that the link between R1 and Branch2 goes down?

ip route 10.10.0.0 255.255.0.0 Serial 0/0/0 100
ip route 10.10.0.0 255.255.0.0 209.165.200.226 100
ip route 10.10.0.0 255.255.0.0 209.165.200.225 100

ip route 10.10.0.0 255.255.0.0 209.165.200.225 50

Explanation:

A floating static route needs to have an administrative distance that is greater than the administrative distance of the active route in the routing table. Router R1 is using an EIGRP route which has an administrative distance of 90 to reach the 10.10.0.0/16 network. To be a backup route the floating static route must have an administrative distance greater than 90 and have a next hop address corresponding to the serial interface IP address of Branch1.

Refer to the exhibit. A network engineer is configuring IPv6 routing on the network. Which command issued on router HQ will configure a default route to the Internet to forward packets to an IPv6 destination network that is not listed in the routing table?

ipv6 route ::/0 serial 0/1/1
ipv6 route ::1/0 serial 0/1/1
ipv6 route ::/0 serial 0/0/0
ip route 0.0.0.0 0.0.0.0 serial 0/1/1

Answers Explanation & Hints:

The command that will configure a default route for IPv6 traffic on router HQ is:

ipv6 route ::/0 Serial0/0/0

This command configures a default route (::/0) to forward all IPv6 traffic to the next-hop interface Serial0/0/0, which in this case is the interface connected to the ISP. This default route will forward all traffic that is not in the routing table to the ISP, which allows the network to reach IPv6 destination networks that are not directly connected.The other options listed are not correct for various reasons:

“ipv6 route ::1/0 serial 0/1/1” is incorrect because the ::1/0 address block is not a valid IPv6 address block.
“ipv6 route ::/0 serial 0/1/1” is incorrect because it specifies the wrong interface (Serial0/1/1) as the next-hop interface for the default route.
“ip route 0.0.0.0 0.0.0.0 serial 0/1/1” is incorrect because it is a command for configuring a default route for IPv4 traffic, not IPv6 traffic.

What protocol or technology uses a standby router to assume packet-forwarding responsibility if the active router fails?
- HSRP
- EtherChannel
- VTP
- DTP
- Answers Explanation & Hints:
  
  The protocol that uses a standby router to assume packet-forwarding responsibility if the active router fails is HSRP (Hot Standby Router Protocol).

What is the effect of entering the ip arp inspection vlan 10 configuration command on a switch?

It enables DHCP snooping globally on a switch.
It specifies the maximum number of L2 addresses allowed on a port.
It enables DAI on specific switch interfaces previously configured with DHCP snooping.
It globally enables BPDU guard on all PortFast-enabled ports.

Answers Explanation & Hints:

The effect of entering the ip arp inspection vlan 10 configuration command on a switch is that it enables Dynamic ARP Inspection (DAI) on all switch interfaces in VLAN 10, which are previously configured with DHCP snooping.

Dynamic ARP Inspection (DAI) is a security feature used to validate ARP packets in a network. It allows the switch to intercept and verify ARP packets before forwarding them. The ip arp inspection vlan 10 command enables DAI on all switch interfaces in VLAN 10 and ensures that only valid ARP packets are forwarded.

Refer to the exhibit. A network administrator is reviewing the configuration of switch S1. Which protocol has been implemented to group multiple physical ports into one logical link?

DTP
LACP
PAgP
STP

Answers Explanation & Hints:

PAgP (Port Aggregation Protocol) is a Cisco proprietary protocol used to automatically bundle multiple physical links into a single logical link. PAgP has two modes of operation:

Desirable: The port actively tries to negotiate a bundle with the other end of the link.
Auto: The port passively waits to receive PAgP packets from the other end of the link.

In Auto mode, the port will respond to PAgP packets sent by the other end, but it won’t initiate PAgP negotiation on its own. If the other end is in Desirable mode, then the port will participate in PAgP negotiation and form a bundle.

So, in the given exhibit, the “channel-group 1 mode auto” command is configuring PAgP on interfaces Fa0/8 and Fa0/9, and the “interface Port-channel 1” command is configuring the logical port-channel interface with trunking and allowed VLANs. Therefore, PAgP is the protocol that has been implemented to group multiple physical ports into one logical link on this switch.

Successful inter-VLAN routing has been operating on a network with multiple VLANs across multiple switches for some time. When an inter-switch trunk link fails and Spanning Tree Protocol brings up a backup trunk link, it is reported that hosts on two VLANs can access some, but not all the network resources that could be accessed previously. Hosts on all other VLANS do not have this problem. What is the most likely cause of this problem?

The allowed VLANs on the backup link were not configured correctly.
The protected edge port function on the backup trunk interfaces has been disabled.
Dynamic Trunking Protocol on the link has failed.
Inter-VLAN routing also failed when the trunk link failed.

Answers Explanation & Hints:

The most likely cause of the problem is that the allowed VLANs on the backup link were not configured correctly. When an inter-switch trunk link fails and a backup trunk link is brought up by Spanning Tree Protocol, the VLAN information must be properly configured on the backup link in order for the VLANs to function as they did previously. If the allowed VLANs on the backup link are not configured correctly, some resources may not be accessible to hosts on certain VLANs. This can explain why hosts on two VLANs are having problems while hosts on all other VLANs do not.

Refer to the exhibit. An administrator is attempting to install an IPv6 static route on router R1 to reach the network attached to router R2. After the static route command is entered, connectivity to the network is still failing. What error has been made in the static route configuration?

CCNA 2 v7 SRWE Final Exam Answers 23
- The interface is incorrect.
- The next hop address is incorrect.
- The network prefix is incorrect.
- The destination network is incorrect.
  
  Answers Explanation & Hints:
  
  In this example the interface in the static route is incorrect. The interface should be the exit interface on R1, which is s0/0/0.

What protocol or technology uses source IP to destination IP as a load-balancing mechanism?

