Cisco 642-892 Exam Demo, Provide Latest Cisco 642-892 Study Guide For Sale

Welcome to download the newest Newcerts 350-060 VCE dumps: http://www.newcerts.com/350-060.html

In case you have a new other Cisco 642-892 Certification recognition, businesses usually remember you happen to be very qualified with the deliver the results. A person’s high quality practicing for Cisco 642-892 exam sample questions is from Flydumps. You’ll find your accreditation the same manner 1000s on a yearly basis perform, making use of Flydumps own Official certifications coaching items, methods and also Cisco 642-892 applications.

QUESTION 91
When a router is connected to a Frame Relay WAN link using a serial DTE interface, how is the interface clock rate determined?
A. It is supplied by the CSU/DSU.
B. It is supplied by the far end router.
C. It is determined by the clock rate command.
D. It is supplied by the Layer 1 bit stream timing.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 92
A network administrator assigns a multicast address of 239.255.8.5 to an application running on a device with an Ethernet MAC address of 01.b2.7d.05.f1.80. Which Layer 2 multicast address will this device use?
A. 01.00.5e.7F.08.05
B. 01.b2.7d.05.f1.80
C. 01.b2.7d.0a.08.05
D. 01.00.5e.05.f1.80
E. ff.ff.ff.ff.ff.ff
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93
For the accompanying router output, which of the following statements describes the state that neighbor
172.16.254.3 is in?

A. The router will not accept connections from the peer.
B. The router has sent out an active TCP connection request to the peer.
C. The router is listening on its server port for connection requests from the peer.
D. BGP can exchange routing information in this state.
Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 94
Above is the output from show ip bgp neighbors command. What is line 21 stating about the BGP connection?

A. the number of consecutive TCP connections to the specified remote neighbor
B. the number of times the router has established a TCP connection
C. the number of total TCP connections that the router has
D. the number of neighbors that the router has
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Given the accompanying output, which additional command is needed to redistribute IGRP into EIGRP?
Router eigrp 123Network 10.10.10.0 No auto-summary! Router igrp 123Network 172.16.0.0 Network 172.17.0.0
A. Under the router igrp mode add redistribute eigrp 123
B. Under the router eigrp mode add redistribute igrp 123
C. Under the router eigrp mode add redistribute igrp 123 subnets
D. None, EIGRP and IGRP are automatically redistributed in this instance.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Given the network diagram, which address would successfully summarize only the networks seen?

A. 192.168.0.0/24
B. 192.168.8.0/20
C. 192.168.8.0/21
D. 192.168.12.0/20
E. 192.168.16.0/21
F. These networks cannot be summarized.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 97
Given the network diagram, which routers currently make up the IS-IS backbone?

A. R3,R4,R6
B. R3,R4,R5,R6
C. R2,R3,R6,R7
D. R2,R3,R4,R6,R7
E. R1 through R8
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which statement is true regarding the configuration of ISL trunks?
A. All Catalyst switches support ISL trunking.
B. A Catalyst switch will report giants if one side is configured for ISL while the other side is not.
C. ISL trunking requires that native VLANs match.
D. A Catalyst switch cannot have ISL and IEEE 802.1q trunks enabled.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 99
The Dev-1 and Dev-3 routers are OSPF neighbors over the Ethernet 0/0 connection. Based on the show ip ospf neighbor output from the Dev-1 and Dev-3 routers, which statement is true?

A. Dev-1 is the DR because it has a higher OSPF router priority.
B. Dev-1 is the DR because it has a lower OSPF router ID.
C. Dev-3 is the DR because it has a higher OSPF router priority.
D. Dev-3 is the DR because it has a lower OSPF router ID.
E. Both Dev-1 and Dev-3 are using the default OSPF router priority.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 100
When other routing protocol routes are being redistributed into OSPF, what is one of the most common problems?
A. missing the tag option in the redistribute command.
B. missing the subnet option in the redistribute command.
C. missing the metric option in the redistribute command.
D. misconfiguring the metric-type option in the redistribute command to type-1.
E. misconfiguring the metric-type option in the redistribute command to type-2.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which three are characteristics of IPv6? (Choose three.)
A. An IPv6 address is 128 bits long.
B. An IPv6 header is 20 bits long.
C. An IPv6 header contains the next header field.
D. An IPv6 header contains the protocol field.
E. IPv6 routers send RA messages.
F. An IPv6 header contains the header checksum field.
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Why should iBGP sessions be fully meshed within a Transit AS?
A. BGP requires redundant TCP sessions between iBGP peers.
B. A full mesh allows for optimal routing within the Transit AS.
C. Routes learned via iBGP are never propagated to other eBGP peers.
D. Routes learned via iBGP are never propagated to other iBGP peers.
E. Routes learned via eBGP are never propagated to other iBGP peers.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 103
The 192.168.0.0 network is not being propagated throughout the network. Observe the BGP configuration commands from the advertising router. What is the reason the 192.168.0.0 route is not being advertised?
router bgp 65111neighbor 172.16.1.1 remote-as 65111neighbor 172.16.2.1 remote-as 65112network 192.168.0.0 network 10.0.0.0 ! ip route 192.168.0.0 255.255.0.0 null0
A. The network 192.168.0.0 statement is missing mask 255.255.0.0
B. The network 192.168.0.0 statement is missing mask 0.0.255.255.
C. The network 10.0.0.0 statement is missing mask 255.0.0.0.
D. The network 10.0.0.0 statement is missing mask 0.255.255.255.
E. The auto-summary configuration is missing.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 104
What are the basic configuration steps to enable IS-IS?
A. Configure the net system-id command under router isis and enable IS-IS on each interface with the ip router isis command.
B. Configure the network net-id command(s) under router isis and enable IS-IS on each interface with the ip router isis command.
C. Configure the network net-id command(s) and the is-type level-1-2 command under router isis.
D. Configure the net system-id and the network net-id commands under router isis.
E. Configure the net system-id and the network net-id commands under router isis and enable IS-IS on each interface with the ip router isis command.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 105
Which BGP attribute is used by BGP to prevent routing loops?
A. AS-path
B. next-hop
C. MED
D. weight
E. local preference
F. origin
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 106
When the BGP path selection process is being performed on a Cisco router, which BGP attribute is used first when determining the best path?
A. local preference
B. MED
C. weight
D. origin
E. next-hop
F. AS-path
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 107
Which three characteristics apply to IS-IS but not to OSPF? (Choose three.)
A. encapsulates PDUs directly into a data-link frame
B. uses a DIS and a backup DIS to present the pseudo-node on the LAN
C. uses stubby areas to improve network scalability
D. uses a default IOS metric of 10 on each interface
E. runs PRC (Partial Route Calculations) to calculate IP reachability information
F. uses an on-demand circuit to reduce the hello and LSA flooding across switched WAN links, such as ISDN
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Which BGP path attribute is Cisco proprietary?
A. weight
B. MED
C. local preference
D. origin
E. next-hop
F. AS-path
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Which show command will display only the Type 5 LSAs in the OSPF topology database?
A. show ip route
B. show ip route ospf
C. show ip ospf database summary
D. show ip ospf database nssa-external
E. show ip ospf database external
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 110
A network administrator has enabled OSPF across an NBMA network and has issued the command ipospf network nonbroadcast. Given those facts, which two statements are true? (Choose two.)
A. DR and BDR elections will occur.
B. DR and BDR elections will not occur.
C. All routers must be configured in a fully meshed topology with all other routers.
D. The neighbor command is required to build adjacencies.
E. Interfaces will automatically detect and build adjacencies with neighbor routers.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 111
Which three statements are correct about the differences in IS-IS and OSPF? (Choose three.)
A. IS-IS LSP contains TLV fields and OSPF LSU contains the LSAs.
B. New additions to the protocol are easily implemented in OSPF but not with IS-IS.
C. For greater fine tuning there are more IS-IS timers.
D. OSPF has more area types than does IS-IS.
E. IS-IS is more CPU-intensive than is OSPF.
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Which enhancement was added to IGMP version 3?
A. membership query message
B. membership report message
C. leave group message
D. source filtering
E. destination filtering
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Examine the router output above. Which two items are correct? (Choose two.)

A. Router A will assume the active state if its priority is the highest.
B. If Ethernet 0/2 goes down, the standby router will take over.
C. When Ethernet 0/3 of RouterA comes back up, the priority will become 105.
D. The local IP address of Router A is 10.1.0.6.
E. The local IP address of Router A is 10.1.0.20.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which configuration commands will enable RTA to advertise all local interfaces over OSPF?
A. RTA(config)# router ospf 1RTA(config-router)# default-information originate
B. RTA(config)# router ospf 1RTA(config-router)# network 255.255.255.255 255.255.255.255
C. RTA(config)# router ospf 1RTA(config-router)# network 0.0.0.0
D. RTA(config)# router ospf 1RTA(config-router)# network 0.0.0.0 0.0.0.0
E. RTA(config)# router ospf 1RTA(config-router)# redistribute static
F. RTA(config)# router ospf 1RTA(config-router)# redistribute connected
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which attribute must exist in the BGP update packet?
A. LOCAL_ PREF
B. AGGREGATOR
C. AS_Path
D. Weight
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Which BGP attribute will not be advertised in routing updates to its neighboring routers?
A. weight
B. local preference
C. origin
D. AS_path
E. next hop
Correct Answer: A Section: (none) Explanation Explanation/Reference:
QUESTION 117
Observe the diagram. RTC is the hub router and RTA and RTB are the spokes. There are no virtual circuits between the spoke locations. What is needed to successfully route traffic to the 11.11.11.0/24 network from RTA?

A. The neighbor 10.10.10.1 next-hop-self command on RTA.
B. The neighbor 10.10.10.1 next-hop-self command on RTB.
C. The neighbor 10.10.10.1 next-hop-self command on RTC.
D. Nothing is required. This is the default behavior on this topology.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Refer to the exhibit diagram and configuration. RTB is summarizing its networks from AS 64100 with the aggregate-address command. However, the show ip route command on RTA reveals the RTB individual networks as well as its summary route. Which option would ensure that only the summary route would appear in the routing table of RTA?

A. Delete the four network statements and leave only the aggregate-address statement in the BGP configuration.
B. Add the keyword summary-only to the aggregate-address command.
C. Add a static route with a prefix of 192.168.24.0 255.255.252.0 pointing to the null0 interface.
D. Create a route map permitting only the summary address.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Refer to the exhibit. What must be configured on router RTA to summarize all routes from area 0 to area 1?

A. area 0 range 172.16.96.0 255.255.224.0
B. area 0 range 172.16.96.0 255.255.255.0
C. area 1 range 172.16.96.0 255.255.224.0
D. area 1 range 172.16.96.0 255.255.0.0
E. summary-address 172.16.96.0 255.255.224.0
F. summary-address 172.16.96.0 0.0.63.255
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Which VTP information does a Catalyst switch advertise on its trunk ports when using VTP? (Choose two.)
A. VTP mode
B. STP root status
C. negotiation status
D. management domain
E. configuration revision number
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 121
What is the maximum Ethernet frame size on a trunk link configured using IEEE 802.1Q encapsulation?
A. 1496 Bytes
B. 1500 Bytes
C. 1518 Bytes
D. 1522 Bytes
E. 1548 Bytes
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 122
What are three kinds of OSPF areas? (Choose three.)
A. stub
B. active
C. remote
D. backbone
E. ordinary or standard
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which command displays the IBGP and EBGP neighbors that are configured?
A. show ip bgp
B. show ip bgp paths
C. show ip bgp peers
D. show ip bgp summary
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Which two provide intra-area routing services? (Choose two.)
A. L1 IS
B. L1 ES
C. L2 IS
D. L2 ES
E. L1/L2 IS
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 125
The lack of which two prevents VTP information from propagating between switches? (Choose two.)
A. VLAN 1
B. a trunk port
C. VTP priority
D. a root VTP server
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 126
The network administrator cannot connect to Switch1 over a Telnet session, although the hosts attached to Switch1 can ping the interface Fa0/0 of the router. Given the information in the graphic and assuming that the router and Switch2 are configured properly, which of the following commands should be issued on Switch1 to correct this problem?

A. Switch1(config)# line con0Switch1(config-line)# password ciscoSwitch1(config-line)#login
B. Switch1(config)# interface fa0/1Switch1(config-if)# ip address 192.168.24.3 255.255.255.0
C. Switch1(config)# ip default-gateway 192.168.24.1
D. Switch1(config)# interface fa0/1Switch1(config-if)# duplex fullSwitch1(config-if)# speed 100
E. Switch1(config)# interface fa0/1Switch1(config-if)# switchport mode trunk
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Why would a network administrator configure port security on a switch?
A. to prevent unauthorized Telnet access to a switch port
B. to limit the number of Layer 2 broadcasts on a particular switch port
C. to prevent unauthorized hosts from accessing the LAN
D. to protect the IP and MAC address of the switch and associated ports
E. to block unauthorized access to the switch management interfaces over common TCP ports
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 128
Refer to the exhibit. All routers have simultaneously been reloaded and the DR election has concluded as expected. What state is RTB in?

A. 2WAY/DROTHER
B. 2WAY/BDR
C. 2WAY/DR
D. FULL/DROTHER

E. FULL/BDR
F. FULL/DR
Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 129
Refer to the exhibit. All routers have simultaneously been reloaded, and the DR election has concluded as

A. 2WAY/DROTHER
B. 2WAY/BDR
C. 2WAY/DR
D. FULL/DROTHER

E. FULL/BDR
F. FULL/DR
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 130
When an IPv6 enabled host boots, it sends a router solicitation (RS) message. An IPv6 router responds with a router advertisement (RA). Which two items are contained in the RA? (Choose two.)
A. IPv6 address for the host
B. lifetime of the prefix
C. prefixes for the link
D. keepalive timers
E. request for the local host IP address
F. any route advertisements it has received
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 131
Which statement is true about EBGP?
A. An internal routing protocol can be used to reach an EBGP neighbor.
B. The next hop does not change when BGP updates are exchanged between EBGP neighbors.
C. A static route can be used to form an adjacency between neighbors.
D. EBGP requires a full mesh.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 132
Which two are characteristics of the IS-IS protocol but not OSPF? (Choose two.)
A. provides for network scalability by allowing the network to be separated into areas
B. provides routing support for multiple network layer protocols
C. three layers of hierarchical routing
D. utilizes SPF algorithm
E. forms adjacencies with all neighbors
F. supports demand circuit routing
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 133
Which three are benefits of IS-IS over OSPF? (Choose three.)
A. supports more routers in an area
B. does not require Hello packets to establish neighbor relationships
C. produces fewer link state advertisements for a given network
D. supports route tags
E. supports network layer protocols other than IP
F. requires fewer neighbor relationships in a broadcast multiaccess network
Correct Answer: ACE Section: (none) Explanation Explanation/Reference:
QUESTION 134
Which two conditions can cause BGP neighbor establishment to fail? (Choose two.)
A. There is an access list blocking all TCP traffic between the two BGP neighbors.
B. The IBGP neighbor is not directly connected.
C. BGP synchronization is enabled in a transit autonomous system with fully-meshed IBGP neighbors.
D. The BGP update interval is different between the two BGP neighbors.
E. The BGP neighbor is referencing an incorrect autonomous system number in its neighbor statement.
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 135
Based on the show ip bgp summary output, which two statements are true? (Choose two.)

A. The BGP session to the 10.1.1.1 neighbor is established.
B. The BGP session to the 10.2.2.2 neighbor is established.
C. The BGP session to the 10.3.3.3 neighbor is established.
D. The router is attempting to establish a BGP peering session with the 10.1.1.1 neighbor.
E. The BGP session to the 10.3.3.3 neighbor is established, but the router has not received any BGP routing updates from the 10.3.3.3 neighbor.
F. The router is attempting to establish a BGP peering session with the 10.2.2.2 neighbor.
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:

Flydumps.com New Cisco 642-892 dumps are designed to help you to out in a short time. You can get Flydumps Cisco 642-892 dumps to pass your exam. To be a Microsoft professional makes you a better future.

Welcome to download the newest Newcerts 350-060 VCE dumps: http://www.newcerts.com/350-060.html

Cisco 642-892 Exam Demo, Provide Latest Cisco 642-892 Study Guide For Sale

Cisco 642-891 Real Question Description, 50% Discount Cisco 642-891 PDF Exams Is Your Best Choice

Welcome to download the newest Examwind 225-030 Certification dumps: http://www.examwind.com/225-030.html

Relatively speaking, the collection of relevant information on research has a certain degree of difficulty. If you would like to take part in Cisco 642-891 exam, FLYDUMPS will be the best choice for you; there we will provide you with the most up to-date information and Cisco 642-891 exam sample questions, download, to give you a better learning platform to help you smooth the adoption of exam. You can choose to FLYDUMPS, a large number of experienced team of IT professionals, and make unremitting efforts to the success of a compilation of the most effective Cisco 642-891 exam sample questions and the most advanced Cisco 642-891 exam simulation questions and answers.

QUESTION 76
Which three statements are correct about the differences in IS-IS and OSPF? (Choose three.)
A. IS-IS LSP contains TLV fields and OSPF LSU contains the LSAs.
B. New additions to the protocol are easily implemented in OSPF but not with IS-IS.
C. For greater fine tuning there are more IS-IS timers.
D. OSPF has more area types than does IS-IS.
E. IS-IS is more CPU-intensive than is OSPF.

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 77
Which three techniques can be used to transition from IPv4 to IPv6? (Choose three.)
A. 6to4 tunneling
B. flow label
C. dual stack
D. anycast
E. NAT
F. mobile IP

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Observe the above diagram. Spanning tree is enabled on all devices.
Currently either Switch B or C can serve as the root should Switch A fail. A client recently connected Device D, a PC running switching application software, to Switch C port P3/3. The administrator would like to configure Root Guard to ensure that Device D does not assume the role of root. All other parameters must stay the same. On which interface(s) must Root Guard be enabled?

A. P1/2
B. P2/2
C. P3/3
D. P1/1 and P1/2
E. P1/2 and P2/2
F. P1/2, P2/2 and P3/3

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Which three characteristics apply to IS-IS but not to OSPF? (Choose three.)
A. encapsulates PDUs directly into a data-link frame
B. uses a DIS and a backup DIS to present the psuedo-node on the LAN
C. uses stubby areas to improve network scalability
D. uses a default IOS metric of 10 on each interface
E. runs PRC (Partial Route Calculations) to calculate IP reachability information
F. uses an on-demand circuit to reduce the hello and LSA flooding across switched WAN links, such as ISDN

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Given the above OSPF network, which command will RTB use to summarize routes for the 192.168.16.0/22 supernet before injecting them into Area 0?

A. area 10 range 192.168.16.0 255.255.252.0
B. summary-address 192.168.16.0 255.255.252.0
C. ip summary-address ospf 101 192.168.16.0 255.255.252.0
D. area 0 range 192.168.16.0 255.255.252.0
E. ip summary-address area 0 192.168.16.0 255.255.252.0

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 81
Which three items are configured in MST configuration submode? (Choose three.)
A. region name
B. configuration revision number
C. VLAN instance map
D. IST STP BPDU hello timer
E. CST instance map
F. PVST+ instance map

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Which command displays statistics on EIGRP hello, updates, queries, replies, and acknowledgments?
A. debug eigrp packets
B. show ip eigrp traffic
C. show ip eigrp topology
D. show ip eigrp neighbors

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Refer to the exhibit. Given the output of a debug ip mrouting command, which two statements are true? (Choose two.)

A. This router received an IGMP host report from a group member or a PIM join message.
B. The reverse path forwarding (RPF) for the route 224.2.0.1 failed to find the interface on which the multicast packet was received.
C. Multicast route to 10.16.0.0/16 was added to the mroute table and created by a source directly connected to the router.
D. Multicast route to 224.69.15.0/24 was added to the mroute table and created by a source directly connected to the router.
E. The route to 224.69.15.0/24 will be out Ethernet 0.

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 84
The network administrator maps VLANs 10 through 20 to MST instance 2.
How will this information be propagated to all appropriate switches?
A. Information will be carried in the RSTP BPDUs.
B. It will be propagated in VTP updates.
C. Information is stored in the Forwarding Information Base and the switch will reply upon query.
D. Multiple Spanning Tree must be manually configured on the appropriate switches.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Examine the BGP table. What is the correct command to summarize the listed prefixes into a single summary prefix of 192.168.12.0/22 while also allowing for the advertisement of the more specific prefixes?