EtherChannel
VTP
STP
DTP

Answers Explanation & Hints:

EtherChannel is a link aggregation technology that allows multiple physical links between two network devices to be combined into a single logical link. It is used to increase bandwidth, provide redundancy, and improve network performance.

EtherChannel does not use source IP to destination IP as a load-balancing mechanism. However, some load balancing technologies can be used in conjunction with EtherChannel to distribute traffic across the multiple physical links in the EtherChannel bundle.

Examples of load balancing technologies that can be used with EtherChannel include:

Cisco Port Aggregation Protocol (PAgP)
Link Aggregation Control Protocol (LACP)
Generic Port Aggregation Protocol (GPAgP)
EtherChannel Load Balancing Algorithms (such as source/destination IP address, source/destination MAC address, etc.)

Note that the load balancing algorithms used with EtherChannel determine how traffic is distributed across the physical links in the bundle. They do not use source IP to destination IP as a load-balancing mechanism.

Refer to the exhibit. Router R1 has an OSPF neighbor relationship with the ISP router over the 192.168.0.32 network. The 192.168.0.36 network link should serve as a backup when the OSPF link goes down. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/0/1 100 was issued on R1 and now traffic is using the backup link even when the OSPF link is up and functioning. Which change should be made to the static route command so that traffic will only use the OSPF link when it is up?

Change the administrative distance to 120.
Change the administrative distance to 1.
Add the next hop neighbor address of 192.168.0.36.

Change the destination network to 192.168.0.34.

Answers Explanation & Hints:

The problem with the current floating static route is that the administrative distance is set too low. The administrative distance will need to be higher than that of OSPF, which is 110, so that the router will only use the OSPF link when it is up.

Which type of static route is configured with a greater administrative distance to provide a backup route to a route learned from a dynamic routing protocol?

standard static route
default static route
floating static route

summary static route

Explanation:

There are four basic types of static routes. Floating static routes are backup routes that are placed into the routing table if a primary route is lost. A summary static route aggregates several routes into one, reducing the of the routing table. Standard static routes are manually entered routes into the routing table. Default static routes create a gateway of last resort.

Which option shows a correctly configured IPv4 default static route?
- ip route 0.0.0.0 0.0.0.0 S0/0/0
- ip route 0.0.0.0 255.0.0.0 S0/0/0
- ip route 0.0.0.0 255.255.255.0 S0/0/0
- ip route 0.0.0.0 255.255.255.255 S0/0/0
  
  Explanation:
  
  The static route ip route 0.0.0.0 0.0.0.0 S0/0/0 is considered a default static route and will match all destination networks.

Which command will start the process to bundle two physical interfaces to create an EtherChannel group via LACP?

channel-group 2 mode auto
channel-group 1 mode desirable
interface port-channel 2

interface range GigabitEthernet 0/4 – 5

Answers Explanation & Hints:

To specify the interfaces in an EtherChannel group, use the interface range interface global configuration command for the range of interfaces used. The interface range GigabitEthernet 0/4 – 5 command is the correct option because it specifies two interfaces for the EtherChannel group.

What would be the primary reason an attacker would launch a MAC address overflow attack?

so that the attacker can execute arbitrary code on the switch
so that the switch stops forwarding traffic
so that the attacker can see frames that are destined for other hosts
so that legitimate hosts cannot obtain a MAC address

Answers Explanation & Hints:

A MAC address overflow attack is a type of denial-of-service attack that exploits a vulnerability in the way that a switch handles large numbers of MAC addresses. The primary goal of this attack is to make the switch stop forwarding traffic, thereby disrupting network communication.

Therefore, the correct answer is “so that the switch stops forwarding traffic”. By flooding the switch with a large number of fake MAC addresses, the attacker can overwhelm the switch’s memory and cause it to enter into a “fail-open” state, where it stops forwarding traffic and becomes unresponsive. This can lead to a denial-of-service (DoS) situation, where legitimate network traffic is blocked and communication between hosts is disrupted.

It’s worth noting that this type of attack is not typically used to execute arbitrary code on the switch, see frames that are destined for other hosts, or prevent legitimate hosts from obtaining a MAC address. Instead, the primary goal is to disrupt network communication and cause a DoS.

What is a method to launch a VLAN hopping attack?

introducing a rogue switch and enabling trunking
flooding the switch with MAC addresses
sending spoofed IP addresses from the attacking host
sending spoofed native VLAN information

Answers Explanation & Hints:

One method to launch a VLAN hopping attack is by introducing a rogue switch and enabling trunking.

In this type of attack, the attacker connects a rogue switch to the network and configures it to enable trunking. Trunking is a feature that allows multiple VLANs to be carried over a single physical link between switches. By enabling trunking, the attacker can send traffic for multiple VLANs across the network and potentially gain access to VLANs that they should not have access to.

The rogue switch can be configured to send frames with a VLAN ID that belongs to another VLAN, which can trick the switch into forwarding frames to the wrong VLAN. This is known as double tagging or double encapsulation. The attacker can then receive and potentially modify the frames that are sent to the wrong VLAN.

Flooding the switch with MAC addresses or sending spoofed IP addresses from the attacking host are not methods to launch a VLAN hopping attack. Sending spoofed native VLAN information could potentially be used in a VLAN hopping attack, but it is not a common method.

Refer to the exhibit. All the displayed switches are Cisco 2960 switches with the same default priority and operating at the same bandwidth. Which three ports will be STP designated ports? (Choose three.)

fa0/21
fa0/10
fa0/13
fa0/9
fa0/20
fa0/11

Answers Explanation & Hints:

The lowest BID is the root bridge. In this case, all three switches are determined with a default priority, so we can compare only MAC address. The lowest MAC address is the root bridge. SW3 is the root bridge. So designated ports are fa0/21, f0/10, and f0/13.

What is the common term given to SNMP log messages that are generated by network devices and sent to the SNMP server?

traps
auditing
acknowledgments
warnings

Answers Explanation & Hints:

The common term given to SNMP log messages that are generated by network devices and sent to the SNMP server is “traps”.

SNMP traps are asynchronous notifications sent by network devices to an SNMP management system, alerting it of specific events, conditions or errors that have occurred. These traps are generated and sent automatically by the device, without any request from the management system. They can be used to alert network administrators of issues such as link failures, high CPU utilization, device restarts, etc.

In contrast to SNMP polling, where the management system periodically queries network devices to collect data, SNMP traps provide a way for devices to proactively notify the management system of events in real-time. This allows administrators to quickly respond to issues and take corrective actions to minimize the impact of the event.

A technician is troubleshooting a slow WLAN and decides to use the split-the-traffic approach. Which two parameters would have to be configured to do this? (Choose two.)

Configure the 2.4 GHz band for basic internet traffic that is not time sensitive.
Configure the security mode to WPA Personal TKIP/AES for both networks.
Configure the security mode to WPA Personal TKIP/AES for one network and WPA2 Personal AES for the other network
Configure a common SSID for both split networks.
Configure the 5 GHz band for streaming multimedia and time sensitive traffic.

Answers Explanation & Hints:

To use the split-the-traffic approach for troubleshooting a slow WLAN, the two parameters that would need to be configured are:

Configure the 2.4 GHz band for basic internet traffic that is not time-sensitive: This means that the 2.4 GHz band should be configured to handle non-critical traffic such as browsing, email, and other general internet usage. This will help reduce congestion on the 5 GHz band, which can be reserved for time-sensitive traffic.
Configure the 5 GHz band for streaming multimedia and time-sensitive traffic: This means that the 5 GHz band should be reserved for traffic that is latency-sensitive such as video streaming, voice over IP (VoIP), and online gaming. By reserving the 5 GHz band for these types of traffic, it will help ensure that the traffic is prioritized and receives adequate bandwidth.

Configuring the security mode to WPA Personal TKIP/AES for one network and WPA2 Personal AES for the other network, configuring a common SSID for both split networks, and configuring the security mode to WPA Personal TKIP/AES for both networks are not directly related to implementing the split-the-traffic approach for troubleshooting a slow WLAN.

A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this?

auto secure MAC addresses
dynamic secure MAC addresses
static secure MAC addresses

sticky secure MAC addresses

Answers Explanation & Hints:

With sticky secure MAC addressing, the MAC addresses can be either dynamically learned or manually configured and then stored in the address table and added to the running configuration file. In contrast, dynamic secure MAC addressing provides for dynamically learned MAC addressing that is stored only in the address table.

What is the IPv6 prefix that is used for link-local addresses?

FE80::/10
FF01::/8
FC00::/7
2001::/3

Answers Explanation & Hints:

The IPv6 prefix that is used for link-local addresses is FE80::/10.

Link-local addresses are used for communication between devices on the same link or network segment. The FE80::/10 prefix is reserved for link-local addresses, which means that any IPv6 address that starts with FE80 will be a link-local address.

Link-local addresses are automatically assigned to interfaces when IPv6 is enabled on the interface, and they do not require any manual configuration. They are used for tasks such as neighbor discovery, address autoconfiguration, and router discovery, and they are not routable outside of the local link or network segment.

What action takes place when a frame entering a switch has a unicast destination MAC address that is not in the MAC address table?

The switch resets the refresh timer on all MAC address table entries.
The switch updates the refresh timer for the entry.
The switch replaces the old entry and uses the more current port.
The switch will forward the frame out all ports except the incoming port.

Answers Explanation & Hints:

When a frame entering a switch has a unicast destination MAC address that is not in the MAC address table, the switch will flood the frame out all ports except the incoming port.

This is because the switch does not have a destination MAC address entry in its MAC address table to forward the frame to, so it must assume that the destination is on a different network segment and flood the frame out all ports (except the incoming port) in order to reach the destination.

This flooding behavior is known as unknown unicast flooding, and it can lead to unnecessary network traffic and bandwidth consumption. To mitigate this behavior, switches can be configured with features such as port security, which limits the number of MAC addresses that can be learned on a given port, or dynamic ARP inspection, which validates ARP packets to ensure that they are legitimate before allowing them to update the MAC address table.

A new switch is to be added to an existing network in a remote office. The network administrator does not want the technicians in the remote office to be able to add new VLANs to the switch, but the switch should receive VLAN updates from the VTP domain. Which two steps must be performed to configure VTP on the new switch to meet these conditions? (Choose two.)

Configure the existing VTP domain name on the new switch.
Configure all ports of both switches to access mode.
Enable VTP pruning.
Configure an IP address on the new switch.
Configure the new switch as a VTP client.

Answers Explanation & Hints:

To configure VTP on the new switch to meet the conditions specified, the following steps must be performed:

Configure the existing VTP domain name on the new switch.
Configure the new switch as a VTP client.

Explanation:

To ensure that the new switch receives VLAN updates from the existing VTP domain, the VTP domain name on the new switch must match the VTP domain name on the existing switches in the domain. This can be done by configuring the VTP domain name on the new switch to match the domain name on the existing switches.
To prevent technicians in the remote office from adding new VLANs to the switch, the new switch should be configured as a VTP client. This means that it will receive VLAN updates from the VTP domain, but it will not be able to add new VLANs to the domain. All ports of both switches should be configured to trunk mode, as this is required for VTP communication between switches.

VTP pruning and IP address configuration are not directly related to the requirements stated in the question and are not required for VTP configuration on the new switch.

Refer to the exhibit. Which three hosts will receive ARP requests from host A, assuming that port Fa0/4 on both switches is configured to carry traffic for multiple VLANs? (Choose three.)

host F
host B
host D
host G
host C

host E

Explanation:

ARP requests are sent out as broadcasts. That means the ARP request is sent only throughout a specific VLAN. VLAN 1 hosts will only hear ARP requests from hosts on VLAN 1. VLAN 2 hosts will only hear ARP requests from hosts on VLAN 2.

A technician is configuring a router for a small company with multiple WLANs and doesn’t need the complexity of a dynamic routing protocol. What should be done or checked?