A. network 192.168.12.0 mask 255.255.252.0
B. network 192.168.12.0 mask 0.0.3.255
C. network 192.168.12.0
D. aggregate-address 192.168.12.0 255.255.252.0
E. aggregate-address 192.168.12.0 255.255.252.0 summary-only
F. aggregate-address 192.168.12.0 255.255.252.0 as-set

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 86
Refer to the exhibit and the output on R1. What is the OSPF area type configured for area 1?

A. stub area
B. totally stubby area
C. NSSA
D. NSSA totally stubby area

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which three types of OSPF route entries can be found in the routing table of an internal OSPF router within an OSPF NSSA area? (Choose three.)
A. O
B. O N2
C. O* N2
D. O E1
E. O E2

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Based on the network diagram and routing table output in the exhibit, which of these statements is true?

A. InterVLAN routing has been configured properly, and the workstations have connectivity to each other.
B. InterVLAN routing will not occur since no routing protocol has been configured.
C. Although interVLAN routing is not enabled, both workstations will have connectivity to each other.
D. Although interVLAN routing is enabled, the workstations will not have connectivity to each other.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 89
Which protocol specified by RFC 2281 provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first-hop failures in network edge devices or access circuits?
A. STP
B. IRDP
C. ICMP
D. HSRP

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which option correctly identifies the Cisco IOS switching methods in descending order from the fastest method to the slowest method?
A. CEF, distributed CEF (dCEF), fast switching, process switching
B. distributed CEF (dCEF), CEF, fast switching, process switching
C. fast switching, process switching, distributed CEF (dCEF), CEF
D. process switching, fast switching, distributed CEF (dCEF), CEF
E. process switching, distributed CEF (dCEF), CEF, fast switching
F. process switching, CEF, distributed CEF (dCEF), fast switching

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 91
Refer to the exhibit. A network administrator is troubleshooting IS-IS routing. Currently, RTA is not receiving Link State Packets (LSPs) from RTB. What is the problem?

A. RTB must be configured with the is-type level-1 command under router isis.
B. RTA must be configured with the isis circuit-type level-1 under interface s0.
C. RTA and RTB are configured in different areas.
D. RTA and RTB should both be configured for is-type level-2 under router isis.

Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 92
What does IS-IS use to establish and maintain neighbor relationships between IS’s?
A. IIH
B. LSP
C. CLNS
D. CLNP
E. ISH

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Which well-defined routing protocol would a network administrator configure on multicast routers when member routers are widely dispersed?
A. Distance Vector Multicast Routing Protocol (DVMRP)
B. Protocol Independent Multicast Dense Mode (PIM-DM)
C. Multicast Open Shortest Path First (MOSPF)
D. Protocol Independent Multicast Sparse Mode (PIM-SM)
E. Core-Based Trees (CBT)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 94
When the BGP path selection process is being performed on a Cisco router, which BGP attribute is used first when determining the best path?
A. local preference
B. MED
C. weight
D. origin
E. next-hop
F. AS-path

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 95
What action does an EIGRP router take when it cannot find a feasible successor for a network?
A. It examines the routing and neighbor tables for the next best path.
B. It transitions from passive to active state for that network and queries its neighbors.
C. It examines the topology table for a next best path.
D. It transitions from active to passive state for that network and queries its neighbors.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 96
What must be configured on a Cisco switch in order to advertise VLAN information?
A. VTP password
B. VTP domain name
C. VTP revision number
D. VTP mode
E. VTP pruning

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Which two are characteristics of the IS-IS protocol but not OSPF? (Choose two.)
A. provides for network scalability by allowing the network to be separated into areas
B. provides routing support for multiple network layer protocols
C. three layers of hierarchical routing
D. utilizes SPF algorithm
E. forms adjacencies with all neighbors
F. supports demand circuit routing

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 98
A Level-2 IS can establish an adjacency with which routers? (Choose three.)
A. any Level-1 IS in any area
B. any Level-2 IS in any area
C. any Level-1 IS in the same area
D. any Level-1/Level-2 IS in any area
E. any Level-1/Level-2 IS in the same area

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference: QUESTION 99
Refer to the exhibit. The administrator of this internetwork needs to provide subnets with a /30 mask for the three WAN links connecting RTA to RTB, RTC, and RTD. The address ranges allocated for these connections are within the 172.16.14.0/27 address range. Which three subnets can be used for the WAN links?

A. 172.16.14.36/30172.16.14.40/30172.16.14.44/30
B. 172.16.14.68/30172.16.14.72/30172.16.14.76/30
C. 172.16.14.100/30172.16.14.104/30172.16.14.108/30
D. 172.16.14.132/30172.16.14.136/30172.16.14.140/30

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 100
How does 802.1q trunking keep track of multiple VLAN’s?
A. modifies the port index of a data frame to indicate the VLAN
B. adds a new header containing the VLAN ID to the data frame
C. encapsulates the data frame with a new header and frame check sequence
D. tags the data frame with VLAN information and recalculates the CRC value

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which three statements are true about EIGRP operation? (Choose three.)
A. When summarization is configured, the router will also create a route to null 0.
B. The summary route remains in the route table, even if there are no more specific routes to the network.
C. Summarization is configured on a per-interface level.
D. The maximum metric for the specific routes is used as the metric for the summary route.
E. Automatic summarization across major network boundaries is enabled by default.

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 102
What will be the effect of applying the VLAN access map configuration on a switch?Router(config)# vlan access-map thor 10Router(config-access-map)# match ip address net_10Router(config-access-map) #action forwardRouter(config-access-map)#exitRouter(config)# vlan filter thor vlan-list 12-16
A. All VLAN 12 through 16 IP traffic matching net_10 is forwarded and all other IP packets are dropped.
B. IP traffic matching vlan-list 12-16 is forwarded and all other IP packets are dropped.
C. IP traffic matching net_10 is dropped and all other IP packets are forwarded to VLANs 12 through 16.
D. All VLAN 12 through 16 IP traffic is forwarded, other VLAN IP traffic matching net_10 is dropped.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 103
Refer to the exhibit. BGP sessions are established between all autonomous systems. AS 100 receives updates about network 200.200.200.0/24 from routers R2, R3, R4, and R5 with different MED values. Which router will be chosen as a next hop to reach the network 200.200.200.0/24 if all other attributes are the same?

A. R2
B. R3
C. R4
D. R5

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 104
In the configuration below, how much bandwidth will be used by the EIGRP updates? interface serial0bandwidth 40ip bandwidth-percent eigrp 1 200
A. 40 kbps
B. 60 kbps
C. 80 kbps
D. 200 kbps
E. 40 Mbps
F. 80 Mbps

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

The last segment is related to the basic inferential statistics that require your knowledge of chi-square, correlations, regression, samples, statistical errors, t-test and statistics. Command of these segments will help you in obtaining this certification. It will help you to understand the Cisco 642-891 exam questions and answer them appropriately.

Welcome to download the newest Examwind 225-030 Certification dumps: http://www.examwind.com/225-030.html

Cisco 642-891 Real Question Description, 50% Discount Cisco 642-891 PDF Exams Is Your Best Choice

Cisco 642-812 VCE Exam, Welcome To Buy Cisco 642-812 Exam Practice PDF With New Discount

Welcome to download the newest Examwind 642-647 VCE dumps: http://www.examwind.com/642-647.html

Flydumps is providing complete solutions for Cisco 642-812 that will help the candidates learn extensively and score exceptional in the Cisco 642-812 exam. Passing the Microsoft is not a dream anymore as our user friendly learning resources ensure guaranteed success.

QUESTION 80
Refer to the exhibit. An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server for a man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack?

A. All switch ports in the Building Access block should be configured as DHCP trusted ports.
B. All switch ports in the Building Access block should be configured as DHCP untrusted ports.
C. All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted ports.
D. All switch ports connecting to hosts in the Building Access block should be configured as DHCP untrusted ports.
E. All switch ports in the Server Farm block should be configured as DHCP untrusted ports.
F. All switch ports connecting to servers in the Server Farm block should be configured as DHCP untrusted ports.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 81
LAB

A. The information of the question You will configure FastEthernet ports 0/12 through 0/24 for users who belong to VLAN 20. Also, all VLAN and VTP configurations are to be completed in global configuration mode as VLAN database mode is being deprecated by Cisco. You are required to accomplish the following tasks:
1.
Ensure the switch does not participate in VTP but forwards VTP advertisements received on trunk ports.

2.
Ensure all non-trunking interfaces (Fa0/1 to Fa0/24) transition immediately to the forwarding state of Spanning-Tree.

3.
Ensure all FastEthernet interfaces are in a permanent non-trunking mode.

4.
Place FastEthernet interfaces 0/12 through 0/24 in VLAN 20
Correct
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
switch#conf t switch(config)#vtp mode transparent switch(config)#interface range fa0/1 – 24 switch(config-if-range)#switchport mode access switch(config-if-range)#spanning-tree portfast switch(config)#interface range fa0/12 – 24 switch(config-if-range)#switchport access vlan 20 switch(config-if-range)#end switch# copy run start
Answer: A
QUESTION 82
LAB

A. The information of the question VTP Domain name : cisco VLAN Ids 20 31 IP Addresses 172.16.71.1/24 172.16.132.1/24 These are your specific tasks:
1.
Configure the VTP information with the distribution layer switch as the VTP server

2.
Configure the VTP information with the access layer switch as a VTP client

3.
Configure VLANs on the distribution layer switch

4.
Configure inter-VLAN routing on the distribution layer switch

5.
Specific VLAN port assignments will be made as users are added to the access layer switches in the future.

6.
All VLANs and VTP configurations are to completed in the global configuration To configure the switch click on the host icon that is connected to the switch be way of a serial console cable. Correct

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
vtp server configuration: switch#conf t switch(config)#vtp mode server switch(config)#vtp domain CISCO switch(config)#vlan 20 switch(config)#vlan 31 switch(config)#int vlan 20 switch(if-config)#ip add 172.64.20.1 255.255.255.0 switch(if-config)#no shut switch(if-config)#int vlan 31 switch(if-config)#ip add 192.162.31.1 255.255.255.0 switch(if-config)#no shut switch(if-config)#exit switch#ip routing switch#copy run start
vtp client configuration: switch#conf t switch(config)#vtp mode client switch(config)#vtp domain CISCO switch#copy run start
Answer: A
QUESTION 83
In the hardware address 0000.0c07.ac0a what does 07.ac represent?
A. vendor code
B. HSRP group number
C. HSRP router number
D. HSRP well-known physical MAC address
E. HSRP well-known virtual MAC address

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 84
Refer to the exhibit. Which two statements are true about the required switch configurations to support a voice VLAN? (Choose two.)

A. CDP must be disabled on the switch port to prevent interference between CDP messages and voice traffic.
B. CDP must be enabled on the switch port to allow configuration information to be passed to the IP phone.
C. Static secure MAC addresses should be configured on voice vlan ports to prevent access by devices other than IP phones.
D. Portfast must be enabled on the switch port.
E. 802.1x authentication cannot be configured on a port configured for a voice vlan.
F. Port security cannot be configured on a port that is configured for a voice vlan.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which statement describes the function of a trust boundary?
A. Trust boundaries determine whether certain types of traffic can pass.
B. Trust boundaries are a point in the network where decisions about CoS markings on incoming packets are made.
C. Trust boundaries are a point in the network where QoS functionality begins and ends.
D. Trust boundaries are points in the network where Layer 2 CoS markings are converted to Layer 3 DSCP or IP precedence markings.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Refer to the exhibit. The service provider wants to ensure that switch S1 is the root switch for its own network and the network of the customer. On which interfaces should root guard be configured to ensure that this happens?

A. interfaces 1 and 2
B. interfaces 1, 2, 3, and 4
C. interfaces 1, 3, 5, and 6
D. interfaces 5 and 6
E. interfaces 5, 6, 7, and 8
F. interfaces 11 and 12

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Refer to the exhibit. Which Catalyst switch interface command would be used to cause the switch to instruct the phone to override the incoming CoS from the PC before forwarding the packet to the switch?

A. switchport priority extend none
B. switchport priority extend trust
C. switchport priority extend cos 2
D. switchport priority extend cos 11
E. mls qos cos 2
F. mls qos cos 2 override

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Given the above partial configuration, which two statements are true about VLAN traffic? (Choose two.)

A. VLANs 1-5 will be blocked if fa0/10 goes down.
B. VLANs 1-5 will use fa0/10 as a backup only.
C. VLANs 6-10 will use fa0/10 as a backup only.
D. VLANs 6-10 have a port priority of 128 on fa0/10.
E. VLANs 1-10 are configured to load share between fa0/10 and fa0/12.

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 89
Drop A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which three statements are true about the dynamic ARP inspection (DAI) feature? (Choose three.)
A. DAI can be performed on ingress ports only.
B. DAI can be performed on both ingress and egress ports.
C. DAI is supported on access and trunk ports only.
D. DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.
E. DAI should be configured on all access switch ports as untrusted and on all switch ports connected to other switches as trusted.
F. DAI should be enabled on the root switch for particular VLANs only in order to secure the ARP caches of hosts in the domain.

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference: QUESTION 91
Refer to the exhibit. Which Virtual Router Redundancy Protocol (VRRP) statement is true about the roles of the master virtual router and the backup virtual router?

A. Router A is the master virtual router, and Router B is the backup virtual router. When Router A fails, Router B will become the master virtual router. When Router A recovers, Router B will maintain the role of master virtual router.
B. Router A is the master virtual router, and Router B is the backup virtual router. When Router A fails, Router B will become the master virtual router. When Router A recovers, it will regain the master virtual router role.
C. Router B is the master virtual router, and Router A is the backup virtual router. When Router B fails, Router A will become the master virtual router. When Router B recovers, Router A will maintain the role of master virtual router.
D. Router B is the master virtual router, and Router A is the backup virtual router. When Router B fails, Router A will become the master virtual router. When Router B recovers, it will regain the master virtual router role.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 92
For what purpose is the command config network webmode enable used?
A. to allow HTTPS access to the WLAN controller
B. to allow HTTP access to the WLAN controller
C. to allow SSH access to the CLI of the WLAN controller D. to allow SSL access to the CLI of the WLAN controller

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 93
Refer to the exhibit. The signal transmitted from the AP is reflected off a wall resulting in multipath interference at the client end. Which statement is true?

A. If signal 1 is in phase with signal 2, the result is essentially zero signal or a dead spot in the WLAN.
B. If signal 2 is close to 360 degrees out of phase with signal 1, the result is essentially zero signal or a dead spot in the WLAN.
C. Multipath interference is solved by using dual antennas.
D. Multipath interference is less of an issue when using a DSSS technology because multipath is frequency selective.
E. The transmitted signal from the AP arrives at the client at slightly different times resulting in phase shifting.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 94
Refer to the exhibit. Both routers are configured for the Gateway Load Balancing Protocol (GLBP). Which statement is true?

A. The default gateway addresses of both hosts should be set to the IP addresses of both routers.
B. The default gateway address of each host should be set to to the virtual IP address.
C. The hosts will learn the proper default gateway IP address from Router A.
D. The hosts will have different default gateway IP addresses and different MAC addresses for each router.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 95
Which statement is true about utilizing a data network for voice traffic?
A. Adding bandwidth to the data network is the primary solution to provide for the needs of voice traffic.
B. Because voice traffic volume cannot be calculated, network bandwidth requirements must be determined from an existing installation.
C. Voice traffic will require some form of QoS mechanisms in most networks.
D. Voice traffic will require some form of QoS implementation only in congested networks.
E. Network congestion must be totally eliminated to provide proper voice traffic performance.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Which two Lightweight Access Point Protocol (LWAPP) statements are true? (Choose two.)
A. Control traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.
B. Control traffic is encapsulated in TCP packets with a source port of 1024 and a destination port of 12223.
C. Data traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.
D. Data traffic is encapsulated in TCP packets with a source port of 1024 and destination port of 12223.
E. Layer 3 LWAPP is a UDP / IP frame that requires a Cisco Aironet AP to obtain an IP address using DHCP.
F. LWAPP is a proprietary protocol, and because of its very high overhead it is not widely adopted .

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Refer to the exhibit. The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and cannot access network resources. On the basis of the information in the exhibit, which command sequence would correct the problem?

A. SW1(config)# interface fastethernet 0/1SW1(config-if)# no shut
B. SW1(config)# interface fastethernet 0/1SW1(config-if)# switchport mode access
C. SW1(config)# interface fastethernet 0/1SW1(config-if)# switchport mode accessSW1(config-if)# switchport access vlan 10
D. SW1(config)# vlan 10SW1(config-vlan)# no shut
E. SW1(config)# vlan 10SW1(config-vlan)# state active

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 98
Which issue or set of issues does the Lightweight Access Point Protocol (LWAPP) address?
A. reduction of processing in wireless controllers
B. distributed approach to authentication, encryption, and policy enforcement
C. provides security by blocking communication between access points and wireless clients
D. access point discovery, information exchange, and configuration

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 99
Refer to the exhibit. Dynamic ARP inspection (DAI) is enabled on switch SW_A only. Both Host_A and Host_B acquire their IP addresses from the DHCP server connected to switch SW_A. What would the outcome be if Host_B initiated an ARP spoof attack toward Host_A ?

A. The spoof packets will be inspected at the ingress port of switch SW_A and will be permitted.
B. The spoof packets will be inspected at the ingress port of switch SW_A and will be dropped.
C. The spoof packets will not be inspected at the ingress port of switch SW_A and will be permitted.
D. The spoof packets will not be inspected at the ingress port of switch SW_A and will be dropped.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Refer to the exhibit. Host A and Host B are connected to the Catalyst 3550 switch and have been assigned to their respective VLANs. The rest of the 3550 configuration is the default configuration. Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B.
Given the output displayed in the exhibit, which statement is true?

A. HSRP must be configured on SW1.
B. A separate router is required to support interVLAN routing.
C. Interface VLAN 10 must be configured on the SW1 switch.
D. The global config command ip routing must be configured on the SW1 switch.
E. VLANs 10 and 15 must be created in the VLAN database mode.
F. VTP must be configured to support interVLAN routing.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Refer to the exhibit. Based upon the debug output that is shown, which three statements about HSRP are true? (Choose three.)

A. The final active router is the router with IP address 172.16.11.111.
B. The router with IP address 172.16.11.111 has preempt configured.
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address
172.16.11.111.
D. The IP address 172.16.11.115 is the virtual HSRP IP address.
E. The router with IP address 172.16.11.112 has nonpreempt configured.
F. The router with IP address 172.16.11.112 is using default HSRP priority.

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 102
Refer to the exhibit. How will interface FastEthernnet0/1 respond when an 802.1x-enabled client connects to the port?

A. The switch port will enable 802.1x port-based authentication and begin relaying authentication messages between the client and the authentication server.
B. The switch port will disable 802.1x port-based authentication and cause the port to transition to the authorized state without any further authentication exchange.
C. The switch will cause the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate.
D. The switch will uniquely authorize the client by using the client MAC address.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 103
Which three descriptors are characteristics of voice traffic in the campus network? (Choose three.)
A. benign
B. bursty
C. drop sensitive
D. greedy
E. smooth
F. TCP retransmits

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 104
Which set of statements describes the correct order and process of a wireless client associating with a wireless access point?
A. 1. Client sends probe request.2. Access point sends probe response.3. Client initiates association.4. Access point accepts association.5. Access point adds client MAC address to association table.
B. 1. Client sends probe request.2. Access point sends probe response.3. Client initiates association.4. Access point accepts association.5. Client adds access point MAC address to association table.
C. 1. Client sends probe request.2. Access point sends probe response.3. Access point initiates association.4. Client accepts association.5. Access point adds client MAC address to association table.
D. 1. Access point sends probe request .2. Client sends probe response.3. Client initiates association.4. Access point accepts association.5. Access point adds client MAC address to association table.
E. 1. Access point sends probe request .2. Client sends probe response.3. Client initiates association.4. Access point accepts association.5. Client adds access point MAC address to association table.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 105
How are STP timers and state transitions affected when a topology change occurs in an STP environment?
A. All ports will temporarily transition to the learning state for a period equal to the max age timer plus the forward delay interval.
B. All ports will transition temporarily to the learning state for a period equal to the forward delay interval.
C. The default aging time for MAC address entries will be reduced for a period of the max age timer plus the forward delay interval.
D. The default hello time for configuration BDPUs will be reduced for the period of the max age timer.
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
QUESTION 106
Refer to the exhibit. When a profile is configured in the Aironet Desktop Utility, which security option permits the configuration of host-based Extensible Authentication Protocol (EAP)?