Check the configuration on the floating static route and adjust the AD.
Create a floating static route to that network.
Verify that there is not a default route in any of the edge router routing tables.
Create static routes to all internal networks and a default route to the internet.

Answers Explanation & Hints:

For a small company with multiple WLANs that does not require a dynamic routing protocol, the following steps should be taken:

Create static routes to all internal networks: This ensures that the router knows how to reach all internal networks.
Create a default route to the internet: This ensures that traffic destined for the internet is sent to the appropriate gateway.
Verify that there is not a default route in any of the edge router routing tables: This prevents any potential routing loops.

Creating a floating static route or adjusting the administrative distance (AD) are not necessary in this scenario as there is no mention of a backup or secondary path, and the requirement is for a simple solution that does not involve dynamic routing protocols.

Which two functions are performed by a WLC when using split media access control (MAC)? (Choose two.)

packet acknowledgments and retransmissions
frame translation to other protocols
association and re-association of roaming clients
beacons and probe responses
frame queuing and packet prioritization

Answers Explanation & Hints:

The two functions performed by a WLC when using split media access control (MAC) are:

Association and re-association of roaming clients: The WLC is responsible for managing the connection of wireless clients to the appropriate access point (AP) as they roam within the wireless network.
Frame queuing and packet prioritization: The WLC is responsible for queuing and prioritizing frames and packets from the wireless clients to ensure that the network traffic is efficiently managed and that time-sensitive traffic (such as voice and video) is given priority over other traffic.

Packet acknowledgments and retransmissions, frame translation to other protocols, beacons, and probe responses are not functions performed by a WLC using split MAC.

Refer to the exhibit. A network administrator configured routers R1 and R2 as part of HSRP group 1. After the routers have been reloaded, a user on Host1 complained of lack of connectivity to the Internet The network administrator issued the show standby brief command on both routers to verify the HSRP operations. In addition, the administrator observed the ARP table on Host1. Which entry should be seen in the ARP table on Host1 in order to gain connectivity to the Internet?

the IP address and the MAC address of R1
the virtual IP address of the HSRP group 1 and the MAC address of R1
the virtual IP address of the HSRP group 1 and the MAC address of R2

the virtual IP address and the virtual MAC address for the HSRP group 1

Explanation:

Hosts will send an ARP request to the default gateway which is the virtual IP address. ARP replies from the HSRP routers contain the virtual MAC address. The host ARP tables will contain a mapping of the virtual IP to the virtual MAC.

A network administrator is configuring a new Cisco switch for remote management access. Which three items must be configured on the switch for the task? (Choose three.)

IP address
default gateway
default VLAN
vty lines
VTP domain

loopback address

Explanation:

To enable the remote management access, the Cisco switch must be configured with an IP address and a default gateway. In addition, vty lines must configured to enable either Telnet or SSH connections. A loopback address, default VLAN, and VTP domain configurations are not necessary for the purpose of remote switch management.

Refer to the exhibit. What can be concluded about the configuration shown on R1?

R1 is configured as a DHCPv4 relay agent.
R1 will send a message to a local DHCPv4 client to contact a DHCPv4 server at 10.10.10.8.
R1 will broadcast DHCPv4 requests on behalf of local DHCPv4 clients.
R1 is operating as a DHCPv4 server.

Answers Explanation & Hints:

Based on the provided configuration, we can conclude that R1 is configured as a DHCPv4 relay agent. This is because of the presence of the “ip helper-address” command under the “GigabitEthernet0/0” interface. This command is used to configure a DHCPv4 relay agent that forwards DHCPv4 requests from local DHCPv4 clients to a DHCPv4 server specified by the IP address (in this case, 10.10.10.8). Therefore, option A is the correct conclusion: R1 is configured as a DHCPv4 relay agent.

What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?

It sends a DHCPREQUEST that identifies which lease offer the client is accepting.
It sends a DHCPNAK and begins the DHCP process over again.
It accepts both DHCPOFFER messages and sends a DHCPACK.

It discards both offers and sends a new DHCPDISCOVER.

Answers Explanation & Hints:

When a DHCPv4 client receives more than one DHCPOFFER message from multiple DHCP servers, it will select one of the offers and send a DHCPREQUEST message to the selected DHCP server to request the lease offer. The DHCPREQUEST message identifies the lease offer the client is accepting and declines the other offers. The selected DHCP server responds with a DHCPACK message to confirm the lease. This process is called DHCPv4 offer selection, and it helps the client to choose the most appropriate DHCP server and avoid IP address conflicts that might occur if it accepts multiple offers. Therefore, the correct option is: It sends a DHCPREQUEST that identifies which lease offer the client is accepting.

What protocol should be disabled to help mitigate VLAN attacks?

Answers Explanation & Hints:

Dynamic Trunking Protocol (DTP) is a Cisco proprietary protocol that is used to negotiate the trunking mode between two switches. DTP can automatically configure a trunk link between two switches, which can simplify network administration tasks. However, DTP can also be exploited by attackers to gain unauthorized access to other VLANs or the entire network by sending rogue DTP messages. Therefore, it is recommended to disable DTP on ports that do not require trunking, and configure the trunk mode manually using the “switchport mode” command instead.

Why is DHCP snooping required when using the Dynamic ARP Inspection feature?

It uses the MAC address table to verify the default gateway IP address.
It redirects ARP requests to the DHCP server for verification.
It relies on the settings of trusted and untrusted ports set by DHCP snooping.

It uses the MAC-address-to-IP-address binding database to validate an ARP packet.

Explanation:

DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and builds a bindings database of valid tuples (MAC address, IP address, VLAN interface).

When DAI is enabled, the switch drops ARP packet if the sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. However, it can be overcome through static mappings. Static mappings are useful when hosts configure static IP addresses, DHCP snooping cannot be run, or other switches in the network do not run dynamic ARP inspection. A static mapping associates an IP address to a MAC address on a VLAN.

To obtain an overview of the spanning tree status of a switched network, a network engineer issues the show spanning-tree command on a switch. Which two items of information will this command display? (Choose two.)

The role of the ports in all VLANs.
The root bridge BID.
The number of broadcasts received on each root port.
The IP address of the management VLAN interface.
The status of native VLAN ports.

Answers Explanation & Hints:

The show spanning-tree command displays the following two items of information:

The root bridge BID: This information shows the BID (Bridge ID) of the root bridge in the spanning tree topology. The root bridge is the bridge with the lowest BID value, and it is responsible for sending the configuration BPDUs (Bridge Protocol Data Units) that propagate through the network to create the loop-free topology.
The role of the ports in all VLANs: This information shows the status of each switch port in the spanning tree topology, including the role of the port (root, designated, or blocked), the priority of the port, the cost of the path to the root bridge, and the port ID.

Therefore, options A and B are correct: the role of the ports in all VLANs, and the root bridge BID, are the two items of information that will be displayed by the show spanning-tree command.

A WLAN engineer deploys a WLC and five wireless APs using the CAPWAP protocol with the DTLS feature to secure the control plane of the network devices. While testing the wireless network, the WLAN engineer notices that data traffic is being exchanged between the WLC and the APs in plain-text and is not being encrypted. What is the most likely reason for this?

DTLS only provides data security through authentication and does not provide encryption for data moving between a wireless LAN controller (WLC) and an access point (AP).
Data encryption requires a DTLS license to be installed on each access point (AP) prior to being enabled on the wireless LAN controller (WLC).
Although DTLS is enabled by default to secure the CAPWAP control channel, it is disabled by default for the data channel.

DTLS is a protocol that only provides security between the access point (AP) and the wireless client.

Explanation:

DTLS is a protocol which provides security between the AP and the WLC. It allows them to communicate using encryption and prevents eavesdropping or tampering.
DTLS is enabled by default to secure the CAPWAP control channel but is disabled by default for the data channel. All CAPWAP management and control traffic exchanged between an AP and WLC is encrypted and secured by default to provide control plane privacy and prevent Man-In-the-Middle (MITM) attacks.

Refer to the exhibit. The network administrator configures both switches as displayed. However, host C is unable to ping host D and host E is unable to ping host F. What action should the administrator take to enable this communication?

CCNA 2 v7 SRWE Final Exam Answers 29
- Associate hosts A and B with VLAN 10 instead of VLAN 1.
- Configure either trunk port in the dynamic desirable mode.
- Add the switchport nonegotiate command to the configuration of SW2.
- Include a router in the topology.
- Remove the native VLAN from the trunk.
- Answers Explanation & Hints:
What action takes place when the source MAC address of a frame entering a switch is not in the MAC address table?
- The switch replaces the old entry and uses the more current port.
- The switch adds a MAC address table entry for the destination MAC address and the egress port.
- The switch updates the refresh timer for the entry.
- The switch adds the MAC address and incoming port number to the table.
- Answers Explanation & Hints:
A technician is configuring a wireless network for a small business using a SOHO wireless router. Which two authentication methods are used, if the router is configured with WPA2? (Choose two.) **
- AES
- TKIP
- personal
- WEP
- enterprise
- Answers Explanation & Hints:
A network administrator is adding a new WLAN on a Cisco 3500 series WLC. Which tab should the administrator use to create a new VLAN interface to be used for the new WLAN?
- WLANs
- CONTROLLER
- WIRELESS
- MANAGEMENT
- Answers Explanation & Hints:
Refer to the exhibit. Which two conclusions can be drawn from the output? (Choose two.)

CCNA 2 v7 SRWE Final Exam Answers 30
- The port channel ID is 2.
- The bundle is fully operational.
- The port channel is a Layer 3 channel.
- The load-balancing method used is source port to destination port.
- The EtherChannel is down.
- Answers Explanation & Hints:
Which three statements accurately describe duplex and speed settings on Cisco 2960 switches? (Choose three.)
- By default, the speed is set to 100 Mb/s and the duplex mode is set to autonegotiation.
- An autonegotiation failure can result in connectivity issues.
- The duplex and speed settings of each switch port can be manually configured.
- When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode.
- By default, the autonegotiation feature is disabled.
- Enabling autonegotiation on a hub will prevent mismatched port speeds when connecting the hub to the switch.
- Answers Explanation & Hints:
Refer to the exhibit. A Layer 3 switch routes for three VLANs and connects to a router for Internet connectivity. Which two configurations would be applied to the switch? (Choose two.)

CCNA 2 v7 SRWE Final Exam Answers 31
- (config)# interface fastethernet0/4
  (config-if)# switchport mode trunk
- (config)# interface vlan 1
  (config-if)# ip address 192.168.1.2 255.255.255.0
  (config-if)# no shutdown
- (config)# ip routing
- (config)# interface gigabitethernet 1/1
  (config-if)# no switchport
  (config-if)# ip address 192.168.1.2 255.255.255.252
- (config)# interface gigabitethernet1/1
  (config-if)# switchport mode trunk
- Answers Explanation & Hints:
Refer to the exhibit. Consider that the main power has just been restored. PC3 issues a broadcast IPv4 DHCP request. To which port will SW1 forward this request?

CCNA 2 v7 SRWE Final Exam Answers 32
- to Fa0/1 only
- to Fa0/1, Fa0/2, and Fa0/4 only
- to Fa0/1, Fa0/2, Fa0/3, and Fa0/4
- to Fa0/1, Fa0/2, and Fa0/3 only
- to Fa0/1 and Fa0/2 only
- Answers Explanation & Hints:

Which statement is correct about how a Layer 2 switch determines how to forward frames?

Only frames with a broadcast destination address are forwarded out all active switch ports.
Frame forwarding decisions are based on MAC address and port mappings in the CAM table.
Cut-through frame forwarding ensures that invalid frames are always dropped.

Unicast frames are always forwarded regardless of the destination MAC address.