A. WPA/WPA2/CCKM
B. WPA/WPA2 Passphrase
C. 802.1x
D. Pre-Shared Key (Static WEP)

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 107
Which two WLAN client utility statements are true? (Choose two.)
A. In a Windows XP environment, a client adapter can only be configured and managed with the Microsoft Wireless Configuration Manager.
B. The Aironet Desktop Utility (ADU) can be used to enable or disable the adapter radio and to configure LEAP authentication with dynamic WEP.
C. The Cisco Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can both be enabled at the same time to setup WLAN client cards.
D. The Microsoft Wireless Configuration Manager can be configured to display the Aironet System Tray Utility (ASTU) icon in the Windows system tray.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 108
Refer to the exhibit. What is the effect on the trust boundary of configuring the command mls qos trust cos on the switch port that is connected to the IP phone?

A. Effectively the trust boundary has been moved to the IP phone.
B. The host is now establishing the CoS value and has effectively become the trust boundary.
C. The switch is rewriting packets it receives from the IP phone and determining the CoS value.
D. The switch will no longer tag incoming voice packets and will trust the distribution layer switch to set the CoS.
E. RTP will be used to negotiate a CoS value based upon bandwidth utilization on the link.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 109
Refer to the exhibit. Which three statements accurately describe this GLBP topology? (Choose three.)

A. Router A is responsible for answering ARP requests sent to the virtual IP address.
B. If Router A becomes unavailable, Router B will forward packets sent to the virtual MAC address of Router
C.
D. If another router were added to this GLBP group, there would be two backup AVGs.
E. Router B is in GLBP listen state.
F. Router A alternately responds to ARP requests with different virtual MAC addresses.
G. Router B will transition from blocking state to forwarding state when it becomes the AVG.

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Which two statements about HSRP priority are true? (Choose two.)
A. Assuming that preempting has also been configured, the router with the lowest priority in an HSRP group would become the active router.
B. The default priority of a router is zero (0).
C. The no standby priority command assigns a priority of 100 to the router.
D. To assign the HSRP router priority in a standby group, the standby group-number priority priority-value global configuration command must be used.
E. When two routers in an HSRP standby group are configured with identical priorities, the router with the highest configured IP address will become the active router.

Correct Answer: CE Section: (none) Explanation Explanation/Reference:
QUESTION 111
In which three HSRP states do routers send hello messages? (Choose three.)
A. standby
B. learn
C. listen
D. speak
E. active

Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 112
What does the command udld reset accomplish?
A. allows an UDLD port to automatically reset when it has been shutdown
B. resets all UDLD enabled ports that have been shutdown
C. removes all UDLD configurations from interfaces that were globally enabled
D. removes all UDLD configurations from interfaces that were enabled per-port

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Which three WLAN statements are true? (Choose three.)
A. A lightweight AP receives control and configuration from a WLAN controller to which it is associated.
B. A WLAN client that is operating in half-duplex mode will delay all clients in that WLAN.
C. Ad hoc mode allows mobile clients to connect directly without an intermediate AP.
D. Another term for infrastructure mode is independent service set (IBSS).
E. The Aironet 1230 access point is an example of an access point that operates solely as a lightweight access point.
F. WLANs are designed to share the medium and can easily handle an increased demand of channel contention.

Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Refer to the exhibit. Which three statements are true about trust boundaries in the campus network? (Choose three.)
A. A device is trusted if it correctly classifies packets.
B. A device is trusted if it correctly declassifies packets.
C. The outermost trusted devices represent the trust boundary.
D. Classification and marking occur using 802.1ab QoS bits before reaching the trust boundary.
E. Network trust boundaries are automatically configured in IOS version 12.3 and later.
F. For scalability, classification should be done as close to the edge as possible.

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which two Lightweight Access Point Protocol (LWAPP) statements are true? (Choose two.)
A. Control traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.
B. Control traffic is encapsulated in TCP packets with a source port of 1024 and a destination port of 12223.
C. Data traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.
D. Data traffic is encapsulated in TCP packets with a source port of 1024 and destination port of 12223.
E. Layer 3 LWAPP is a UDP / IP frame that requires a Cisco Aironet AP to obtain an IP address using DHCP.
F. LWAPP is a proprietary protocol, and because of its very high overhead it is not widely adopted .

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Refer to the exhibit. Which two problems are the most likely cause of the exhibited output? (Choose two.)
A. spanning tree issues
B. HSRP misconfiguration
C. VRRP misconfiguration
D. physical layer issues
E. transport layer issues

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Refer to the exhibit. Which switch interface configuration command would automatically configure quality of service (QoS) for voice over IP (VoIP) within a QoS domain?
A. auto qos voip cisco-phone
B. mls qos trust
C. switchport priority extend cos 7
D. switchport priority extend trust

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which three statements are true of the Link Aggregation Control Protocol (LACP)? (Choose three.)
A. LACP is used to connect to non-Cisco devices.
B. LACP packets are sent with the command channel-group 1 mode desirable.
C. LACP packets are sent with the command channel-group 1 mode active.
D. Standby interfaces should be configured with a higher priority.
E. Standby interfaces should be configured with a lower priority.

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link? (Choose two.)
A. The switch port attached to LinkB will not transistion to up.
B. One of the two switch ports attached to the hub will go into blocking mode when a BPDU is received.
C. Both switch ports attached to the hub will transition to the blocking state.
D. A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
E. The switch port attached to LinkA will immediately transition to the blocking state.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 120
What are two benefits provided in VTP Version 2 but NOT in VTP Version 1? (Choose two.)
A. supports Token Ring VLANs
B. allows VLAN consistency checks
C. saves VLAN configuration memory
D. reduces the amount of configuration necessary
E. allows active redundant links when used with spanning tree

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 121
What is the maximum Ethernet frame size on a trunk link configured using IEEE 802.1Q encapsulation?
A. 1496 Bytes
B. 1500 Bytes
C. 1518 Bytes
D. 1522 Bytes
E. 1548 Bytes

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Flydumps team use their experience and knowledge to study the examinations of past years and finally have developed the best training materials about Cisco 642-812 exam. Our Cisco 642-812 exam training materials are very popular among customers and this is the result of Flydumps’s expert team industrious labor. The simulation test and the answer of their research have a high quality and have 95% similarity with the true examination questions. FLYDUMPS is well worthful for you to rely on. If you use Flydumps’s training tool, you can 100% pass your first time to attend Cisco 642-812 exam.

Welcome to download the newest Examwind 642-647 VCE dumps: http://www.examwind.com/642-647.html

Cisco 642-812 VCE Exam, Welcome To Buy Cisco 642-812 Exam Practice PDF With New Discount

Cisco 642-437 Questions And Answers, Up To Date Cisco 642-437 Dump On Sale

Welcome to download the newest Flydumps MB6-700 VCE dumps: http://www.flydumps.com/MB6-700.html

Important Info — Cisco 642-437 new study guide are designed to help you pass the exam in a short time.Everything you need can be found in the new version Cisco 642-437 exam dumps.Visit Flydumps.com to get more valid information.

QUESTION: 1
The show policy-map interface command output is showing too many random drops for the mission-critical traffic class. What can be changed to reduce the random drops?
A. Increase the WRED max-threshold value for the mission-critical traffic class.
B. Increase the WRED min-threshold value for the mission-critical traffic class.
C. Decrease the WRED drop probability denominator for the mission-critical traffic class.
D. Decrease the queue-limit for the mission-critical traffic class.
E. Enable fair-queue within the mission-critical traffic class.
Answer: B
Explanation:
Weighted Fair Queuing (WFQ) is a dynamic process that divides bandwidth among queues based on weights. The process is designed to be fair, such that WFQ ensures that all traffic is treated fairly, with regard to its weight. There are several forms of WFQ, including Class-based Weighted Fair Queuing (CBWFQ) and Low Latency Queuing (LLQ). CBWFQ is probably the form of WFQ that is most commonly being deployed these days. CBWFQ works quite a bit like CQ, but the algorithm is more efficient and the configuration is quite a bit easier to understand. With CBWFQ, classes are created and traffic is assigned to those classes, as explained earlier in this chapter. Bandwidth is then assigned to those classes, and the amount of bandwidth assigned to a given class determines the amount of scheduling that class receives. In other words, the bandwidth statement on a given class determines the minimum amount of bandwidth that packets belonging to that class receive in the event of congestion. In the recent past, a PQ was added to the CBWFQ mechanism, specifically to handle VoIP traffic. This addition was necessary because, although CBWFQ did an excellent job of dividing up the available bandwidth, CBWFQ did not give any specific regard to the delay or jitter being introduced by queuing packets. The LLQ mechanism is CBWFQ with a single PQ, which receives strict scheduling priority. To go back to airline analogies, this is the equivalent of preboarding courtesies that are often offered to persons with special needs or those traveling with small children. In spite of the fact that these people may not be in first class, or elite frequent fliers, they are moved directly to the front of the line and put on the plane first because they have special needs. In the case of VoIP traffic, it may not be the most important traffic on your network, but it has very specific requirements for delay and jitter and, therefore, must be moved to the front of the line for transmission. Catalyst switches use classification to appropriate queuing frames for transmission. Although Catalyst switches only support the Cisco IOS features WFQ, CBWFQ, and LLQ on WAN interfaces, Ethernet interfaces use similar forms of queuing but vary in configuration and behavior.

QUESTION: 2
For which service is assured forwarding PHB used?
A. Best effort
B. Expedited forwarding
C. Guaranteed bandwidth
D. Class selector
Answer: C

Explanation:
With the introduction of the DSCP markings, there were significantly more possible markings for packets (0-63 are the possible markings for packets). Because there were so many more possible markings, the IETF decided to standardize what some of the codepoints meant. In part, this is to provide backward compatibility to IP precedence and, in part, this is to facilitate certain types of behaviors that were seen as fundamental to the DiffServ architecture. The following definition of a per-hop behavior is taken from Section 2.4 of RFC 2475: A per-hop behavior (PHB) is a description of the externally observable forwarding behavior of a DS node applied to a particular DS behavior aggregate … In general, the observable behavior of a PHB may depend on certain constraints on the traffic characteristics of the associated behavior aggregate, or the characteristics of other behavior aggregates. RFC 2597: The Assured Forwarding PHB Other than those defined in RFC 2474, there are two main PHBs, RFC 2597 defines the first of these. It is called the assured forwarding (AF) PHB, and the concept behind the PHB is to provide a level of assurance as to a given packet’s probability of being forwarded during congestion. RFC 2597 defines four classes, and each class is completely independent of the other classes. In addition, each class has three level of “drop precedence” to which packets of that class can be assigned.
QUESTION: 3
What are the two queuing options to the Catalyst 2950? (Choose two)
A. IP3Q
B. 2P2Q
C. 4Q
D. 1P2QIT

Answer: A, C

QUESTION: 4
What is the class selector PHB used for in the differentiated services model?
A. Best-effort service
B. Low-delay service
C. Bandwidth guarantee
D. Backward compatibility
Answer: D

Explanation:
With the introduction of the DSCP markings, there were significantly more possible markings for packets (0-63 are the possible markings for packets). Because there were so many more possible markings, the IETF decided to standardize what some of the codepoints meant. In part, this is to provide backward compatibility to IP precedence and, in part, this is to facilitate certain types of behaviors that were seen as fundamental to the DiffServ architecture. The following definition of a per-hop behavior is taken from Section 2.4 of RFC 2475: A per-hop behavior (PHB) is a description of the externally observable forwarding behavior of a DS node applied to a particular DS behavior aggregate … In general, the observable behavior of a PHB may depend on certain constraints on the traffic characteristics of the associated behavior aggregate, or the characteristics of other behavior aggregates. RFC 2597: The Assured Forwarding PHB Other than those defined in RFC 2474, there are two main PHBs, RFC 2597 defines the first of these. It is called the assured forwarding (AF) PHB, and the concept behind the PHB is to provide a level of assurance as to a given packet’s probability of being forwarded during congestion. RFC 2597 defines four classes, and each class is completely independent of the other classes. In addition, each class has three level of “drop precedence” to which packets of that class can be assigned.
QUESTION: 5
DRAG DROP
Match the IOS QoS feature on the left to the appropriate QoS mechanism on the right.

Answer:
Explanation:
A protocol-dependent switching process handles traffic arriving at a router interface. The switching process includes delivery of traffic to an outgoing interface buffer. First-in, first-out (FIFO) queuing is the classic algorithm for packet transmission. With FIFO, transmission occurs in the same order as messages are received. Until recently, FIFO queuing was the default for all router interfaces. If users require traffic to be reordered, the department or company must establish a queuing policy other than FIFO queuing. Cisco IOS software offers three alternative queuing options:
1.
Weighted fair queuing (WFQ) prioritizes interactive traffic over file transfers in order to ensure satisfactory response time for common user applications.

2.
Class-based weighted fair queuing (CBWFQ) in IOS 12.2 prioritizes traffic based on user-defined classes.

3.
Low latency queuing (LLQ) (IOS 12.2) brings strict priority queueing to Class-Based Weighted Fair Queuing (CBWFQ).
QUESTION: 6
Which other protocol does the auto qos voip cisco-phone command require to operate between the switch port and the IP phone?
A. RTP

B. Skinny Protocol
C. CDP
D. RTCP
E. VTP
F. DTP
Answer: C

Explanation:
Through the use of dot1q trunks, voice traffic from an IP Phone connected to an access port can reside on a separate VLAN and subnet. The workstation attached to the IP Phone might still reside on the access, or native, VLAN. This additional VLAN on an access port for voice traffic is referred to as a voice VLAN in Cisco IOS Software and auxiliary VLAN in CatOS. Subsequently, with the use of voice VLANs, all voice traffic is tagged to and from the Cisco IP Phone and Catalyst switch. The Catalyst switches use Cisco Discovery Protocol (CDP) to inform the IP Phone of the voice VLAN ID. By default, Cisco IP Phone voice traffic has a CoS value of 5. Here an example logical depiction of a voice VLAN. A common network design is to deploy both voice VLANs with trusting configurations for Cisco IP telephony applications (such as Cisco IP Phones). Another QoS option for IP Phones is extended trust. The switch can inform the IP Phone via CDP whether to trust ingress frames on its P1 port. The IP Phone may also be informed to overwrite the CoS value of the ingress frames on the P1 port with a specific CoS value. By default, the IP Phone does not trust frames arriving on the P1 port and rewrites the CoS value to 0 of any tagged frames. Untagged frames do not have CoS value. Extended trust is a feature available to any device that can interpret the CDP fields describing the voice VLAN information. At the time of publication, Cisco IP Phones and other Cisco appliances are the only devices to use this feature.
QUESTION: 7
What are the four types of per-hop behavior used with DSCP? (Choose four)
A. Expedited forwarding
B. Default
C. Class-bit
D. Assured forwarding
E. Class-selector
F. Express forwarding
Answer: A, B, D, E
Explanation:

With the introduction of the DSCP markings, there were significantly more possible markings for packets (0-63 are the possible markings for packets). Because there were so many more possible markings, the IETF decided to standardize what some of the codepoints meant. In part, this is to provide backward compatibility to IP precedence and, in part, this is to facilitate certain types of behaviors that were seen as fundamental to the DiffServ architecture. The following definition of a per-hop behavior is taken from Section 2.4 of RFC 2475: A per-hop behavior (PHB) is a description of the externally observable forwarding behavior of a DS node applied to a particular DS behavior aggregate … In general, the observable behavior of a PHB may depend on certain constraints on the traffic characteristics of the associated behavior aggregate, or the characteristics of other behavior aggregates. RFC 2597: The Assured Forwarding PHB Other than those defined in RFC 2474, there are two main PHBs, RFC 2597 defines the first of these. It is called the assured forwarding (AF) PHB, and the concept behind the PHB is to provide a level of assurance as to a given packet’s probability of being forwarded during congestion. RFC 2597 defines four classes, and each class is completely independent of the other classes. In addition, each class has three level of “drop precedence” to which packets of that class can be assigned. Expedited Forwarding (EF) PHB:
-Ensures minimum departure rate
-Guarantees bandwidth : The class is guaranteed an amount of bandwidth with prioritized forwarding
– Policies bandwidth : The class is not allowed to exceed the guaranteed amount
-Packets requiring Expedited Forwarding should be marked with DSCP binary Value.
QUESTION: 8
Which four of the following are required to calculate the LLQ priority bandwidth requirement for the voice traffic class? (Choose three)
A. Codec type
B. IP/UDP/RTP header lengths and Layer 2 overhead.
C. IP Phone Skinny Protocol overhead.
D. Number of concurrent VoIP calls to support.
E. Voice digitalization overhead.
Answer: A, B, D

Explanation:
The Low Latency Queuing (LLQ) feature provides strict priority queuing for class-based weighted fair queuing (CBWFQ), reducing jitter in voice conversations. Configured by the priority command, strict priority queuing gives delay-sensitive data, such as voice, preferential treatment over other traffic. With this feature, delay-sensitive data is sent first, before packets in other queues are treated. LLQ is also referred to as priority queuing/class-based weighted fair queuing (PQ/CBWFQ) because it is a combination of the two techniques. For CBWFQ, the weight for a packet belonging to a specific class is derived from the bandwidth assigned to the class during configuration. Therefore, the bandwidth assigned to the packets of a class determines the order in which packets are sent. All packets are serviced equally, based on weight. No class of packets may be granted strict priority. This scheme poses problems for voice and video traffic that is largely intolerant of delay, especially variation in delay. For voice traffic, variations in delay introduce irregularities of transmission, which manifest as jitter in the conversation. To enqueue a class of traffic to the strict priority queue, configure the priority command for the class after specifying the class within a policy map.
The Flydumps New Cisco 642-437 practice tests helps the user to keep a check on their learning and understanding and improve for the Cisco 642-437 exam. Flydumps makes you pass your exam much easier.

Flydumps MB6-700 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/MB6-700.html

Cisco 642-892 Exam Collection, Discount Cisco 642-892 Real Demo With 100% Pass Rate

Welcome to download the newest Jumpexam 070-462 VCE dumps: http://www.jumpexam.com/070-462.html

Flydumps provides the guaranteed preparation material to boost up your confidence in Cisco 642-892 exam.Successful candidates have provided their reviews about our guaranteed Cisco 642-892 preparation material,you can come to realize the real worth of our featured products through overviewing the reviews and testimonials.

QUESTION 51
Refer to the exhibit. Routers R1 and R2 are running EIGRP and have converged. On the basis of the information that is presented, which statement is true?

A. All outgoing routing updates from router R1 to router R2 will be suppressed, but the inbound updates will continue to be received.
B. All incoming routing updates from R2 will be suppressed, but the outgoing updates will continue to be sent.
C. Both outgoing and incoming routing updates on R1 will be stopped because of the passive-interface Serial0/0 configuration statement.
D. Both outgoing and incoming routing updates on R1 will be permitted because the distribute-list 20 out Serial0/0 command cannot be used with association with the outgoing interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Refer to the exhibit. On the basis of the configuration that is provided, how would the BGP updates that come from router R1 be replicated inside autonomous system 65200?

A. All BGP updates that are received on router R2 will be sent to routers R3 and R4. Routers R3 and R4 will then forward those BGP updates to router R5.
B. All BGP updates that are received on router R2 will not be sent to routers R3 and R4.
C. All BGP updates that are received on router R2 will be sent directly to router R5.
D. None of the BGP updates that are received on router R2 will ever be received by router R5.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Refer to the exhibit. Which configuration is reflected in the output that is displayed in the exhibit?

A. neighbor 192.168.28.1 route-map cisco in! access-list 66 permit 10.0.0.0 0.0.0.255! route-map cisco permit 10match ip address 66set local-preference 90
B. neighbor 192.168.28.1 route-map cisco out! access-list 66 permit 10.0.0.0 0.0.0.255! route-map cisco permit 10match ip address 66set metric 90
C. neighbor 192.168.28.1 route-map cisco out! access-list 66 permit 10.30.0.0 0.0.255.255! route-map cisco permit 10match ip address 66set metric 90
D. neighbor 192.168.28.1 route-map cisco in! access-list 66 permit 10.30.0.0 0.0.255.255! route-map cisco permit 10match ip address 66set local-preference 90
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Refer to the exhibit. Router RT-1 and router RT-2 both advertise network 131.25.0.0/16 to router RT-3 via internal BGP. What is the reason that router RT-3 chose router RT-1 as its best path to network 13125.0.0/16.