Explanation:

Cut-through frame forwarding reads up to only the first 22 bytes of a frame, which excludes the frame check sequence and thus invalid frames may be forwarded. In addition to broadcast frames, frames with a destination MAC address that is not in the CAM are also flooded out all active ports. Unicast frames are not always forwarded. Received frames with a destination MAC address that is associated with the switch port on which it is received are not forwarded because the destination exists on the network segment connected to that port.

Employees are unable to connect to servers on one of the internal networks. What should be done or checked?
- Use the “show ip interface brief” command to see if an interface is down.
- Verify that there is not a default route in any of the edge router routing tables.
- Check the statistics on the default route for oversaturation.
- Create static routes to all internal networks and a default route to the internet.
- Answers Explanation & Hints:
What protocol or technology requires switches to be in server mode or client mode?
- VTP
- EtherChannel
- HSRP
- DTP
- Answers Explanation & Hints:
What is the effect of entering the shutdown configuration command on a switch?
- It disables an unused port.
- It enables portfast on a specific switch interface.
- It disables DTP on a non-trunking interface.
- It enables BPDU guard on a specific port.
- Answers Explanation & Hints:
What else is required when configuring an IPv6 static route using a next-hop link-local address? **
- network number and subnet mask on the interface of the neighbor router
- ip address of the neighbor router
- interface number and type
- administrative distance
- Answers Explanation & Hints:
A junior technician was adding a route to a LAN router. A traceroute to a device on the new network revealed a wrong path and unreachable status. What should be done or checked?
- Verify that there is not a default route in any of the edge router routing tables.
- Create a floating static route to that network.
- Check the configuration on the floating static route and adjust the AD.
- Check the configuration of the exit interface on the new static route.
- Answers Explanation & Hints:

A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?

The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.
The only users that can switch to the 5 GHz band will be those with the latest wireless NICs, which will reduce usage.
Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will result in fewer users accessing these services.

The 5 GHz band has a greater range and is therefore likely to be interference-free.

Answers Explanation & Hints:

Wireless range is determined by the access point antenna and output power, not the frequency band that is used. In this scenario it is stated that all users have wireless NICs that comply with the latest standard, and so all can access the 5 GHz band. Although some users may find it inconvenient to switch to the 5 Ghz band to access streaming services, it is the greater number of channels, not just fewer users, that will improve network performance.

On what switch ports should BPDU guard be enabled to enhance STP stability?
- only ports that are elected as designated ports
- only ports that attach to a neighboring switch
- all PortFast-enabled ports
- all trunk ports that are not root ports
- Answers Explanation & Hints:
How will a router handle static routing differently if Cisco Express Forwarding is disabled?
- Serial point-to-point interfaces will require fully specified static routes to avoid routing inconsistencies.
- It will not perform recursive lookups.
- Static routes that use an exit interface will be unnecessary.
- Ethernet multiaccess interfaces will require fully specified static routes to avoid routing inconsistencies.
- Answers Explanation & Hints:
What protocol or technology allows data to transmit over redundant switch links?
- STP
- VTP
- EtherChannel
- DTP
- Answers Explanation & Hints:

A PC has sent an RS message to an IPv6 router attached to the same network. Which two pieces of information will the router send to the client? (Choose two.)

prefix
domain name
subnet mask in dotted decimal notation
administrative distance
DNS server IP address

prefix length

Answers Explanation & Hints:

Router is part of the IPv6 all-routers group and received the RS message. It generates an RA containing the local network prefix and prefix length (e.g., 2001:db8:acad:1::/64)

Which two VTP modes allow for the creation, modification, and deletion of VLANs on the local switch? (Choose two.)
- distribution
- master
- server
- client
- transparent
- slave
- Answers Explanation & Hints:

Refer to the exhibit. What will router R1 do with a packet that has a destination IPv6 address of 2001:db8:cafe:5::1?

CyberOps Associate (Version 1.0) - CyberOps Associate 1.0 Practice Final Exam Answers 02 — CyberOps Associate (Version 1.0) – CyberOps Associate 1.0 Practice Final Exam Answers 02

forward the packet out GigabitEthernet0/0
forward the packet out Serial0/0/0
forward the packet out GigabitEthernet0/1

drop the packet

Answers Explanation & Hints:

The route ::/0 is the compressed form of the 0000:0000:0000:0000:0000:0000:0000:0000/0 default route. The default route is used if a more specific route is not found in the routing table.

What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?

There is no ability to provide accountability.
It is very susceptible to brute-force attacks because there is no username.
The passwords can only be stored in plain text in the running configuration.

User accounts must be configured locally on each device, which is an unscalable authentication solution.

Answers Explanation & Hints:

The local database method of securing device access utilizes usernames and passwords that are configured locally on the router. This allows administrators to keep track of who logged in to the device and when. The passwords can also be encrypted in the configuration. However, the account information must be configured on each device where that account should have access, making this solution very difficult to scale.

Which three Wi-Fi standards operate in the 2.4GHz range of frequencies? (Choose three.)
- 802.11ac
- 802.11a
- 802.11n
- 802.11b
- 802.11g
- Answers Explanation & Hints:

Which command will create a static route on R2 in order to reach PC B?

R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.2.254
R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.3.1
R2(config)# ip route 172.16.2.1 255.255.255.0 172.16.3.1

R2(config)# ip route 172.16.3.0 255.255.255.0 172.16.2.254

Answers Explanation & Hints:

The correct syntax is:
router(config)# ip route destination-network destination-mask {next-hop-ip-address | exit-interface}
If the local exit interface instead of the next-hop IP address is used then the route will be displayed as a directly connected route instead of a static route in the routing table. Because the network to be reached is 172.16.2.0 and the next-hop IP address is 172.16.3.1, the command is R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.3.1

What is the effect of entering the switchport mode access configuration command on a switch?
- It disables DTP on a non-trunking interface.
- It disables an unused port.
- It manually enables a trunk link.
- It enables BPDU guard on a specific port.
- Answers Explanation & Hints:

Refer to the exhibit. Which statement shown in the output allows router R1 to respond to stateless DHCPv6 requests?

ipv6 nd other-config-flag
ipv6 dhcp server LAN1
prefix-delegation 2001:DB8:8::/48 00030001000E84244E70
ipv6 unicast-routing

dns-server 2001:DB8:8::8

Answers Explanation & Hints:

The interface command ipv6 nd other-config-flag allows RA messages to be sent on this interface, indicating that additional information is available from a stateless DHCPv6 server.

Refer to the exhibit. The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.)

CCNA 2 v7 SRWE Final Exam Answers 36
- The port is configured as a trunk link.
- This port is currently up.
- The switch port mode for this interface is access mode.
- Three security violations have been detected on this interface.
- There is no device currently connected to this port.
- Security violations will cause this port to shut down immediately.
- Answers Explanation & Hints:

What are two reasons a network administrator would segment a network with a Layer 2 switch? (Choose two.)

to isolate ARP request messages from the rest of the network
to create more broadcast domains
to enhance user bandwidth
to eliminate virtual circuits
to create fewer collision domains

to isolate traffic between segments

Answers Explanation & Hints:

A switch has the ability of creating temporary point-to-point connections between the directly-attached transmitting and receiving network devices. The two devices have full-bandwidth full-duplex connectivity during the transmission.

What action takes place when a frame entering a switch has a unicast destination MAC address appearing in the MAC address table?
- The switch resets the refresh timer on all MAC address table entries.
- The switch forwards the frame out of the specified port.
- The switch updates the refresh timer for the entry.
- The switch will forward the frame out all ports except the incoming port.
- Answers Explanation & Hints:

A network administrator is using the router-on-a-stick model to configure a switch and a router for inter-VLAN routing. What configuration should be made on the switch port that connects to the router?

Configure the port as a trunk port and assign it to VLAN1.
Configure it as a trunk port and allow only untagged traffic.
Configure the port as an 802.1q trunk port.

Configure the port as an access port and a member of VLAN1.

Answers Explanation & Hints:

The port on the switch that connects to the router interface should be configured as a trunk port. Once it becomes a trunk port, it does not belong to any particular VLAN and will forward traffic from various VLANs.

What is the effect of entering the switchport port-security configuration command on a switch?
- It enables port security globally on the switch.
- It dynamically learns the L2 address and copies it to the running configuration.
- It restricts the number of discovery messages, per second, to be received on the interface.
- It enables port security on an interface.
- Answers Explanation & Hints:
Users on a LAN are unable to get to a company web server but are able to get elsewhere. What should be done or checked?
- Ensure that the old default route has been removed from the company edge routers.
- Verify that the static route to the server is present in the routing table.
- Create a floating static route to that network.
- Check the configuration on the floating static route and adjust the AD.
- Answers Explanation & Hints:
Refer to the exhibit. A network administrator is configuring the router R1 for IPv6 address assignment. Based on the partial configuration, which IPv6 global unicast address assignment scheme does the administrator intend to implement?

CCNA 2 v7 SRWE Final Exam Answers 37
- manual configuration
- stateful
- stateless
- SLAAC
- Answers Explanation & Hints:

Match the step to each switch boot sequence description. (Not all options are used.)

Answers Explanation & Hints:

Step 1: Perform low-level CPU initialization

Step 2: Load the boot loader from ROM

Step 3: Execute POST

Step 4: Flash file system initialization

Step 5: Load the IOS

Note: The description “Enter global configuration mode” does not seem to match any of the given steps in the boot sequence, so it is not used in this matching exercise.

What protocol or technology disables redundant paths to eliminate Layer 2 loops?
- EtherChannel
- DTP
- STP
- VTP
- Answers Explanation & Hints:
During the AAA process, when will authorization be implemented?
- immediately after the determination of which resources a user can access
- immediately after an AAA client sends authentication information to a centralized server
- immediately after AAA accounting and auditing receives detailed reports
- immediately after successful authentication against an AAA data source
  
  Answers Explanation & Hints:
  
  AAA authorization is implemented immediately after the user is authenticated against a specific AAA data source.
Which two protocols are used to provide server-based AAA authentication? (Choose two.)
- TACACS+
- RADIUS
- SNMP
- 802.1x
- SSH
  
  Answers Explanation & Hints:

5 1 vote

Article Rating

0 Comments

Inline Feedbacks

View all comments

CCNA 2 v7 | SRWE v7.02 | Switching, Routing, and Wireless Essentials (Version 7.00) – SRWE Final Exam Answers Full 100% v7 & v7.02 2023

Cisco Netacad SRWE Version 7.00 CCNA 2 v7 & v7.02 SRWE Final Exam Answers 2023 – Switching, Routing, and Wireless Essential Full 100% 2023

A network administrator is preparing the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces?

Which two types of spanning tree protocols can cause suboptimal traffic flows because they assume only one spanning-tree instance for the entire bridged network? (Choose two.)

What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port?

Which network attack is mitigated by enabling BPDU guard?

A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on a switch. However, BPDU guard is not activated on all access ports. What is the cause of the issue?

A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) *

What method of wireless authentication is dependent on a RADIUS authentication server?

An administrator notices that large numbers of packets are being dropped on one of the branch routers. What should be done or checked?

What IPv6 prefix is designed for link-local communication?

Which mitigation technique would prevent rogue servers from providing false IPv6 configuration parameters to clients?

What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server?

What is the effect of entering the ip dhcp snooping limit rate 6 configuration command on a switch?

Refer to the exhibit. What are the possible port roles for ports A, B, C, and D in this RSTP-enabled network?

Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to the default gateway?

What is a secure configuration option for remote access to a network device?

After a host has generated an IPv6 address by using the DHCPv6 or SLAAC process, how does the host verify that the address is unique and therefore usable?

Refer to the exhibit. Host A has sent a packet to host B. What will be the source MAC and IP addresses on the packet when it arrives at host B?

Which wireless encryption method is the most secure?

Match the description to the correct VLAN type. (Not all options are used.)

Refer to the exhibit. A network administrator has connected two switches together using EtherChannel technology. If STP is running, what will be the end result?