A. It advertises the best AS-path.
B. It advertises the best origin code.
C. It advertises the best MED.
D. It advertises the best local preference.
E. It has a better router ID.
F. It advertises a lower autonomous system.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 55
What technique should be used on BGP edge routers to prevent a multi-homed autonomous system from becoming a transit system?
A. Advertise with a high MED value all networks that are discovered via external BGP.
B. Remove the AS-Path information on all routes in the BGP table prior to advertising externally.
C. Only advertise networks externally if they have been discovered via internal BGP.
D. Use an outgoing distribution list to filter all networks not originating from inside the autonomous system.
E. Set the no-export community attribute on all networks that are advertised externally.
F. Set the origin code to incomplete for all networks that are discovered via external BGP.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
Which statement is true about Protocol Independent Multicast Dense Mode (PIM DM) multicast routing?
A. PIM DM supports shared distribution trees.
B. If a port is pruned, the administrator must re-enable the port to support multicast traffic.
C. The (S,G) state exists in every router, regardless of the presence of an RPF interface.
D. Flooding of traffic only occurs in the beginning stages of routing. Afterwards, all necessary ports are pruned and multicast traffic is not sent across those interfaces.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Refer to the exhibit and the partial configuration on routers R1 and R2. Hot Standby Routing Protocol (HSRP) is configured on the network to provide network redundancy for the IP traffic. The network administrator noticed that R2 does not become active when the R1 serial0 interface goes down. What should be changed in the configuration to fix the problem?

A. R2 should be configured with a HSRP virtual address.
B. R2 should be configured with a standby priority of 100.
C. The Serial0 interface on router R2 should be configured with a decrement value of 20.
D. The Serial0 interface on router R1 should be configured with a decrement value of 20.
Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 58
How is the configuration of a totally stubby area different from that of a stub area?
A. The totally stubby area requires the no-summary command on the ABR.
B. The totally stubby area requires the totally stubby command on the ABR.
C. The no-summary command should be included on all routers within the totally stubby area.
D. The totally stubby command should be included on all routers within the totally stubby area.
E. The totally stubby area requires the no-summary command on the ASBR.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Refer to the exhibit. Which one statement is true?

A. Traffic from the 172.16.0.0/16 network will be blocked by the ACL.
B. The 10.0.0.0/8 network will not be advertised by Router B because the network statement for the 10.0.0.0/8 network is missing from Router B.
C. The 10.0.0.0/8 network will not be in the routing table on Router B.
D. Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24 network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8 network.
E. Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which three of the following are features of the IS-IS routing protocol? (Choose three)
A. link-state routing protocol
B. inefficient use of bandwidth not appropriate for an ISP
C. supports VLSM
D. uses spanning tree algorithm for fast convergence
E. supports two routing levels within an autonomous system
F. operation is similar to BGP
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 61
What is the MAC address that would be derived from the multicast address 239.255.0.1?
A. 01-00-5e-7f-00-01
B. 00-00-00-7f-00-01
C. 10-00-5e-7f-00-01
D. 10-00-ef-ff-00-01
E. 01-01-ef-ff-00-01
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which two routing protocols require a metric to be configured when redistributing routes from other protocols? (Choose two.)
A. RIP
B. OSPF
C. EIGRP
D. IS-IS
E. BGP
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 63
By default, which statement is correct regarding the redistribution of routes from other routing protocols into OSPF?
A. They will appear in the OSPF routing table as type E1 routes.
B. They will appear in the OSPF routing table as type E2 routes.
C. Summarized routes are not accepted.
D. All imported routes will be automatically summarized when possible.
E. Only routes with lower administrative distances will be imported.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 64
What are the two effects of the IP multicast global configuration command ip pim send-rp-announceloopback0 scope 31 group-list 5 issued on multicast router RTA? (Choose two.)
A. RTA will drop all RP announcements it receives if the TTL field is greater than 31.
B. RTA will forward RP announcements provided they are within the scope of 31.
C. RTA will originate RP announcements with TTL set to 31.
D. RTA will forward RP announcements from any neighbor router with a source IP address that matches access-list 5.
E. RTA will originate RP announcements for multicast groups that match access-list 5.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Refer to the exhibit. It is desired to set up a BGP neighbor relationship between routers R1 and R4. BGP packets between them could travel through R2 or R3. What is the simplest configuration that will allow for failover?

A. Configure BGP neighbor relationships between all interfaces on R1 and R4.
B. Install a direct connection between R1 and R4.
C. Configure loopback interfaces on R1 and R4 to provide the update source address for BGP packets.
D. Configure only one neighbor relationship between R1’s 192.168.1.2 interface and R4’s 172.16.10.2 interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 66
Refer to the exhibit. The neighbor 10.1.1.1 weight 200 BGP configuration command has been configured on router A. What will be the result of this configuration?

A. Router A will prefer the path through router B for network 172.20.0.0.
B. Router A will prefer the path through router C for network 172.20.0.0.
C. Packets from router D will prefer the path through router B for networks advertised by router A.
D. Packets from router D will prefer the path through router C for networks advertised by router A.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which three characteristics are true about voice traffic in the campus network? (Choose three.)
A. bursty
B. greedy
C. drop sensitive
D. delay sensitive
E. UDP priority
F. TCP retransmits
Correct Answer: CDE Section: (none) Explanation
Explanation/Reference: QUESTION 68
Which three characteristics are true about voice traffic in the campus network? (Choose three.)
A. TCP retransmits
B. benign
C. greedy
D. drop sensitive
E. smooth
F. delay insensitive
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Which two statements are true about voice VLANs? (Choose two.)
A. Voice VLANs allow IP phones to be moved around without worrying about subnets.
B. Voice VLANs allow voice and data packets to be logically combined.
C. Implementing voice VLANs causes network administrators to change their existing IP topology.
D. Using voice VLANs makes it easier for network administrators to identify and troubleshoot network problems.
E. Voice VLANs are available on all Cisco switches.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which two statements are true about trust boundaries? (Choose two.)
A. Classifying and marking traffic should be done as close to the traffic source as possible.
B. Classifying and marking traffic should be done at the distribution layer.
C. Traffic is classified and marked as it travels through the network.
D. If untrusted traffic enters a switch, it can be marked with a new QoS value appropriate for the policy in place.
E. The trust boundary moves depending on the type of traffic entering the network.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Refer to the exhibit. On the basis of the configuration provided, how are the Hello packets sent by R2 handled by R5 in OSPF area 5?

A. The Hello packets will be exchanged and adjacency will be established between routers R2 and R5.
B. The Hello packets will be exchanged but the routers R2 and R5 will become neighbors only.
C. The Hello packets will be dropped and no adjacency will be established between routers R2 and R5.
D. The Hello packets will be dropped but the routers R2 and R5 will become neighbors.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 72
Which statement is true about OSPF Network LSAs?
A. They are originated by every router in the OPSF network. They include all routers on the link, interfaces, the cost of the link, and any known neighbor on the link.
B. They are originated by the DR on every multi-access network. They include all attached routers including the DR itself.
C. They are originated by Area Border Routers and are sent into a single area to advertise destinations outside that area.
D. They are originated by Area Border Router and are sent into a single area to advertise an Autonomous System Border Router.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Refer to the exhibit. OSPF is configured on all routers in the network. Area 5 is configured as an NSSA area. The RIPv2 routes are redistributed into the OSPF domain on router R5. What two types of LSAs will be originated by router R5? (Choose two.)

A. type 1 Router LSA
B. type 2 Network LSA
C. type 3 Network Summary LSA
D. type 4 ASBR Summary LSA
E. type 5 AS External LSA
F. type 7 NSSA External LSA
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Refer to the exhibit. The lightweight wireless architecture splits the processing of the 802.11 data and management protocols and the access point functionality between the access point and the WLAN controller using split MAC approach. Which three functionalities are handled by the WLAN controller? (Choose three.)

A. the transmission of beacon frames
B. the portions of the protocol that have real-time requirements
C. the response to Probe Request frames from clients
D. 802.11 authentication
E. 802.11 association and re-association (mobility)
F. 802.11 frame translation and bridging
Correct Answer: DEF Section: (none) Explanation Explanation/Reference:
QUESTION 75
Refer to the exhibit. Three different wireless groups of users are allowed to gain access to the wireless LAN. What type of security policy should be enforced for the users in the Guest group?

A. static WEP and MAC authentication
B. LEAP authentication
C. primary SSID with open or no WEP authentication
D. open authentication with WEP plus MAC authentication
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 76
Refer to the exhibit. Which statement is true about the repeater access point that is deployed in this wireless network?

A. The repeater access point should use a different SSID than the SSID configured on the parent access point.
B. The repeater access point should use a different WEP encryption method than the WEP encryption that is enabled on the parent access point.
C. The repeater access point reduces the throughput in half because it receives and then re-transmits each packet on the same channel.
D. The repeater access point requires a 10 percent channel overlap with channel of the root access point.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
What are two differences between the Autonomous WLAN solution and the Lightweight WLAN solution? (Choose two.)
A. TACACS+ can only be used for authentication with the Cisco Lightweight WLAN solution.
B. CiscoWorks Wireless LAN Solution Engine can be used for management with the Autonomous WLAN Solution.
C. CiscoWorks Wireless LAN Solution Engine can be used for management with the Lightweight WLAN Solution.
D. Cisco Wireless LAN Controller is used to configure the access points in the Lightweight WLAN solution.
E. Cisco Wireless LAN Controller is used to configure the access points in the Autonomous WLAN solution.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 78
How are VRRP messages exchanged between routers sharing a common LAN segment?
A. VRRP relies on TCP to open a connection and to maintain that connection using TCP keepalives.
B. Unicast IP addresses with UDP port ID 112.
C. Destination IP address 224.0.0.18 with IP Protocol ID 112.
D. VRRP messages are directly encapsulated into the Ethernet data field using type code 0x112.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Refer to the exhibit. What does the output of the debug command indicate on VRRP router RTA?

A. VRRP is not active on RTA.
B. RTB does not have VRRP active.
C. RTA does not have VRRP preempt active.
D. RTB has a different IP address coded for VRRP group 1 than RTA.
E. RTB has the same IP address coded on its Ethernet interface as RTA.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 80
Which method enables GLBP to forward traffic from a LAN segment via multiple routers simultaneously?
A. Clients need to have different default gateway IP addresses coded.
B. Separate GLBP groups are coded on the routers.
C. The AVG assigns different virtual MAC addresses.
D. Multiple AVG designated routers respond to ARP requests.
E. Proxy ARP allows multiple routers to respond to ARP requests from clients.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 81
How are GLBP messages exchanged between routers that share a common LAN segment?
A. GLBP messages are multicast to UDP port ID 3222.
B. GLBP messages are directly encapsulated into the Ethernet data field using type code 3222.
C. GLBP relies on TCP to open a connection and to maintain that connection using TCP keepalives.
D. Routers inform clients with GLBP messages and use ARP messages to exchange information about first-hop redundancy.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Which method used by GLBP allows the AVG to prefer one GLBP router as the AVF over other GLBP routers until its tracked interface goes down, when another router might be more preferred?
A. no glbp group load-balancing
B. glbp group load-balancing host-dependent
C. glbp group load-balancing round-robin
D. glbp group load-balancing weighted
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which routing protocol will continue to receive and process routing updates from neighbors after the passive-interface router configuration command is entered?
A. EIGRP
B. RIP
C. OSPF
D. IS-IS
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 84
What are three possible router states of HSRP routers on a LAN? (Choose three.)
A. standby
B. established
C. active
D. idle
E. backup
F. initial
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 85
In a customer’s network, VLAN Trunking Protocol (VTP) is running with a domain named main1. VLANs 1,2,3,4,5,10,20 are active on the network. Suddenly the whole network goes down. No traffic is being passed on VLANs 2,3,4,5,10,20, however traffic passes on VLAN 1 and indicates all switches are operational. Right before the network problem occurred, a switch named TEST1 was added to the network. What three conditions must exist on TEST1 to cause this network outage? (Choose three.)
A. TEST1 is configured as a VTP server with a different domain name.
B. TEST1 is not configured to participate in VTP.
C. TEST1 is configured as a VTP server with the domain name main1.
D. TEST1 has a lower VTP configuration revision than the current VTP revision.
E. TEST1 has a higher VTP configuration revision than the current VTP revision.
F. TEST1 is configured with only VLAN1.
Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Given the following partial configuration for Router A:
interface serial 0 ip address 10.1.1.1 255.255.255.0encapsulation frame-relayip ospf network point-to-multipointrouter ospf 7network 10.1.1.0 0.0.0.255 area 0
Which two statements are correct? (Choose two.)
A. DR/BDR elections do not take place.
B. The router is restricted to a hub and spoke topology.
C. The area 0 NBMA cloud is configured as more than one subnet.
D. OSPF neighbor statements are not necessary.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 87
Which command displays the number of times that the OSPF Shortest Path First (SPF) algorithm has been executed?
A. show ip protocol
B. show ip ospf interface
C. show ip ospf
D. show ip ospf database
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 88
Which two methods advertise internal networks to external ISPs via BGP? (Choose two.)
A. using aggregate routes
B. disabling synchronization
C. forcing the next-hop address
D. defining routes via the network statement
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 89
What is a characteristic of a static VLAN membership assignment?
A. VMPS server lookup
B. easy to configure
C. ease of adds, moves, and changes
D. based on MAC address of the connected device
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 90
Which protocol enables a group of routers to form a single virtual router and use the real IP address of a router as the gateway address?
A. Proxy ARP
B. HSRP
C. IRDP
D. VRRP
E. GLBP
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
CertCollection

Cisco 642-892 using the training resources which are the best for Cisco 642-892,and to get certified by Microsoft Windows Store apps.It is a best choice to accelerate your career as a professional in the Information Technology industry. Now we add the latest Cisco 642-892 content and to print and share content.

Jumpexam 070-462 dumps with PDF + Premium VCE + VCE Simulator: http://www.jumpexam.com/070-462.html

Cisco 642-891 Questions And Answers, Buy Latest Cisco 642-891 Practice Questions Latest Version PDF&VCE

Welcome to download the newest Dumpsoon MB2-703 VCE dumps: http://www.dumpsoon.com/MB2-703.html

You can pass Cisco 642-891 exam if you get a complete hold of Cisco 642-891 dumps. What’s more, all the Cisco 642-891 Certification exams Q and A provided by Flydumps is the latest.

QUESTION 50
Which statement correctly describes the extended system ID?
A. It is the 2-bit number of the MSTP instance.
B. It is the VLAN identifier value and allows for 4096 BIDs to be uniquely identified.
C. It is a bridge MAC address which is allocated from a pool of MAC addresses that are factory assigned.
D. It is a hex number used to measure the preference of a bridge in the spanning-tree algorithm.
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 51
What is the purpose of a rendezvous point (RP)?
A. acts as a meeting place for sources and receivers of multicast traffic
B. used in PIM dense mode to create a database of all multicast sources
C. used in PIM dense and sparse mode to create a database of all multicast sources
D. acts as the designated router for a broadcast segment when multicast routing is enabled

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 52
What is periodically sent by a DIS on a LAN to ensure that all adjacent neighbors’ IS-IS link-state databases are synchronized?
A. complete SNP (CSNP)
B. partial SNP (PSNP)
C. database query
D. database description packet (DDP)
E. link-state summary
F. hello

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 53
What will be the effect of applying the VLAN access map configuration on a switch?Router(config)# vlan access-map thor 10Router(config-access-map)# match ip address net_10Router(config-access-map) #action forwardRouter(config-access-map)#exitRouter(config)# vlan filter thor vlan-list 12-16
A. All VLAN 12 through 16 IP traffic matching net_10 is forwarded and all other IP packets are dropped.
B. IP traffic matching vlan-list 12-16 is forwarded and all other IP packets are dropped.
C. IP traffic matching net_10 is dropped and all other IP packets are forwarded to VLANs 12 through 16.
D. All VLAN 12 through 16 IP traffic is forwarded, other VLAN IP traffic matching net_10 is dropped.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 54
Which statement is true concerning EIGRP neighbors forming adjacencies?
A. Hello and hold time values are configured locally and do not have to match.
B. Different autonomous systems can be configured on each router.
C. K-values are configured locally and do not have to match.
D. Configuration of the variance command must match between peers.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which two statements are true about a switched virtual interface (SVI)? (Choose two.)
A. An SVI is created by entering the no switchport command in interface configuration mode.
B. An SVI is created for the default VLAN (VLAN1) to permit remote switch administration by default.
C. An SVI provides a default gateway for a VLAN.
D. Multiple SVIs can be associated with a VLAN.
E. SVI is another name for a routed port.

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 56
How many update packets would a RIPv2 router send to advertise 77 routes?
A. one update packet
B. two update packets
C. three update packets
D. four update packets
E. five update packets
F. six update packets

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which BGP attribute will not be advertised in routing updates to its neighboring routers?
A. weight
B. local preference
C. origin
D. AS_path
E. next hop

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 58
Which command would display OSPF parameters such as filters, default metric, maximum paths, and number of areas configured on a router?
A. show ip protocol
B. show ip route
C. show ip ospf interface
D. show ip ospf

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
On a 3550 EMI switch, which three types of interfaces can be used to configure HSRP? (Choose three.)
A. loopback interface
B. SVI interface
C. routed port
D. access port
E. EtherChannel port channel
F. BVI interface

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which three are benefits of IS-IS over OSPF? (Choose three.)
A. supports more routers in an area
B. does not require Hello packets to establish neighbor relationships
C. produces fewer link state advertisements for a given network
D. supports route tags
E. supports network layer protocols other than IP
F. requires fewer neighbor relationships in a broadcast multiaccess network

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Refer to the exhibit. Why does the trust state of interface FastEthernet 0/3 show “not trusted”?
A. DSCP map needs to be configured for VOIP.
B. ToS has not been configured.
C. ToS has been misconfigured.
D. The command mls qos needs to be turned on in global configuration mode.
E. There is not a Cisco Phone attached to the interface.

Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Which router redundancy protocol cannot be configured for interface tracking?
A. HSRP
B. GLBP
C. VRRP
D. SLB
E. RPR
F. RPR+

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Given the NSAP, 39.0100.0102.0001.0c00.1211.00, which portion is interpreted by IS-IS as the area?
A. 39
B. 39.0100
C. 39.0100.0102
D. 0001
E. 0001.0c00
F. 0001.0c00.1211

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 64
What number is a valid representation for the 200F:0000:0000:AB00:0000:0000:0000:0000/56 IPv6 prefix?
A. 200F:0:0:AB/56
B. 200F:0:0:AB00::/56
C. 200F::AB00/56
D. 200F::AB/56

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 65
When configuring EIGRP to run across a 56 Kbps serial PPP link, what command do you need to put under the serial interface to ensure proper convergence of EIGRP routes?
A. bandwidth 56
B. bandwidth 56000
C. ip bandwidth-percent eigrp 1 56
D. ip bandwidth-percent eigrp 1 56000

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 66
What are three key concepts that apply when configuring the EIGRP stub routing feature in a hub and spoke network? (Choose three.)
A. A hub router prevents routes from being advertised to the remote router.
B. Only remote routers are configured as stubs.
C. Stub routers are not queried for routes.
D. Spoke routers connected to hub routers answer the route queries for the stub router.
E. A stub router should have only EIGRP hub routers as neighbors.
F. EIGRP stub routing should be used on hub routers only.

Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Which two provide intra-area routing services? (Choose two.)
A. L1 IS
B. L1 ES
C. L2 IS
D. L2 ES
E. L1/L2 IS

Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
QUESTION 68
Given the following partial configuration for Router A:interface serial 0ip address 10.1.1.1 255.255.255.0encapsulation frame-relayip ospf network point-to-multipointrouter ospf 7network 10.1.1.0
0.0.0.255 area 0Which two statements are correct? (Choose two.)
A. DR/BDR elections do not take place.
B. The router is restricted to a hub and spoke topology.
C. The area 0 NBMA cloud is configured as more than one subnet.
D. OSPF neighbor statements are not necessary.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 69
BGP contains two paths to a destination. Assuming both routes were originated locally and have an equal weight, what will be the next determining factor in choosing the best path?
A. lowest MED
B. highest local preference
C. lowest neighbor IP address
D. lowest origin code
E. shortest AS-path

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Which is the most effective technique to contain EIGRP queries?
A. route summarization
B. configuring route filters
C. using a hierarchical addressing scheme
D. establishing separate autonomous systems

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Which enhancement was added to IGMP version 3?
A. membership query message
B. membership report message
C. leave group message
D. source filtering
E. destination filtering

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 72
What are two benefits provided in VTP Version 2 but NOT in VTP Version 1? (Choose two.)
A. supports Token Ring VLANs
B. allows VLAN consistency checks
C. saves VLAN configuration memory
D. reduces the amount of configuration necessary
E. allows active redundant links when used with spanning tree

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 73
Which statement is true concerning 6to4 tunneling?
A. IPv4 traffic is encapsulated with an IPv6 header.
B. The edge routers can use any locally configured IPv6 address.
C. Hosts and routers inside a 6to4 site will need a special code.
D. An edge router must use IPv6 address of 2002::/16 in its prefix.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Which three are characteristics of IPv6? (Choose three.)
A. An IPv6 address is 128 bits long.
B. An IPv6 header is 20 bits long.
C. An IPv6 header contains the next header field.
D. An IPv6 header contains the protocol field.
E. IPv6 routers send RA messages.
F. An IPv6 header contains the header checksum field.

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 75
What are three characteristics of RIPv2? (Choose three.)
A. supports variable-length subnet mask by default
B. does not support variable-length subnet mask by default
C. supports discontiguous networks by default
D. does not support discontiguous networks by default
E. multicasts updates to 224.0.0.9
F. broadcasts updates
Correct Answer: ADE Section: (none) Explanation

Explanation/Reference:

Flydumps Cisco 642-891 practice tests hold the key importance and provide a considerable gain for your knowledge base. You can rely on our products with unwavering confidence; Get the profound knowledge and become a pro with Flydumps assistance.

Dumpsoon MB2-703 dumps with PDF + Premium VCE + VCE Simulator: http://www.dumpsoon.com/MB2-703.html

Cisco 642-813 Actual Questions, Provides Cisco 642-813 Certification Braindumps On Store

GOOD NEWS:Flydumps has published the new version with all the new added questions and answers.By training the Cisco 642-813 VCE dumps, you can pass the exam easily and quickly.

QUESTION 11

You administer the network shown above. You issue the show interfaces trunk command on SwitchA and receive the following output:

Which of the following statements is true regarding VLAN 32?
A. VLAN 32 is not allowed on the trunk port.
B. VLAN 32 is not active on the switch.
C. Traffic from VLAN 32 is not being sent over the trunk port.
D. Traffic from VLAN 32 is not restricted to only the trunk ports that require it.

Correct Answer: C Section: VLAN Trunking Explanation
Explanation/Reference:
In the ※Vlans in spanning tree forwarding state and not pruned§ VLAN 32 is not listed so we can conclude that traffic from vlan 32 can’t be forwarded.
QUESTION 12
Which statement is true regarding the configuration of ISL trunks?
A. A Catalyst switch cannot have ISL and IEEE 802.1q trunks enabled.
B. All Catalyst switches support ISL trunking.
C. A Catalyst switch will report giants if one side is configured for ISL while the other side is not.
D. ISL trunking requires that native VLANs match.
Correct Answer: C Section: VLAN Trunking Explanation
Explanation/Reference:
First you should know ※giant§ frames are frames that exceed the maximum IEEE 802.3 frame size (usually greater then 1518 bytes). As you know, ISL does not modify the original Ethernet frame it received but it

But a normal Ethernet frame itself can have a maximum size of 1518 bytes. Therefore an Ethernet frame can be up to 1518 + 30 = 1548 bytes, which creates a ※giant§.
That is why both ends must be configured as ISL trunks because only ISL-aware devices are able to read it.
QUESTION 13
While logged into a Company switch you issue the following command:
CompanySwitch(config-mst)#instance 10 vlan 11-12
What does this command accomplish?
A. It enables a PVST+ instance of 10 for vlan 11 and vlan 12
B. It enables vlan 11 and vlan 12 to be part of the MST region 10
C. It maps vlan 11 and vlan 12 to the MST instance of 10.
D. It creates an Internal Spanning Tree (1ST) instance of 10 for vlan 11 and vlan 12
E. It create a Common Spanning Tree (CST) instance of 10 for vlan 11 and vlan 12
F. It starts two instances of MST, one instance for vlan 11 and another instance for vlan 12.

Correct Answer: C Section: STP Explanation
Explanation/Reference:
MST maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The main enhancement introduced by MST raises the problem, however, of determining what VLAN is to be associated with what instance. More precisely, based on received BPDUs, devices need to identify these instances and the VLANs that are mapped to the instance.

Note: To be part of a common MST region, a group of switches must share the same configuration attributes. In particular, the configuration name (or region name 每 32 bits), revision number (16 bits), and VLAN mapping (associate VLANs with spanning-tree instances) need to be the same for all the switches within the same region.
QUESTION 14
By default, all VLANs will belong to which MST instance when using Multiple STP?
A. MST00
B. MST01
C. the last MST instance configured
D. none
Correct Answer: A Section: STP Explanation
Explanation/Reference:
By default, all VLANs are assigned to MST instance 0. Instance 0 is known as the Internal Spanning-Tree (IST), which is reserved for interacting with other Spanning-Tree Protocols (STPs) and other MST regions.
QUESTION 15
What will occur when a nonedge switch port that is configured for Rapid Spanning Tree does not receive a BPDU from its neighbor for three consecutive hello time intervals?
A. RSTP information is automatically aged out.
B. The port sends a TCN to the root bridge.
C. The port moves to listening state,
D. The port becomes a normal spanning tree port.
Correct Answer: A Section: STP Explanation
Explanation/Reference:
In STP 802.1D, a non-root bridge only generates BPDUs when it receives one on the root port. But in RSTP 802.1w, a bridge sends a BPDU with its current information every hello-time seconds (2 by default), even if it does not receive any from the root bridge. Also, on a given port, if hellos are not received three consecutive times, protocol information can be immediately aged out (or if max_age expires). Because of the previously mentioned protocol modification, BPDUs are now used as a keep-alive mechanism between bridges. A bridge considers that it loses connectivity to its direct neighbor root or designated bridge if it misses three BPDUs in a row. This fast aging of the information allows quick failure detection. If a bridge fails to receive BPDUs from a neighbor, it is certain that the connection to that neighbor is lost. This is opposed to 802.1D where the problem might have been anywhere on the path to the root.
(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/ technologies_white_paper09186a0080094cfa.shtml)
QUESTION 16
A port in a redundant topology is currently in the blocking state and is not receiving BPDUs. To ensure that this port does not erroneously transition to the forwarding state, which command should be configured to satisfy the requirement?
A. Switch(config)#spanning-tree loopguard default
B. Switch(config-if)#spanning-tree bpdufilter
C. Switch(config)#udld aggressive
D. Switch(config-if)#spanning-tree bpduguard
Correct Answer: A Section: STP Explanation
Explanation/Reference:
Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link. An example is shown below: Without loop guard, the blocking port on S3 will transition to listening (upon max age timer expiration) -> learning -> forwarding state which create a loop.n

With loop guard enabled, the blocking port on S3 will transition into the STP loop-inconsistent state upon expiration of the max age timer. Because a port in the STP loop-inconsistent state will not pass user traffic, no loop is created. The loop-inconsistent state is effectively equal to the blocking state.
To enable loop guard globally use the command spanning-tree loopguard default.
QUESTION 17
You are the administrator of a switch and currently all host-connected ports are configured with the portfast command. You have received a new directive from your manager that states that, in the future, any host-connected port that receives a BPDU should automatically disable PortFast and begin transmitting BPDUs. Which of the following commands will support this new requirement?
A. Switch(config)# spanning-tree portfast bpduguard default
B. Switch(config-if)# spanning-tree bpduguard enable
C. Switch(config-if)# spanning-tree bpdufilter enable
D. Switch(config)# spanning-tree portfast bpdufilter default
Correct Answer: D Section: STP Explanation
Explanation/Reference:
The bpdufilter option feature is used to globally enable BPDU filtering on all Port Fast-enabled interfaces and this prevent the switch interfaces connected to end stations from sending or receiving BPDUs.
Note: The spanning-tree portfast bpdufilter default global configuration command can be overridden by the spanning-tree bdpufilter enable command in interface mode.
QUESTION 18
Which two statements correctly describe characteristics of the PortFast feature? (Choose two)
A. STP will be disabled on the port
B. PortFast can also be configured on trunk ports.
C. PortFast is required to enable port-based BPDU guard.
D. PortFast is used for both STP and RSTP host ports.
E. PortFast is used for STP-only host ports.
Correct Answer: BD Section: STP Explanation
Explanation/Reference:
You can use PortFast on switch or trunk ports connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state -> B is correct.
Also, PortFast can be used for both STP and RSTP -> D is correct.
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/ stp_enha.html)
Answer C is not correct because BPDU guard can be enabled without PortFast. But what will happen if the PortFast and BPDU guard features are configured on the same port?
Well, at the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured.
(Reference and good resource: http://www.cisco.com/en/US/tech/tk389/tk621/ technologies_tech_note09186a008009482f.shtml)
QUESTION 19
Which of the following commands can be issued without interfering with the operation of loop guard?
A. Switch(config-if)#spanning-tree guard root
B. Switch(config-if)#spanning-tree portfast
C. Switch(config-if)#switchport mode trunk
D. Switch(config-if)#switchport mode access
Correct Answer: C Section: STP Explanation
Explanation/Reference:
PortFast & Root guard should be placed on ports configured as access ports while loop guard should be placed on trunk ports -> we can use the ※switchport mode trunk§ without interfering with the operation of loop guard.
QUESTION 20
Which statement correctly describes enabling BPDU guard on an access port that is also enabled for PortFast?
A. Upon startup, the port transmits 10 BPDUs. If the port receives a BPDU, PortFast and BPDU guard are disabled on that port and it assumes normal STP operation.
B. The access port ignores any received BPDU.
C. If the port receives a BPDU, it is placed into the error-disable state.
D. BPDU guard is only configured globally and the BPDU filter is required for port-level configuration.
Correct Answer: C Section: STP Explanation
Explanation/Reference:
If any BPDU is received on a port where BPDU guard is enabled, that port is put into the err-disable state immediately. The port is shut down in an error condition and must be either manually re-enabled or automatically recovered through the errdisable timeout function.
Note: A port that has PortFast enabled also has BPDU guard automatically enabled. By combining PortFast & BPDU guard we have a port that can quickly enter the Forwarding state from Blocking state and automatically shut down when receiving BPDUs.
QUESTION 21
Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning-tree topology of a network?
A. BPDU guard can guarantee proper selection of the root bridge.
B. BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.
C. BPDU guard can be utilized to prevent the switch from transmitteing BPDUs and incorrectly altering the root bridge election.
D. BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network.
Correct Answer: B Section: STP Explanation
Explanation/Reference:
QUESTION 22
Which three statements about STP timers are true? (Choose three)
A. STP timers values (hello, forward delay, max age) are included in each BPDU.
B. A switch is not concerned about its local configuration of the STP timers values. It will only consider the value of the STP timers contained in the BPDU it is receiving.
C. To successfully exchange BPDUs between two switches, their STP timers value (hello, forward delay, max age) must be the same.
D. If any STP timer value (hello, forward delay, max age) needs to be changed, it should at least be changed on the root bridge and backup root bridge.
E. On a switched network with a small network diameter, the STP hello timer can be tuned to a lower value to decrease the load on the switch CPU.
F. The root bridge passes the timer information in BPDUs to all routers in the Layer 3 configuration.
Correct Answer: ABD Section: STP Explanation
Explanation/Reference:
Each BPDU includes the hello, forward delay, and max age STP timers. An IEEE bridge is not concerned about the local configuration of the timers value. The IEEE bridge considers the value of the timers in the BPDU that the bridge receives. Effectively, only a timer that is configured on the root bridge of the STP is important. If you lose the root, the new root starts to impose its local timer value on the entire network. So, even if you do not need to configure the same timer value in the entire network, you must at least configure any timer changes on the root bridge and on the backup root bridge.
(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/
technologies_tech_note09186a0080094954.shtml)
QUESTION 23
Refer to the exhibit. VTP has been enabled on the trunk links between all switches within the Certprepare
domain. An administrator has recently enabled VTP pruning.
Port 1 on Switch 1 and port 2 on Switch 4 are assigned to VLAN 2. A broadcast is sent from the host
connected to Switch 1. Where will the broadcast propagate?
A. Every switch in the network receives the broadcast and will forward it out all ports.
B. Every switch in the network receives the broadcast, but only Switch 4 will forward it out port 2.
C. Switches 1, 2, and 4 will receive the broadcast, but only Switch 4 will forward it out port 2.
D. Only Switch 4 will receive the broadcast and will forward it out port 2.
Correct Answer: C Section: VTP Explanation
Explanation/Reference:
With VTP pruning enabled network-wide, switch 2 and switch 4 automatically use VTP to learn that none of the switches in the lower-left part of the figure have any ports assigned to VLAN 10. As a result, switch 2 and switch 4 prune VLAN 2 from the trunks connected to these switches. The pruning causes switch 2 and switch 4 to not send frames in VLAN 2 out these trunks -> Switches 3, 5 and 6 will not receive the broadcast while Switch 4 will receive it and forward out to port 2 -> C is correct.
QUESTION 24
Switch R1 is part of the Company VTP domain. What*s true of VTP Pruning within this domain?
A. It does not prune traffic from VLANs that are pruning-ineligible
B. VLAN 1 is always pruning-eligible
C. It will prune traffic from VLANs that are pruning-ineligible
D. VLAN 2 is always pruning-ineligible
Correct Answer: A Section: VTP Explanation
Explanation/Reference:
VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs greater than 1005) are also pruning-ineligible -> A is correct.
QUESTION 25
Switch R1 has been configured with DTP using the desirable option. Which statement describes Dynamic Trunking Protocol (DTP) desirable mode?
A. The interface actively attempts to convert the link to a trunk link
B. The interface is put into permanent trunking mode but prevented from generating DTP frames.
C. The interface is put into permanent trunking mode and negotiates to convert the link into a trunk link.
D. The interface is put into a passive mode, waiting to convert the link to a trunk link.
Correct Answer: A Section: VTP Explanation
Explanation/Reference:
Note: If an interface is set to switchport mode dynamic desirable, it will actively attempt to convert the link into trunking mode. If the peer port is configured as switchport mode trunk, dynamic desirable, or dynamic auto mode, trunking is negotiated successfully.
QUESTION 26
Refer to the exhibit. What happens when the switch SW2 is connected to the rest of the network in the VTP domain Lab_Network?

A. The recently introduced switch SW2 adds one more VLAN to the VLAN database in the VTP domain.
B. The recently introduced switch SW2 creates a STP loop in the VTP domain.
C. The recently introduced switch SW2 removes all configured VLANs throughout the VTP domain.
D. The recently introduced switch SW2 switches over to VTP transparent mode in order to be included into the VTP domain.
E. A trunk should be configured between the two switches in order to integrate SW2 into the VTP domain.
Correct Answer: C Section: VTP Explanation
Explanation/Reference:
The Configuration Revision number of SW2 is higher than that of SW1 (147 > 47) and SW2 is operating in Client mode so it can send update to other switches. The result is SW1 and other switches in that VTP domain will remove their current VLAN information and copy VLAN information from SW2.
QUESTION 27
When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to gather information?
A. The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk.
B. The attacking station tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.
C. The attacking station will generate frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.
D. The attacking station uses VTP to collect VLAN information that is sent out and then tags itself with the domain information in order to capture the data.
Correct Answer: C Section: VLAN Hopping Explanation
Explanation/Reference:
QUESTION 28
An attacker is launching a DoS attack with a public domain hacking tool that is used to exhaust the IP address space available from the DHCP servers for a period of time. Which procedure would best defend against this type of attack?
A. Configure only trusted interfaces with root guard.
B. Implement private VLANs (PVLANs) to carry only user traffic.
C. Implement private VLANs (PVLANs) to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients.
F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
Correct Answer: F Section: DHCP Snooping Explanation
Explanation/Reference:
To defend DHCP spoofing attack, we only need to configure DHCP snooping on trusted interfaces because other ports are classified as untrusted ports by default.
QUESTION 29
Which three statements are true about DAI? (Choose three)
A. DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.
B. DAI forwards all ARP packets received on a trusted interface without any checks.
C. DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.
D. DAI forwards all ARP packets received on a trusted interface after verifying and inspecting the packet against the DAI table.
E. DAI intercepts all ARP packets on untrusted ports
F. DAI is used to prevent against a DHCP Snooping attack.
Correct Answer: ABE Section: Dynamic ARP Inspection DAI Explanation
Explanation/Reference:
QUESTION 30
You need to configure port security on switch R1. Which two statements are true about this technology? (Choose two)
A. Port security can be configured for ports supporting VoIP.
B. With port security configured, four MAC addresses are allowed by default.
C. The network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.
D. With port security configured, only one MAC addresses is allowed by default.
E. Port security cannot be configured for ports supporting VoIP.
Correct Answer: AD Section: Port Security Explanation
Explanation/Reference:
Port security can be set on ports supporting VoIP. This example shows how to designate a maximum of one MAC address for a voice VLAN (for a Cisco IP Phone) and one MAC address for the data VLAN (for a PC) on Fast Ethernet interface 5/1 and to verify the configuration: Switch(config)# interface fa5/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# switchport port-security maximum 1 vlan voice Switch(config-if)# switchport port-security maximum 1 vlan access
-> A is correct.
By default, only one MAC addresses is allowed but we can use the ※switchport port-security maximum number§ command to set the maximum number of MAC allowed -> D is correct.
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/ port_sec.html)
QUESTION 31
Refer to the exhibit. Which of these is true based upon the output shown in the command?

A. If the number of devices attempting to access the port exceeds 11, the port will shut down for 20 minutes, as configured.
B. The port has security enabled and has shut down due to a security violation
C. The port is operational and has reached its configured maximum allowed number of MAC addresses.
D. The port will allow access for 11 MAC addresses in addition to the 3 configured MAC addresses.

Correct Answer: C Section: Port Security Explanation
Explanation/Reference:
Notice that the ※Violation mode: Shutdown§ line only describes what the switch will do if a violation occurs; it is not the current status of that port. The last line ※Security Violation count: 0∪ tells us no violation has occurred -> the port is operational. Also ※the Maximum MAC§ and ※Total MAC Addresses§ are both 11 -> the maximum MAC addresses have ben reached.
From the ※Configured MAC Addresses: 3∪ we also learn that there are 3 MAC addresses are manually learned and 8 MAC addresses are dynamically learned.
QUESTION 32
Refer to the exhibit. Based on the running configuration that is shown for interface FastEthemet0/2, what two conclusions can be deduced? (Choose two)

A. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthemet0/2 into error disabled state.
B. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds of inactivity.
C. The sticky secure MAC addresses are treated as static secure MAC addresses after the running configuration is saved to the startup configuration and the switch is restarted.
D. Interface FastEthemet0/2 is a voice VLAN port.
E. The host with address 0000.0000.000b is removed from the secure address list after 300 seconds.
Correct Answer: CE Section: Port Security Explanation
Explanation/Reference:
In this case the ※switchport port-security aging time 5∪ sets aging time to 5 minutes and the ※switchport port-security aging static§ tells the switch to age out for statically configured MAC addresses -> the MAC 0000.0000.000b will be aged out after 5 minutes (300 seconds).
Note: Cisco switch does not support port security aging of sticky secure MAC addresses -> the sticky secure MAC addresses are not aged out.
QUESTION 33
Refer to the exhibit. What can be concluded about VLANs 200 and 202?

A. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic between community ports and to promiscuous ports.
B. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic from isolated ports to a promiscuous port.
C. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic between community ports and to promiscuous ports.
D. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic from isolated ports to a promiscuous port.
Correct Answer: B Section: Private VLAN Explanation
Explanation/Reference:
In fact the exhibit above is wrong, that output should be from the command ※show vlan private-vlan§. The

With this output we can see VLAN 202 is configured as the primary VLAN while VLAN 200 is configured as secondary (isolated) VLAN -> B is correct.
QUESTION 34
Refer to the exhibit. LACP has been configured on Switch1 as shown. Which is the correct command set to configure LACP on Switch2?

A. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode auto
B. Switch2# configure terminal Switch2(config)# interface range gigabitethemet3/1 -2 Switch2(config-if)# channel-group 5 mode passive
C. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode desirable
D. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode on
Correct Answer: B Section: EtherChannel Explanation
Explanation/Reference:
LACP trunking supports four modes of operation, as follows:
*
On: The link aggregation is forced to be formed without any LACP negotiation. In other words, the switch will neither send the LACP packet nor process any incoming LACP packet. This is similar to the on state for PAgP.

*
Off: The link aggregation will not be formed. We do not send or understand the LACP packet. This is similar to the off state for PAgP.

*
Passive: The switch does not initiate the channel, but does understand incoming LACP packets. The peer (in active state) initiates negotiation (by sending out an LACP packet) which we receive and reply to, eventually forming the aggregation channel with the peer. This is similar to the auto mode in PAgP.

*
Active: We are willing to form an aggregate link, and initiate the negotiation. The link aggregate will be formed if the other end is running in LACP active or passive mode. This is similar to the desirable mode of PAgP.
LACP does not have ※auto§ & ※desirable§ modes so A & C are not correct.

Therefore if Switch1 is set ※active§ mode, we cannot set ※on§ mode on Switch2 -> D is not correct.
Only answer B is suitable in this case.
(Reference: http://www.cisco.com/en/US/tech/tk389/tk213/

technologies_configuration_example09186a0080094470.shtml)
QUESTION 35
Which statement is true regarding the Port Aggregation Protocol?
A. Configuration changes made on the port-channel interface apply to all physical ports assigned to the portchannel interface.
B. Configuration changes made on a physical port that is a member of a port-channel interface apply to the port-channel interface.
C. Configuration changes are not permitted with Port Aggregation Protocol; instead, the standardized Link Aggregation Control Protocol should be used if configuration changes are required.
D. The physical port must first be disassociated from the port-channel interface before any configuration changes can be made.
Correct Answer: A Section: EtherChannel Explanation
Explanation/Reference:
The port-channel interface represents for the whole bundle and all the configurations on this interface are applied to all physical ports that are assigned to this logical interface.
Note: We must manually create port-channel logical interface when configuring Layer 3 EtherChannels. The port-channel logical interface is automatically created when configuring Layer 2 EtherChannels (you can*t put Layer 2 ports into a manually created port channel interface).
An example of configuring Layer 3 EtherChannels with port-channel interfaces:

QUESTION 36
Based on the following exhibit, which problem is preventing users on VLAN 100 from pinging addresses on VLAN 200?

A. Native VLAN mismatch.
B. Subinterfaces should be created on Fa0/7 and Fa0/8 on DLS1.
C. Trunking needs to be enabled.
D. The ip routing command is missing on DLS1.
Correct Answer: D Section: InterVLAN Routing Explanation
Explanation/Reference:
To allow communication between two VLANs, we need to enables Layer 3 routing on the switch with the ※ip routing§ command. Some flatforms are enabled by default but some are not.
QUESTION 37
You work as a network technician, study the exhibit carefully. What is the effect on the trust boundary of configuring the command mls qos trust cos on the switch port that is connected to the IP phone?

A. Effectively the trust boundary has been moved to the IP phone.
B. The host is now establishing the CoS value and has effectively become the trust boundary.
C. The switch SW is rewriting packets it receives from the IP phone and determining the CoS value.
D. The switch SW will no longer tag incoming voice packets and will trust the distribution layer switch to set the CoS.
Correct Answer: A Section: Voice Support Explanation
Explanation/Reference:
The ※mls qos trust cos§ command is used to configure the port trust state (by default, the port is not trusted). By using this command, you can configure the switch port to which the telephone is connected to trust the CoS labels of all traffic received on that port.
(Note: All current Cisco IP Phones include an internal three-port Layer 2 switch therefore you can think an IP Phone as a switch and network administrators generally accept a Cisco IP Phone as a trusted device.)
QUESTION 38
Which two statements about the HSRP priority are true? (Choose two)
A. To assign the HSRP router priority in a standby group, the standby group-number priority priority-value global configuration command must be used.
B. The default priority of a router is zero (0).
C. The no standby priority command assigns a priority of 100 to the router.
D. Assuming that preempting has also been configured, the router with the lowest priority in an HSRP group would become the active router.
E. When two routers in an HSRP standby group are configured with identical priorities, the router with the highest configured IP address will become the active router.
Correct Answer: CE Section: HSRP Explanation
Explanation/Reference:
The ※no standby priority§ command will reset the priority to the default value (100) -> C is correct.
QUESTION 39
HSRP has been configured between two Company devices. Which of the following describe reasons for deploying HSRP? (Choose three)
A. HSRP provides redundancy and fault tolerance
B. HSRP allows one router to automatically assume the function of the second router if the second router fails
C. HSRP allows one router to automatically assume the function of the second router if the second router starts
D. HSRP provides redundancy and load balancing
Correct Answer: ABD Section: HSRP Explanation
Explanation/Reference:
Answer A and B are correct because they are the functions of HSRP. I just want to mention about answer
D. In fact answer D is not totally correct, in SWITCH only GLBP has the load-balancing feature. HSRP can only load-sharing by configuring some different HSRP groups. But answer D is the only choice left in this question so we have to choose it.
QUESTION 40
Regarding high availability, with the MAC address 0000.0c07.ac03, what does the ※03∪ represent?
A. The GLBP group number
B. The type of encapsulation
C. The HSRP router number
D. The VRRP group number
E. The HSRP group number
F. The active router number
Correct Answer: E Section: HSRP Explanation
Explanation/Reference:
The last two-digit hex value in the MAC address presents the HSRP group number.
QUESTION 41
Three Cisco Catalyst switches have been configured with a first-hop redundancy protocol. While reviewing some show commands, debug output, and the syslog, you discover the following information:

What conclusion can you infer from this information?
A. VRRP is initializing and operating correctly.
B. HSRP is initializing and operating correctly.
C. GLBP is initializing and operating correctly.
D. VRRP is not properly exchanging three hello messages.
E. HSRP is not properly exchanging three hello messages.
F. GLBP is not properly exchanging three hello messages.
Correct Answer: E Section: HSRP Explanation
Explanation/Reference:
These error messages describe a situation in which a standby HSRP router did not receive three successive HSRP hello packets from its HSRP peer (by default, hello messages are sent every 3 seconds while the holdtime is 10 seconds). The output shows that the standby router moves from the standby state to the active state. Shortly thereafter, the router returns to the standby state. Unless this error message occurs during the initial installation, an HSRP issue probably does not cause the error message. The error messages signify the loss of HSRP hellos between the peers. When you troubleshoot this issue, you must verify the communication between the HSRP peers. A random, momentary loss of data communication between the peers is the most common problem that results in these messages. HSRP state changes are often due to High CPU Utilization. If the error message is due to high CPU utilization, put a sniffer on the network and the trace the system that causes the high CPU utilization.
(Reference and good resource: http://www.cisco.com/en/US/tech/tk648/tk362/ technologies_tech_note09186a0080094afd.shtml)
QUESTION 42
You administer a network that uses two routers, R1 and R2, configured as an HSRP group to provide

Which of the following describes the effect the ※standby preempt delay minimum 50§ command will have on router R1?
A. The HSRP priority for router R1 will increase to 200.
B. Router R1 will become the standby router if the priority drops below 50.
C. The HSRP priority for router R1 will decrease to 50 points when FaO/2 goes down.
D. Router R1 will wait 50 seconds before attempting to preempt the active router.
Correct Answer: D Section: HSRP Explanation
Explanation/Reference:
If R1, for some reason, loses its active state, the ※standby preempt delay minimum 50∪ command will cause R1 to wait 50 seconds before it tries to get the active state again -> D is correct.
QUESTION 43
Refer to the exhibit. HSRP has been configured and Link A is the primary route to router R4. When Link A fails, router R2 (Link B) becomes the active router. Which router will assume the active role when Link A becomes operational again?

A. The primary router R1 will reassume the active role when it comes back online.
B. The standby router R2 will remain active and will forward the active role to router R1 only in the event of its own failure.
C. The standby router R2 will remain active and will forward the active role to router R1 only in the event of Link B failure.
D. The third member of the HSRP group, router R3, will take over the active role only in event of router R2 failure.
Correct Answer: A Section: HSRP Explanation
Explanation/Reference:
When R1 fails, the ※standby 1 preempt§ command on R2 will cause R2 to take over the active state of R1. But when R1 comes up again, the ※standby 1 preempt§ command on R1 will help R1 take over the active state again. Without the ※preempt§ command configured on R2, R2 only takes over the active state only if it receives information indicating that there is no router currently in active state (by default it does not receive 3 hello messages from the active router). Without the ※preempt§ command on R2, it will not become active router even if its priority is higher than all other routers.
QUESTION 44
Which first-hop redundancy solution listed would supply clients with MAC address 0000.0C07.AC0A for group 10 in response to an ARP request for a default gateway?
A. IRDP
B. Proxy ARP
C. GLBP
D. HSRP
E. VRRP
F. IP Redirects

Correct Answer: D Section: HSRP Explanation
Explanation/Reference:
The last two-digit hex value in the MAC address presents the HSRP group number. In this case 0A in hexa equals 10 in decimal so this router belongs to group 10 and it is running HSRP.
QUESTION 45
Which one of the statements below correctly describes the Virtual Router Redundancy Protocol (VRRP), which is being used in the Company network to provide redundancy?
A. A VRRP group has one active and one or more standby virtual routers.
B. A VRRP group has one master and one or more backup virtual routers.
C. A VRRP group has one master and one redundant virtual router.
Correct Answer: B Section: VRRP Explanation
Explanation/Reference:
Unilike HSRP (which has one active router, one standby router and many listening routers), a VRRP group has one master router and one or more backup routers. All backup routers are in backup state.
QUESTION 46
Refer to the exhibit. The Gateway Load Balancing Protocol has been configured on routers R1 and R2, and hosts A and B have been configured as shown. Which statement can be derived from the exhibit?

A. The host A default gateway has been configured as 10.88.1.10/24.
B. The GLBP weighted load balancing mode has been configured.
C. The GLBP round-robin, load-balancing mode has been configured.
D. The GLBP host-dependent, load-balancing mode has been configured.
E. The host A default gateway has been configured as 10.88.1.1/24.
F. The host A default gateway has been configured as 10.88.1.4/24.
Correct Answer: A Section: GLBP Explanation
Explanation/Reference:
QUESTION 47
Refer to the exhibit. What is the result of setting GLBP weighting at 105 with lower threshold 90 and upper threshold 100 on this router?

A. Only if both tracked objects are up will this router will be available as an AVF for group 1.
B. Only if the state of both tracked objects goes down will this router release its status as an AVF for group 1.
C. If both tracked objects go down and then one comes up, but the other remains down, this router will be available as an AVF for group 1.
D. This configuration is incorrect and will not have any effect on GLBP operation.
E. If the state of one tracked object goes down then this router will release its status as an AVF for group
1.
Correct Answer: B Section: GLBP Explanation
Explanation/Reference:
Each tracked object goes down will decrease the weighting of this router by 10, that makes the weighting = 105 每 10 = 95. This value is still higher than the lower threshold (90) so this router is not lost its status as an AVF. Only if both tracked objects go down, the weighting will fall below the lower threshold (105 每 10 每 10 = 85 < 90) and this router will release its status as an AVF for group 1 -> B is correct.
QUESTION 48
HSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as a single gateway address. Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two)
A. Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.
B. Routers configured for HSRP can belong to multiple groups and multiple VLANs.
C. All routers configured for HSRP load balancing must be configured with the same priority.
D. Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.
Correct Answer: BD Section: Gateway Redundancy Explanation
Explanation/Reference:
QUESTION 49
If you are a network technician, study the exhibit carefully. Which Virtual Router Redundancy Protocol (VRRP) statement is true about the roles of the master virtual router and the backup virtual router?

A. Router RA is the master virtual router, and Router RB is the backup virtual router. When Router RA fails, Router RB will become the master virtual router. When Router RA recovers, Router RB will maintain the role of master virtual router.
B. Router RA is the master virtual router, and Router RB is the backup virtual router. When Router RA fails, Router RB will become the master virtual router. When Router RA recovers, it will regain the master virtual router role.
C. Router RB is the master virtual router, and Router RA is the backup virtual router. When Router RB fails, Router RA will become the master virtual router. When Router RB recovers, RouterRA will maintain the role of master.
D. Router RB is the master virtual router, and Router RA is the backup virtual router. When Router RB fails, Router RA will become the master virtual router. When Router RB recovers, it will regain the master virtual router role.
Correct Answer: B Section: Gateway Redundancy Explanation
Explanation/Reference:
Router RA is the master virtual router because of its higher priority (110). By default, the pre-empting function is enabled so Router RB will become the master virtual router when RA fails; and when RA recovers, it will take the master role again.
QUESTION 50
Which set of statements describes the correct order and process of a wireless client associating with a wireless access point?
A. 1. Client sends probe request.
2.
Access point sends probe response.

3.
Client initiates association.

4.
Access point accepts association.

5.
Access point adds client MAC address to association table.
B. 1. Client sends probe request.
2.
Access point sends probe response.

3.
Access point initiates association.

4.
Client accepts association.

5.
Access point adds client MAC address to association table.
C. 1. Access point sends probe request .
2.
Client sends probe response.

3.
Client initiates association.

4.
Access point accepts association.

5.
Client adds access point MAC address to association table.
D. 1. Client sends probe request.
2.
Access point sends probe response.

3.
Client initiates association.

4.
Access point accepts association.

5.
Client adds access point MAC address to association table.
Correct Answer: A Section: Wireless Explanation
Explanation/Reference:
QUESTION 51
You are a network technician, study the exhibit carefully. What should be taken into consideration when using the Cisco Aironet Desktop Utility (ADU) to configure the static WEP keys on the wireless client adapter?

A. Before the client adapter WEP key is generated, all wireless infrastructure devices (such as access points, servers, etc.) must be properly configured for LEAP authentication.
B. The client adapter WEP key should be generated by the AP and forwarded to the client adapter before the client adapter can establish communication with the wireless network.
C. In infrastructure mode the client adapter WEP key must match the WEP key used by the access point. In ad hoc mode all client WEP keys within the wireless network must match each other.
D. The client adapter WEP key should be generated by the authentication server and forwarded to the client adapter before the client adapter can establish communication with the wireless network.
Correct Answer: C Section: Wireless Explanation
Explanation/Reference:
Drag and Drop HotSpot LabSim

Cisco 642-813 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-813 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-813 review questions help you assess your knowledge and reinforce key concepts.Cisco 642-813 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.

Cisco 642-812 Exam Vce & PDF, High Quality Cisco 642-812 Study Material 100% Pass With A High Score

The Cisco 642-812 exam questions and answers in. pdf from Flydumps is the most reliable guide for Microsoft exams.A large number of successful candidates have shown a lot of faith in our Cisco 642-812 exam question and answers in PDF.If you want pass the Microsoft certificate exam,please choose Flydumps.

QUESTION 56
Refer to the exhibit. On the basis of the information provided in the exhibit, which two sets of procedures are best practices for Layer 2 and 3 failover alignment? (Choose two.)

A. Configure the D-SW1 switch as the active HSRP router and the STP root for all VLANs. Configure the D-SW2 switch as the standby HSRP router and backup STP root for all VLANs.
B. Configure the D-SW2 switch as the active HSRP router and the STP root for all VLANs. Configure the D-SW1 switch as the standby HSRP router and backup STP root for all VLANs.
C. Configure the D-SW1 switch as the active HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the active HSRP router and the STP root for VLANs 12 and 120.
D. Configure the D-SW1 switch as the standby HSRP router and the backup STP root for VLANs 12 and
120.
Configure the D-SW2 switch as the standby HSRP router and the backup STP root for VLANs 11 and

110.

E. Configure the D-SW1 switch as the standby HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the standby HSRP router and the STP root for VLANs 12 and 120.
F. Configure the D-SW1 switch as the active HSRP router and the backup STP root for VLANs 11 and
110.
Configure the D-SW2 switch as the active HSRP router and the backup STP root for VLANs 12 and

120.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 57
Which statement is true about utilizing a data network for voice traffic?
A. Adding bandwidth to the data network is the primary solution to provide for the needs of voice traffic.
B. Because voice traffic volume cannot be calculated, network bandwidth requirements must be determined from an existing installation.
C. Voice traffic will require some form of QoS mechanisms in most networks.
D. Voice traffic will require some form of QoS implementation only in congested networks.
E. Network congestion must be totally eliminated to provide proper voice traffic performance.
Correct Answer: C Section: (none) Explanation

Explanation/Reference:
QUESTION 58
LAB

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 59
In what three ways is QoS applied in the campus network? (Choose three.)
A. No traffic marking occurs at the core layer. Layer 2/3 QoS tags are trusted from distribution layer switches and used to prioritize and queue the traffic as it traverses the core.
B. IP precedence, DSCP, QoS group, IP address, and ingress interface are Layer 2 characteristics that are set by the access layer as it passes traffic to the distribution layer. The distribution layer, once it has made a switching decision to the core layer, strips these off.
C. MAC address, Multiprotocol Label Switching (MPLS), the ATM cell loss priority (CLP) bit, the Frame Relay discard eligible (DE) bit, and ingress interface are established by the voice submodule (distribution layer) as traffic passes to the core layer.
D. The distribution layer inspects a frame to see if it has exceeded a predefined rate of traffic within a certain time frame, which is typically a fixed number internal to the switch. If a frame is determined to be in excess of the predefined rate limit, the CoS value can be marked up in a way that results in the packet being dropped.
E. The access layer is the initial point at which traffic enters the network. Traffic is marked (or remarked) at Layers 2 and 3 by the access switch as it enters the network, or is “trusted” that it is entering the network with the appropriate tag.
F. Traffic inbound from the access layer to the distribution layer can be trusted or reset depending upon the ability of the access layer switches. Priority access into the core is provided based on Layer 3 QoS tags.

Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
QUESTION 60
Which two statements are true about the configuration of voice VLANs? (Choose two.)
A. Static secure MAC addresses can be configured in conjunction with voice VLANs.
B. PortFast is automatically enabled when voice VLANs are configured.
C. PortFast must be manually configured when voice VLANs are configured.
D. Voice VLANs are typically configured on uplink ports.
E. Voice VLANs are typically configured on access ports.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 61
Which two Aironet enterprise solution statements are true? (Choose two.)
A. A Cisco Aironet AP handles the transmission of beacon frames and also handles responses to probe-request frames from clients.
B. A Cisco Aironet solution includes intelligent Cisco Aironet access points (APs) and Cisco Catalyst switches.
C. In the Cisco Aironet solution, each AP is locally configured by the use of either a web interface or the command line interface.
D. The Cisco Aironet AP handles real-time portions of the LWAPP protocol, l and the WLAN controller handles those items which are not time sensitive.
E. Virtual MAC architecture allows the splitting of the 802.11 protocol between the Cisco Aironet AP and a LAN switch.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 62
Refer to the exhibit. The Gateway Load Balancing Protocol has been configured on routers R1 and R2, and hosts A and B have been configured as shown. Which statement can be derived from the exhibit?

A. The GLBP weighted load balancing mode has been configured.
B. The GLBP host-dependent, load-balancing mode has been configured.
C. The GLBP round-robin, load-balancing mode has been configured.
D. The host A default gateway has been configured as 10.88.1.1/24.
E. The host A default gateway has been configured as 10.88.1.4/24.
F. The host A default gateway has been configured as 10.88.1.10/24.

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 63
Given the following configuration on a switch interface, what happens when a host with the MAC address of 0003.0003.0003 is directly connected to the switch port?
switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security mac-address 0002.0002.0002 switchport port-security violation shutdown
A. The port will shut down.
B. The host will be allowed to connect.
C. The host will be refused access.
D. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 64
When you issue a command show port 3/1 on an Ethernet port, you observe the Giants column has a non-zero entry. What could cause this?
A. IEEE 802.1Q
B. IEEE 802.10
C. misconfigured NIC
D. user configuration

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Which two statements are true about the operation of voice VLANs on a Catalyst switch? (Choose two.)
A. Enabling voice VLANs enables the switch to create multiple queues for traffic that is entering a port.
B. Enabling voice VLANs enables the switch to forward frames with a specific 802.1P marking.
C. Voice VLANs are configured to enable the switch to forward frames marked with the proper CoS values over separate physical links.
D. When voice VLANs are configured on a trunk link, UplinkFast must also be enabled.
E. When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of the port.

Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 66
How does VTP pruning enhance network bandwidth?
A. by restricting unicast traffic to across VTP domains
B. by reducing unnecessary flooding of traffic to inactive VLANs
C. by limiting the spreading of VLAN information
D. by disabling periodic VTP updates

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Refer to the exhibit. The command spanning-tree guard root is configured on interface Gi0/0 on both switch S2 and S5. The global configuration command spanning-tree uplinkfast has been configured on both switch S2 and S5. The link between switch S4 and S5 fails. Will Host A be able to reach Host B?

A. Yes. Traffic can pass either from switch S6 to S3 to S2 to S1, or, from switch S6 to S5 to S2 to S1.
B. No. Traffic will pass from switch S6 to S5 and dead-end at interface Gi 0/0.
C. No. Traffic will loop back and forth between switch S5 and S2.
D. Yes. Traffic will pass from switch S6 to S3 to S2 to S1.
E. No. Traffic will either pass from switch S6 to to S5 and dead-end, or traffic will pass from switch S6 to S3 to S2 and dead-end.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 68
On a multilayer Catalyst switch, which interface command is used to convert a Layer 3 interface to a Layer 2 interface?
A. switchport
B. no switchport
C. switchport mode access
D. swithport access vlan vlan-id

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 69
Given the above diagram and assuming that STP is enabled on all switch devices, which two statements are true? (Choose two.)

A. DSW11 will be elected the root bridge.
B. DSW12 will be elected the root bridge.
C. ASW13 will be elected the root bridge.
D. P3/1 will be elected the nondesignated port.
E. P2/2 will be elected the nondesignated port.
F. P3/2 will be elected the nondesignated port.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Refer to the exhibit. A Cisco Aironet Wireless LAN Client Adapter has been installed and configured through the ADU on the PC. The Aironet System Tray Utility (ASTU) has been enabled during the installation and the icon appears in the system tray area in the lower right of the desktop. What is the significance of the icon?

A. It indicates that the radio of the client adapter is disabled.
B. It indicates that the client adapter is not associated to an access point or another client.
C. It indicates that the client adapter is associated to an access point or another client, but the user is not EAP authenticated.
D. It indicates that the client adapter is associated to an access point or another client, that the user is authenticated if the client adapter is configured for EAP authentication, and that the signal strength is excellent or good.
E. It indicates that the client adapter is associated to an access point or another client, that the user is authenticated if the client adapter is configured for EAP authentication, and that the signal strength is fair.
F. It indicates that the client adapter is associated to an access point or another client, that the user is authenticated if the client adapter is configured for EAP authentication, and that the signal strength is poor.

Correct Answer: F Section: (none) Explanation
Explanation/Reference: QUESTION 71
Which three statements are true regarding the above diagram? (Choose three.)

A. A trunk link will be formed.
B. Only VLANs 1-1001 will travel across the trunk link.
C. The native VLAN for Switch B is vlan 1.
D. DTP is not running on Switch A.
E. DTP packets are sent from Switch B.

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 72
LAB

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 73
What is a characteristic of a static VLAN membership assignment?
A. VMPS server lookup
B. easy to configure
C. ease of adds, moves, and changes
D. based on MAC address of the connected device

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 74
Refer to the exhibit. What will happen when one more user is connected to interface FastEthernet 5/1?

A. All secure addresses will age out and be removed from the secure address list. This will cause the security violation counter to increment.
B. The first address learned on the port will be removed from the secure address list and be replaced with the new address.
C. The interface will be placed into the error-disabled state immediately, and an SNMP trap notification will be sent.
D. The packets with the new source addresses will be dropped until a sufficient number of secure MAC addresses are removed from the secure address list.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 75
What can be determined about the HSRP relationship from the displayed debug output?

A. The preempt feature is not enabled on the 172.16.11.111 router.
B. The nonpreempt feature is enabled on the 172.16.11.112 router.
C. Router 172.16.11.111 will be the active router because its HSRP priority is preferred over router
172.16.11.112.
D. Router 172.16.11.112 will be the active router because its HSRP priority is preferred over router
172.16.11.111.
E. The IP address 172.16.11.111 is the virtual HSRP router IP address.
F. The IP address 172.16.11.112 is the virtual HSRP router IP address.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 76
Refer to the exhibit. Assume that Switch_A is active for the standby group and the standby device has only the default HSRP configuration. What conclusion is valid?

A. If port Fa1/1 on Switch_A goes down, the standby device will take over as active.
B. If the current standby device were to have the higher priority value, it would take over the role of active for the HSRP group.
C. If port Fa1/1 on Switch_A goes down, the new priority value for the switch would be 190.
D. If Switch_A had the highest priority number, it would not take over as active router.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
Which method of Layer 3 switching uses a forwarding information base (FIB)?
A. route caching
B. flow-based switching
C. demand-based switching
D. topology-based switching

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 78
A Cisco Aironet Wireless LAN Adapter CB21AG is inserted into a PC cardbus slot. Both the green status LED and the amber activity LED are blinking slowly. What is the condition of the adapter?
A. The adapter is not receiving power.
B. The adapter is in power save mode.
C. The adapter is scanning for the wireless network for which it is configured.
D. The adapter is associated to an access point or another client.
E. The adapter is transmitting or receiving data while associated to an access point or another client.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Refer to the exhibit. Which three statements are true about trust boundaries in the campus network? (Choose three.)

A. A device is trusted if it correctly classifies packets.
B. A device is trusted if it correctly declassifies packets.
C. The outermost trusted devices represent the trust boundary.
D. Classification and marking occur using 802.1ab QoS bits before reaching the trust boundary.
E. Network trust boundaries are automatically configured in IOS version 12.3 and later.
F. For scalability, classification should be done as close to the edge as possible.

Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:

Flydumps is ready to provide Cisco 642-812 exam training materials which can be very much helpful for getting Cisco 642-812 certification, which means that candidates.Cisco 642-812 exam can easily get access to the services of Cisco 642-812 for practice exam, which will assure them 100% Cisco 642-812 exam success rate.Though Cisco 642-812 exam tests are not easy at all,but they do not make Cisco 400-101 things complicated.

Cisco 642-637 Exam Questions And Answers, The Most Recommended Cisco 642-637 Certification Braindumps On Our Store

Your worries about Cisco 642-637 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the Cisco 642-637 exam. All the exam questions and answers is the latest and covering each and every aspect of Cisco 642-637 exam.It 100% ensure you pass the exam without any doubt.

QUESTION 51
You have enabled Cisco IOS IPS on a router in your network. However, you are not seeing expected events on your monitoring system (such as Cisco IME). On the router, you see events being captured. What is the next step in troubleshooting the problem?
A. verify thatsyslog is configured to send events to the correct server
B. verify SDEE communications
C. verify event action rules
D. verify that the IPS license is valid

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 52
Which two of these are features of control plane security on a Cisco ISR? (Choose two.
A. CoPP
B. RBAC
C. AAA
D. CPPr
E. uRPF
F. FPM

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 53
Which two of these are potential results of an attacker performing a DHCP server spoofing attack? (Choose two.)
A. DHCP snooping Build Your Dreams PassGuide 642-637
B. DoS
C. confidentiality breach
D. spoofed MAC addresses
E. switch ports being converted to anuntrusted state

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 54
When Cisco IOS IPS signatures are being tuned, how is the Target Value Rating assigned?
A. It is calculated from the Event Risk Rating.
B. It is calculated from a combination of the Attack Severity Rating and Signature Fidelity Rating
C. It is manually set by the administrator.
D. It is set based upon SEAP functions.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 55
Which of these should you do before configuring IP Source Guard on a Cisco Catalyst switch?
A. enable NTP for event correlation
B. enable IP routing authentication
C. configure an access list with exempt DHCP-initiated IP address ranges
D. turn DHCP snooping on at least 24 hours in advance

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 56
What action will the parameter-map type ooo global command enable?
A. globally initiates tuning of the router’s TCPnormalizer parameters for out-of-order packets
B. globally classifies typeooo packets within the parameter map and subsequent policy map
C. enables a parameter map namedooo
D. configures a global parameter map for traffic destined to the router itself

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 57
DRAG DROP
Build Your Dreams PassGuide 642-637

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 58
HOTSPOT
Build Your Dreams PassGuide 642-637
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 59
Build Your Dreams
PassGuide 642-637

HOTSPOT

Correct Answer: A Section: (none) Explanation Explanation/Reference:

Build Your Dreams PassGuide 642-637
QUESTION 60
HOTSPOT

Correct Answer: A

Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-637
QUESTION 61
HOTSPOT
Build Your Dreams
PassGuide 642-637
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 62
HOTSPOT A. Build Your Dreams PassGuide 642-637

Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 63
Which protocol is EAP encapsulated in for communications between the authenticator and the authentication server?
A. EAP-MD5
B. IPsec
C. EAPOL
D. RADIUS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 64
You are loading a basic IPS signature package onto a Cisco router. After a period of time, you see this
message:
%IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 275013 ms. What do you expect happened
during downloading and compilation of the files?

A. The files were successfully copied with an elapse time of 275013 ms.The router will continue with extraction and compilation of the signature database.
B. The signature engines were compiles, but there is no indication that the actual signatures were compiled.
C. The compilation failed for some of the signature engines. There are 16 engines, but only 6 Build Your Dreams PassGuide 642-637 were completed according to the %IPS-6 message
D. The files were compiled without error.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 65
Refer to the exhibit. Given the configuration shown, which of these statements is correct?

A. An external service is providing URL filtering via a subscription service.
B. All HTTP traffic to websites with the name “Gambling” included in the URL will be reset.
C. A service policy on the zone pair needs to be configured in the opposite direction or all return HTTP traffic will be blocked by policy
D. The URL filter policy has been configured in a fail-closed scenario. Build Your Dreams PassGuide 642-637

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 66
DRAG DROP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 67
Refer to the exhibit. Which two of these are most likely to have caused the issue with NHRP, given this output of the show command? (Choose two.)
Build Your Dreams PassGuide 642-637

A. There was a network ID mismatch.
B. The spoke router has not yet sent a request via Tunnel0.
C. The spoke router received a malformed NHRP packet.
D. There was an authentication key mismatch.
E. The registration request was expecting a return request ID of 1201, but received an ID of 120.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 68
DRAG DROP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-637
QUESTION 69
You have configured a guest VLAN using 802.1X on a Cisco Catalyst switch. A client incapable of using 802.1X has accessed the port and has been assigned to the guest VLAN. What happens when a client capable of using 802.1Xjoins the network on the same port?
A. The client capable of using 802.1X is allowed access and proper security policies are applied to the client.
B. EAPOL packets will not be allowed on the guest VLAN and the access attempt with fail.
C. The port is put into the unauthorized state in the user-configured access VLAN, and authentication is restarted.
D. This is considered a security breach by the authentication server and all users on the access port will be placed into the restricted VLAN.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 70
Refer to the exhibit. What can be determined from the information shown?

A. The user has been restricted to privilege level 1.
B. The standard access list should be reconfigured as an extended access list to allow desired user permissions
C. RBAC has been configured with restricted views.
D. IP access list DMZ_ACL has not yet been configured with proper permissions.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 71
Refer to the exhibit. Assuming that all other supporting configurations are correct, what can be determined from the partial IP admission configuration shown?
Build Your Dreams PassGuide 642-637

A. The router will forward authentication requests toa AAA server for authentication and authorization.
B. The user maint3nanc3 will have complete CLI command access once authenticated.
C. After a period of 20 minutes, the user will again be required to provide authentication credentials.
D. The authentication proxy will fail, because the router’s HTTP server has not been enabled.
E. All traffic entering interface GO/1 will be intercepted for authentication, but only Telnet traffic will be authorized.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 72
What will the authentication event fail retry 0 action authorize vlan 300 command accomplish?
A. assigns clients that fail 802.1X authentication into the restricted VLAN 300
B. assigns clients to VLAN 300 and attempts reauthorization
C. assigns a client to the guest VLAN 300 if it does not receive a response from the client to its EAPOL request/identity frame
D. locks out a user who fails an 802.1X authentication and does not allow the user to try to gain network access again for 300 seconds

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Build Your Dreams PassGuide 642-637
QUESTION 73
DRAG DROP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Build Your Dreams

Cisco 642-637 Questions and Answers Products basically comprise of the simulated Cisco 642-637 exam questions AND their most correct answers,accompanied with a methodical elucidation of the Cisco 642-637 exam answers and the probable wrong answers.The extent to which Cisco 642-637 exam Questions and Answers Products cover their Cisco subject is so thorough,that once you are done with a Cisco product,passing the Cisco 642-637 exam in first attempt should be a piece of cake.

Cisco 642-813 Practice Exam, Buy Best Cisco 642-813 Test Questions With High Quality

Most accurate The Cisco 642-813 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of Cisco 642-813.We provide our customers with the excellent 7×24 hours customer service.We have the most professional Cisco 642-813 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our Cisco 642-813 free pdf practice test for you to free download.Cisco 642-813 is also an authenticated IT certifications site that offer all the new questions and answers timely.Visit the site Flydumps.com to get free Cisco 642-813 VCE test engine and PDF.

Question 1:
Answer: C

On the Fa0/2 interface we can see the type of connection is P2p Peer (STP) and Cisco says that: “!—
Type P2p Peer(STP) represents that the neighbor switch runs PVST.”
Please visit this link to understand more http://www.cisco.com/en/US/products/hw/switches/ps708/
products_configuration_example09186a00807b0670.shtml

Question 2:

Answer: A

Have a look at the output at VLAN0047:
Notice there are two “Cost” value in the picture, the above “Cost” is the total cost from the current switch to
the root bridge while the second “Cost” refers to the cost on that interface (Fa0/2). Both these “Cost” are
the same so we can deduce that the root bridge is connectly directly to this switch on Fa0/2 interface -> the
root bridge is Switch B, and the “Address” field shows its MAC address 000f.34f5.0138. Notice Bridge ID =
Bridge Priority + MAC address.

Question 3:

Answer: C
We learned that Switch B is the root bridge for VLAN 47 so port Fa0/1 on SwitchA and Fa0/2 on SwitchC should be the root ports, and from the output of SwitchC, we knew that port Fa0/1 of SwitchC is in blocking state. Therefore its opposite port on SwitchA must be in designated state (forwarding). So, can Fa0/2 of SW-A be in blocking state? The answer is no so that BPDU packets can be received on Fa0/1 of SW-C. It will remain in blocking state as long as a steady .ow of BPDUs is received.
Question 4:
Answer: D
As explained in question 2, we can deduce SW-A is the root bridge for VLANs 1 and 106 so ports Fa0/1 on SW-B and SW-C will be the root ports. From the output of SW-C for VLANs 1 and 106, port Fa0/2 of this switch is designated (forwarding) so we can deduce interface Fa0/2 of SW-B is in blocking status.
Question 5:
Answer: D
SW-A is the root bridge for VLANs 1 and 106 and we can easily find the MAC address of this root bridge from the output of SW-C, it is 000d.65db.0102. Notice that SW-A has 2 bridge IDs for VLANs 1 and 106, they are 32769.000d.65db.0102 and 24682.000d.65db.0102
QUESTION 5
AAAdot1x Lab Sim Acme is a small shipping company that has an existing enterprise network comprised of 2 switches DSW1 and ASW2. The topology diagram indicates their layer 2 mapping. VLAN 40 is a new VLAN that will be used to provide the shipping personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:

-Users connecting to ASW1’s port must be authenticate before they are given access to the network.
-Authentication is to be done via a Radius server:

Radius server host: 172.120.39.46


Radius key: rad123
-Authentication should be implemented as close to the host device possible.
-Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24.

Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20.


Packets from devices in any other address range should be dropped on VLAN 20.
-Filtering should be implemented as close to the server farm as possible.
The Radius server and application servers will be installed at a future date. You have been tasked with
implementing the above access control as a pre-condition to installing the servers.
You must use the available IOS switch features.

A.

B.

C.

D.

Correct Answer: Section: Labs Explanation

Explanation/Reference:
Step1: Console to ASW1 from PC console 1
ASW1(config)# aaa new-model
ASW1(config)# radius-server host 172.120.39.46 key rad123 ASW1(config)# aaa authentication dot1x default group radius ASW1(config)# dot1x system-auth-control
ASW1(config)# int fastEthernet 0/1 ASW1(config-if)# switchport mode access ASW1(config-if)# dot1x port-control auto ASW1(config-if)# end
ASW1# copy running-config startup-config
Step2: Console to DSW1 from PC console 2
DSW1(config)# ip access-list standard 10 DSW1(config-ext-nacl)# permit 172.120.40.0 0.0.0.255 DSW1(config-ext-nacl)# exit
DSW1(config)# vlan access-map PASS 10 DSW1(config-access-map)# match ip address 10 DSW1(config-access-map)# action forward DSW1(config-access-map)# exit
DSW1(config)# vlan access-map PASS 20 DSW1(config-access-map)# action drop DSW1(config-access-map)# exit
DSW1(config)# vlan filter PASS vlan-list 20 DSW1(config)# exit
DSW1# copy running-config startup-config
QUESTION 6
MLS and EIGRP Sim 1
Configure the Multilayer Switch so that PCs from VLAN 2 and VLAN 3 can communicate with the Server.

A.
B.
C.
D.

Correct Answer: Section: Labs Explanation
Explanation/Reference:
mls>enable mls# conf t
mls(config)# int gi 0/1 mls(config-if)# no switchport mls(config-if)# ip address 10.10.10.2 255.255.255.0 mls(config-if)# no shutdown mls(config-if)# exit
mls(config)# int vlan 2 mls(config-if)# ip address 190.200.250.33 255.255.255.224 mls(config-if)# no shutdown
mls(config-if)# int vlan 3 mls(config-if)# ip address 190.200.250.65 255.255.255.224 mls(config-if)# no shutdown mls(config-if)#exit
mls(config)# int gi 0/10
mls(config-if)# switchport mode access
mls(config-if)# switchport access vlan 2
mls(config-if)# no shutdown
mls(config-if)# exit

mls(config)# int gi 0/11
mls(config-if)# switchport mode access
mls(config-if)# switchport access vlan 3
mls(config-if)# no shutdown
mls(config-if)# exit

mls(config)# ip routing (Notice: MLS will not work without this command)

mls(config)# router eigrp 650
mls(config-router)# network 10.10.10.0 0.0.0.255
mls(config-router)# network 190.200.250.32 0.0.0.31
mls(config-router)# network 190.200.250.64 0.0.0.31
mls(config-router)# no auto-summary
mls(config-router)# end

mls# copy running-configuration startup-configuration

NOTE : THE ROUTER IS CORRECTLY CONFIGURED, so you will not miss within it in the exam , also
don’t modify/delete any port just do the above configuration. in order to complete the lab , you should
expect the ping to SERVER to succeed from the MLS , and from the PCs as well.
If the above configuration does not work, you should configure EIGRP with “no auto-summary” command.

QUESTION 7
MLS and EIGRP Sim 2
You have been tasked with configuring multilayer SwitchC, which has a partial configuration and has been attached to RouterC as shown in the topology diagram.