What are three techniques for mitigating VLAN attacks? (Choose three.)

An administrator is trying to remove configurations from a switch. After using the command erase startup-config and reloading the switch, the administrator finds that VLANs 10 and 100 still exist on the switch. Why were these VLANs not removed?

Refer to the exhibit. Which static route would an IT technician enter to create a backup route to the 172.16.1.0 network that is only used if the primary RIP learned route fails?

Refer to the exhibit. In addition to static routes directing traffic to networks 10.10.0.0/16 and 10.20.0.0/16, Router HQ is also configured with the following command: ip route 0.0.0.0 0.0.0.0 serial 0/1/1 What is the purpose of this command?

Refer to the exhibit. A network administrator is configuring inter-VLAN routing on a network. For now, only one VLAN is being used, but more will be added soon. What is the missing parameter that is shown as the highlighted question mark in the graphic?

Match the link state to the interface and protocol status. (Not all options are used.)

Refer to the exhibit. How is a frame sent from PCA forwarded to PCC if the MAC address table on switch SW1 is empty?

Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)

A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID?

Compared with dynamic routes, what are two advantages of using static routes on a router? (Choose two.)

Refer to the exhibit. Which route was configured as a static route to a specific network using the next-hop address?

Refer to the exhibit. What is the metric to forward a data packet with the IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2?

A static route has been configured on a router. However, the destination network no longer exists. What should an administrator do to remove the static route from the routing table?

Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.)​

Refer to the exhibit. After attempting to enter the configuration that is shown in router RTA, an administrator receives an error and users on VLAN 20 report that they are unable to reach users on VLAN 30. What is causing the problem?

Refer to the exhibit. Which trunk link will not forward any traffic after the root bridge election process is complete?

Match the step number to the sequence of stages that occur during the HSRP failover process. (Not all options are used.)

In which situation would a technician use the show interfaces switch command?

Refer to the exhibit. If the IP addresses of the default gateway router and the DNS server are correct, what is the configuration problem?

Refer to the exhibit. A network administrator has added a new subnet to the network and needs hosts on that subnet to receive IPv4 addresses from the DHCPv4 server.

What two commands will allow hosts on the new subnet to receive addresses from the DHCP4 server? (Choose two.)

Refer to the exhibit. R1 has been configured as shown. However, PC1 is not able to receive an IPv4 address. What is the problem?​

What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?

A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation?

Which information does a switch use to populate the MAC address table?

Which statement describes a result after multiple Cisco LAN switches are interconnected?

Match the forwarding characteristic to its type. (Not all options are used.)

Which method of IPv6 prefix assignment relies on the prefix contained in RA messages?

On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to configure a particular WLAN with a WPA2 policy?

A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?

What two default wireless router settings can affect network security? (Choose two.)

Refer to the exhibit. Based on the exhibited configuration and output, why is VLAN 99 missing?

Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.)

Which three steps should be taken before moving a Cisco switch to a new VTP management domain? (Choose three.)

Select the three PAgP channel establishment modes. (Choose three.)

Refer to the exhibit. Which static route command can be entered on R1 to forward traffic to the LAN connected to R2?

Refer to the exhibit. Currently router R1 uses an EIGRP route learned from Branch2 to reach the 10.10.0.0/16 network. Which floating static route would create a backup route to the 10.10.0.0/16 network in the event that the link between R1 and Branch2 goes down?

Refer to the exhibit. A network engineer is configuring IPv6 routing on the network. Which command issued on router HQ will configure a default route to the Internet to forward packets to an IPv6 destination network that is not listed in the routing table?​

What protocol or technology uses a standby router to assume packet-forwarding responsibility if the active router fails?

What is the effect of entering the ip arp inspection vlan 10 configuration command on a switch?

Refer to the exhibit. A network administrator is reviewing the configuration of switch S1. Which protocol has been implemented to group multiple physical ports into one logical link?

Refer to the exhibit. An administrator is attempting to install an IPv6 static route on router R1 to reach the network attached to router R2. After the static route command is entered, connectivity to the network is still failing. What error has been made in the static route configuration?

What protocol or technology uses source IP to destination IP as a load-balancing mechanism?

Which type of static route is configured with a greater administrative distance to provide a backup route to a route learned from a dynamic routing protocol?

Which option shows a correctly configured IPv4 default static route?

Which command will start the process to bundle two physical interfaces to create an EtherChannel group via LACP?

What would be the primary reason an attacker would launch a MAC address overflow attack?

What is a method to launch a VLAN hopping attack?

Refer to the exhibit. All the displayed switches are Cisco 2960 switches with the same default priority and operating at the same bandwidth. Which three ports will be STP designated ports? (Choose three.)

What is the common term given to SNMP log messages that are generated by network devices and sent to the SNMP server?

A technician is troubleshooting a slow WLAN and decides to use the split-the-traffic approach. Which two parameters would have to be configured to do this? (Choose two.)

A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this?

What is the IPv6 prefix that is used for link-local addresses?

What action takes place when a frame entering a switch has a unicast destination MAC address that is not in the MAC address table?

Refer to the exhibit. Which three hosts will receive ARP requests from host A, assuming that port Fa0/4 on both switches is configured to carry traffic for multiple VLANs? (Choose three.)

A technician is configuring a router for a small company with multiple WLANs and doesn’t need the complexity of a dynamic routing protocol. What should be done or checked?

Which two functions are performed by a WLC when using split media access control (MAC)? (Choose two.)

A network administrator is configuring a new Cisco switch for remote management access. Which three items must be configured on the switch for the task? (Choose three.)

Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.)

Refer to the exhibit. R1 has been configured as shown. However, PC1 is not able to receive an IPv4 address. What is the problem?

Refer to the exhibit. A network engineer is configuring IPv6 routing on the network. Which command issued on router HQ will configure a default route to the Internet to forward packets to an IPv6 destination network that is not listed in the routing table?

Refer to the exhibit. Consider that the main power has just been restored. PC3 issues a broadcast IPv4 DHCP request. To which port will SW1 forward this request?