HOST 1:
HOST 2:
You need to configure SwitchC so that Hosts H1 and H2 can successful ping the server S1. Also SwitchC needs to be able to ping server S1. Due to administrative restrictions and requirements you should not add/delete vlans, changes VLAN port assignments or create trunk links Company policies forbid the use of static or default routing All routes must be learned via EIGRP 65010 routing protocol. You do not have access to RouteC, RouterC is correctly configured. No trunking has been configured on RouterC. Routed interfaces should use the lowest host on a subnet when possible. The following subnets are available to implement this solution: · 172.16.1.0/24 · 192.168.3.32/27 · 192.168.3.64/27 Hosts H1 and H2 are configured with the correct IP address and default gateway. SwitchC uses Cisco as the enable password. Routing must only be enabled for the specific subnets shown in the diagram.
A.
B.
C.
D.
Correct Answer: Section: Labs Explanation
Explanation/Reference:
On switch C:
SwitchC> enable SwitchC# conf t SwitchC(config)# int gi 0/1 SwitchC(config-if)# no switchport -> without this the simulator does not let you assign IP address on Gi0/1 interface. SwitchC(config-if)# ip address 172.16.1.1 255.255.255.0 SwitchC(config-if)# no shutdown SwitchC(config-if)# exit
SwitchC(config)# int vlan 2 SwitchC(config-if)# ip address 192.168.3.33 255.255.255.224 (default gateway address) SwitchC(config-if)# no shutdown SwitchC(config-if)# exit
SwitchC(config-if)# int vlan 3 SwitchC(config-if)# ip address 192.168.3.65 255.255.255.224 (default gateway address) SwitchC(config-if)# no shutdown SwitchC(config-if)# exit
SwitchC(config)# ip routing SwitchC(config-router)# router eigrp 65010 SwitchC(config-router)# network 172.16.1.0 0.0.0.255 SwitchC(config-router)# network 192.168.3.32 0.0.0.31 SwitchC(config-router)# network 192.168.3.64 0.0.0.31 SwitchC(config-router)# no auto-summary SwitchC(config-router)# end
SwitchC# copy running-config startup-config
Verification: We should be able to ping from SWITCHC to the gateway called “Server S1” [208.77.188.166]
You must obtain subnets and IP ADDRESS by yourself and this will be done by clicking on each host icon, then write ipconfig and you will obtain ip addresses of the host, default gateway & subnet mask. The default gateway address & subnet mask should be configured as SwitchC respective vlan ip’s
QUESTION 8
LACP with STP Sim 1

Each of these vlans has one host each on its ports SVI on vlan 1 – ip 192.168.1.11
Switch B –
Ports 3, 4 connected to ports 3 and 4 on Switch A
Port 15 connected to Port on Router.
Tasks to do:
1.
Use non proprietary mode of aggregation with Switch B being the initiator — Use LACP with B being in Active mode

2.
Use non proprietary trunking and no negotiation — Use switchport mode trunk and switchport trunk encapsulation dot1q

3.
Restrict only to the VLANs needed — Use either VTP pruning or allowed VLAN list. The preferred method is using allowed VLAN list

4.
SVI on VLAN 1 with some ip and subnet given

5.
Configure switch A so that nodes other side of Router C are accessible — on switch A the default gateway has to be configured.

6.
Make switch B the root
A.
B.
C.
D.

Correct Answer: Section: Labs Explanation
Explanation/Reference:
SW-A: verify with show run if you need to create vlans 21-23 and verify trunk’s native vlan (remove if not 99)
SW-A# int vlan 1 SW-A(config-if)# ip address 192.168.1.11 255.255.255.0 SW-A(config-if)# no shut SW-A(config-if)# exit
SW-A(config)# int range fa 0/9 – 10 SW-A(config-if)# switchport mode access SW-A(config-if)# switchport access vlan 21 SW-A(config-if)# spanning-tree portfast SW-A(config-if)# no shut SW-A(config-if)# exit
SW-A(config)# int range fa 0/13 – 14 SW-A(config-if)# switchport mode access SW-A(config-if)# switchport access vlan 22 SW-A(config-if)# spanning-tree portfast SW-A(config-if)# no shut SW-A(config-if)# exit
SW-A(config)# int range fa 0/15 – 16 SW-A(config-if)# switchport mode access SW-A(config-if)# switchport access vlan 23 SW-A(config-if)# spanning-tree portfast SW-A(config-if)# no shut SW-A(config-if)# exit SW-A(config)# int range fa 0/3 – 4 SW-A(config-if)# channel-protocol lacp SW-A(config-if)# channel group 1 mode passive SW-A(config-if)# no shut SW-A(config-if)# exit
SW-A(config)# int port-channel 1 SW-A(config-if)# switchport trunk encapsulation dot1q SW-A(config-if)# switchport mode trunk SW-A(config-if)# switchport trunk native vlan 99 SW-A(config-if)# switchport trunk allowed vlans 1,21-23 SW-A(config-if)# no shut SW-A(config-if)# end
SW-A# copy running-configuration startup-configuration
SW B
SW-B# conf t
Create vlan: SW-B(config)# vlan 21 SW-B(config-vlan)# vlan 22 SW-B(config-vlan)# vlan 23 SW-B(config-vlan)# exit
SW-B(config)# spanning-tree vlan 1,21-23,99 root primary
SW-B(config)# int range fa 0/3 – 4 SW-B(config-if)# channel-protocol lacp SW-B(config-if)# channel-group 1 mode active SW-B(config-if)# no shut SW-B(config-if)# exit
SW-B(config)# int port-channel 1 SW-B(config-if)# switchport trunk encapsulation dot1q SW-B(config-if)# switchport mode trunk SW-B(config-if)# switchport trunk native vlan 99 (I did a sh vlan and saw vlan 99 named as “TrunkNative” so I used this as the native VLAN for both switches) SW-B(config-if)# switchport trunk allowed vlan 1,21-23 SW-B(config-if)# no shut SW-B(config-if)# end
SW-B# copy running-configuration startup-configuration
QUESTION 9
LACP with STP Sim 2
Scenario:
You work for SWITCH.com. They have just added a new switch (SwitchB) to the existing network as shown in the topology diagram.

RouterA is currently configured correctly and is providing the routing function for devices on SwitchA and SwitchB. SwitchA is currently configured correctly, but will need to be modified to support the addition of SwitchB. SwitchB has a minimal configuration. You have been tasked with competing the configuration of SwitchA and SwitchB. SwitchA and SwitchB use Cisco as the enable password.
Configuration Requirements for SwitchA
The VTP and STP configuration modes on SwitchA should not be modified.
Steps · SwitchA needs to be the root switch for vlans 11, 12, 13, 21, 22 and 23. All other vlans should be left are their default values.
Configuration Requirements for SwitchB

Vlan 21, Name: Marketing, will support two servers attached to fa0/9 and fa0/10


Vlan 22, Name: Sales, will support two servers attached to fa0/13 and fa0/14


Vlan 23, Name: Engineering, will support two servers attached to fa0/15 and fa0/16
· Access ports that connect to server should transition immediately transition to forwarding state upon detecting the connection of a device. · SwitchB VTP mode needs to be the same as SwitchA. · SwitchB must operate in the same spanning tree mode as SwitchA · No routing is to be configured on SwitchB · Only the SVI vlan 1 is to be configured and it is to use address 192.168.1.11/24
Inter-switch Connectivity Configuration Requirements:
· For operational and security reasons trunking should be unconditional and Vlans 1, 21, 22 and 23 should tagged when traversing the trunk link.
· The two trunks between SwitchA and SwitchB need to be configured in a mode that allows for the maximum use of their bandwidth for all vlans. This mode should be done with a non- proprietary protocol, with SwitchA controlling activation.
· Propagation of unnecessary broadcasts should be limited using manual pruning on this trunk link.
A.
B.
C.
D.

Correct Answer: Section: Labs Explanation
Explanation/Reference:
SwitchA
SwitchA# conf t
Create vlan: SwitchA(config)# vlan 21 SwitchA(config-vlan)# name Marketing SwitchA(config-vlan)# vlan 22 SwitchA(config-vlan)# name Sales SwitchA(config-vlan)# vlan 23 SwitchA(config-vlan)# name Engineering SwitchA(config-vlan)# exit
SwitchA(config)# spanning-tree vlan 1,11-13,21-23,99 root primary
SwitchA(config)# int range fa 0/3 – 4 SwitchA(config-if)# channel-protocol lacp SwitchA(config-if)# channel-group 1 mode active SwitchA(config-if)# no shut SwitchA(config-if)# exit
SwitchA(config)# int port-channel 1 SwitchA(config-if)# switchport trunk encapsulation dot1q SwitchA(config-if)# switchport mode trunk SwitchA(config-if)# switchport trunk native vlan 99 SwitchA(config-if)# switchport trunk allowed vlan 1,21-23 SwitchA(config-if)# no shut SwitchA(config-if)# end
SwitchA# copy running-configuration startup-configuration
SwitchB: verify with show run if you need to create vlans 21-23 and verify trunk’s native vlan (remove the wrong native if not 99)
SwitchB# conf t SwitchB(config-if)# int vlan 1 SwitchB(config-if)# ip address 192.168.1.11 255.255.255.0 SwitchB(config-if)# no shut SwitchB(config-if)# exit
SwitchB(config)# vtp mode transparent SwitchB(config)# spanning-tree mode rapid-pvst
SwitchB(config)# int range fa 0/9 – 10 SwitchB(config-if)# switchport mode access SwitchB(config-if)# switchport access vlan 21 SwitchB(config-if)# spanning-tree portfast SwitchB(config-if)# no shut SwitchB(config-if)# exit
SwitchB(config)# int range fa 0/13 – 14 SwitchB(config-if)# switchport mode access SwitchB(config-if)# switchport access vlan 22 SwitchB(config-if)# spanning-tree portfast SwitchB(config-if)# no shut SwitchB(config-if)# exit
SwitchB(config)# int range fa 0/15 – 16 SwitchB(config-if)# switchport mode access SwitchB(config-if)# switchport access vlan 23 SwitchB(config-if)# spanning-tree portfast SwitchB(config-if)# no shut SwitchB(config-if)# exit
SwitchB(config)# int range fa 0/3 – 4 SwitchB(config-if)# channel-protocol lacp SwitchB(config-if)# channel group 1 mode passive SwitchB(config-if)# no shut SwitchB(config-if)# exit
SwitchB(config)# int port-channel 1 SwitchB(config-if)# switchport trunk encapsulation dot1q SwitchB(config-if)# switchport mode trunk SwitchB(config-if)# switchport trunk native vlan 99 SwitchB(config-if)# switchport trunk allowed vlans 1,21-23 SwitchB(config-if)# no shut SwitchB(config-if)# end
SwitchB# copy running-configuration startup-configuration
QUESTION 10
HSRP HOTSPOT Sim
During routine maintenance, G1/0/1 on DSW1 was shutdown. All other interface were up. DSW2 became the active HSRP device for Vlan101 as desired. However, after G1/0/1 on DSW1 was reactivated. DSW1 did not become the active HSRP device as desired. What need to be done to make the group for Vlan101 function properly?

Interface VLAN 101 exhibit:

A. Enable preempt on DS1’s Vlan101 HSRP group
B. Disable preempt on DS1’s Vlan101 HSRP group
C. Decrease DS1’s priority value for Vlan101 HSRP group to a value that is less than priority value configured on DS2’s HSRP group for Vlan101
D. Decrease the decrement in the track command for DS1’s Vlan 101 HSRP group to a value less than the value in the track command for DS2’s Vlan 101 HSRP group.
Correct Answer: A Section: HSRP Explanation
Explanation/Reference:
Explanation:
A is correct. All other answers is incorrect. Because Vlan101 on DS1 ( left ) disable preempt. We need enable preempt to after it reactive , it will be active device. If not this command, it never become active device.
QUESTION 11
HSRP HOTSPOT Sim
During routine maintenance, it became necessary to shutdown G1/0/1 on DSW1. All other interface were up. During this time, DSW1 remained the active device for Vlan 102′s HSRP group. You have determined that there is an issue with the decrement value in the track command in Vlan 102′s HSRP group. What need to be done to make the group function properly?

Interface VLAN 102 exhibit:

A. The DS1’s decrement value should be configured with a value from 5 to 15
B. The DS1’s decrement value should be configured with a value from 9 to 15
C. The DS1’s decrement value should be configured with a value from 11 to 18
D. The DS1’s decrement value should be configured with a value from 195 to less than 205
E. The DS1’s decrement value should be configured with a value from 200 to less than 205
F. The DS1’s decrement value should be greater than 190 and less 200
Correct Answer: C Section: HSRP Explanation
Explanation/Reference:
Explanation:
Use “show run” command to show. The left Vlan102 is console1 of DS1. Priority value is 200, we should decrement value in the track command from 11 to 18. Because 200 11 = 189 < 190( priority of Vlan102 on DS2 ).
QUESTION 12
HSRP HOTSPOT Sim
DSW2 has not become the active device for Vlan103′s HSRP group even though all interfaces are active. As related to Vlan103′s HSRP group. What can be done to make the group function properly?

Interface VLAN 103 exhibit: A. On DS1, disable preempt

B. On DS1, decrease the priority value to a value less than 190 and greater than 150
C. On DS2, increase the priority value to a value greater 241 and less than 249
D. On DS2, increase the decrement value in the track command to a value greater than 10 and less than
50.
Correct Answer: C Section: HSRP Explanation
Explanation/Reference:
Explanation:
The reason DSW2 has not become the active switch for Vlan103 is because the priority value of DSW1 is higher than that of DSW2. In order to make DSW2 become the active switch, we need to increase DSW2′s priority (to higher than 200) or decrease DSW1′s priority (to lower than 190).
QUESTION 13
HSRP HOTSPOT Sim
During routine maintenance, it became necessary to shutdown G1/0/1 on DSW1 and DSW2. All other interface were up. During this time, DSW1 became the active device for Vlan104′s HSRP group. As related to Vlan104′s HSRP group, what can be done to make the group function properly?

Interface VLAN 104 exhibit:

A. On DS1, disable preempt
B. On DS2, decrease the priority value to a value less than 150
C. On DS1, increase the decrement value in the track command to a value greater than 6
D. On DS1, disable track command.

Correct Answer: C Section: HSRP Explanation
Explanation/Reference:
Explanation:
We should NOT disable preempt on DS1. By do that, you will make Vlan104’s HSRP group fail function. Example: if we are disable preempt on DS1. It can not become active device when G1/0/1 on DS2 fail. In this question, G0/1/0 on DS1 & DS2 is shutdown. Vlan104 (left) : 150 1 = 149. Vlan104 (right) : 200 155 =
145. Result is priority 149 > 145 ( Vlan104 on DS1 is active). If increase the decrement in the track value to a value greater than 6 ( > or = 6). Vlan104 (left) : 150 6 = 144. Result is priority 144 < 145 ( vlan104 on DS2 is active).
QUESTION 14
HSRP HOTSPOT Sim
If G1/0/1 on DSW1 is shutdown, what will be the current priority value of the Vlan105′s group on DSW1?

Interface VLAN 105 exhibit:

A. 95
B. 100
C. 150
D. 200

Correct Answer: A Section: HSRP
Explanation Explanation/Reference:
Explanation:
Priority is configured 150, Track is 55. So, if shutdown interface G1/0/1 > 150 55 = 95.

QUESTION 15
HSRP HOTSPOT Sim
What is the configured priority value of the Vlan105′s group on DSW2 ?
Interface VLAN 105 exhibit: B. 100

C. 150
D. 200
Correct Answer: B Section: HSRP Explanation
Explanation/Reference:
Explanation:
Use “show standby brief” command on console2 . Very easy to see priority of Vlan105 is 100.
QUESTION 16
STP HOTSPOT Sim
Online Incorporated is an internet game provide. The game service network had recently added an additional switch block with multiple VLANs configured. Unfortunately, system administrators neglected to document the spanning-tree topology during configuration. For baseline purpose, you will be required to identify the spanning-tree topology for the switch block. Using the output of “show spanning-tree” command on switch SW-C and the provided physical topology, answer the following questions:
Beware: VLAN number can change.
Question 1:
Which spanning Tree Protocol has been implemented on SW-B?
A. STP/IEEE 802.1D
B. MSTP/IEEE 802.1s
C. PVST+
D. PVRST
E. None of the above
A.
B.
C.
D.
E.
Correct Answer: C Section: STP Explanation
Explanation/Reference:
Answer: C

On the Fa0/2 interface we can see the type of connection is P2p Peer (STP) and Cisco says that: “!—
Type P2p Peer(STP) represents that the neighbor switch runs PVST.”
Please visit this link to understand more http://www.cisco.com/en/US/products/hw/switches/ps708/
products_configuration_example09186a00807b0670.shtml

QUESTION 17
STP HOTSPOT Sim
Online Incorporated is an internet game provide. The game service network had recently added an additional switch block with multiple VLANs configured. Unfortunately, system administrators neglected to document the spanning-tree topology during configuration. For baseline purpose, you will be required to identify the spanning-tree topology for the switch block. Using the output of “show spanning-tree” command on switch SW-C and the provided physical topology, answer the following questions:
Beware: VLAN number can change.
Which bridge ID belongs to SW-B?
A. 24623.000f.34f5.0138
B. 32768.000d.bd03.0380
C. 32768.000d.65db.0102
D. 32769.000d.65db.0102
E. 32874.000d.db03.0380
F. 32815.000d.db03.0380
A.
B.
C.
D.
E.
F.
Correct Answer: A Section: STP Explanation
Explanation/Reference:
Answer: A

Have a look at the output at VLAN0047:
Notice there are two “Cost” value in the picture, the above “Cost” is the total cost from the current switch to
the root bridge while the second “Cost” refers to the cost on that interface (Fa0/2). Both these “Cost” are
the same so we can deduce that the root bridge is connectly directly to this switch on Fa0/2 interface -> the
root bridge is Switch B, and the “Address” field shows its MAC address 000f.34f5.0138. Notice Bridge ID =
Bridge Priority + MAC address.
QUESTION 18
STP HOTSPOT Sim
Online Incorporated is an internet game provide. The game service network had recently added an additional switch block with multiple VLANs configured. Unfortunately, system administrators neglected to document the spanning-tree topology during configuration. For baseline purpose, you will be required to identify the spanning-tree topology for the switch block. Using the output of “show spanning-tree” command on switch SW-C and the provided physical topology, answer the following questions:
Beware: VLAN number can change.
Which port role has interface Fa0/2 of SW-A adopted for VLAN 47?
A. Root port
B. Nondesigned port
C. Designated port
D. Backup port
E. Alternate port
A.
B.
C.
D.
E.
Correct Answer: C Section: STP Explanation
Explanation/Reference:
Answer: C
We learned that Switch B is the root bridge for VLAN 47 so port Fa0/1 on SwitchA and Fa0/2 on SwitchC should be the root ports, and from the output of SwitchC, we knew that port Fa0/1 of SwitchC is in blocking state. Therefore its opposite port on SwitchA must be in designated state (forwarding). So, can Fa0/2 of SW-A be in blocking state? The answer is no so that BPDU packets can be received on Fa0/1 of SW-C. It will remain in blocking state as long as a steady .ow of BPDUs is received.
QUESTION 19
STP HOTSPOT Sim
Online Incorporated is an internet game provide. The game service network had recently added an additional switch block with multiple VLANs configured. Unfortunately, system administrators neglected to document the spanning-tree topology during configuration. For baseline purpose, you will be required to identify the spanning-tree topology for the switch block. Using the output of “show spanning-tree” command on switch SW-C and the provided physical topology, answer the following questions:
Beware: VLAN number can change.
Which port state is interface Fa0/2 of SW-B in for VLANs 1 and 106?
A. Listening
B. Learning
C. Disabled
D. Blocking
E. Forwarding
F. Discarding
A.
B.
C.
D.
E.
F.
Correct Answer: D Section: STP Explanation
Explanation/Reference:
Answer: D
As explained in question 2, we can deduce SW-A is the root bridge for VLANs 1 and 106 so ports Fa0/1 on SW-B and SW-C will be the root ports. From the output of SW-C for VLANs 1 and 106, port Fa0/2 of this switch is designated (forwarding) so we can deduce interface Fa0/2 of SW-B is in blocking status.
QUESTION 20
STP HOTSPOT Sim
Online Incorporated is an internet game provide. The game service network had recently added an additional switch block with multiple VLANs configured. Unfortunately, system administrators neglected to document the spanning-tree topology during configuration. For baseline purpose, you will be required to identify the spanning-tree topology for the switch block. Using the output of “show spanning-tree” command on switch SW-C and the provided physical topology, answer the following questions:
Beware: VLAN number can change.
Which bridge ID belongs to SW-A?
A. 24623.000f.34f5.0138
B. 32768.000d.bd03.0380
C. 32768.000d.65db.0102
D. 32769.000d.65db.0102
E. 32874.000d.db03.0380
F. 32815.000d.db03.0380
A.
B.
C.
D.
E.
F.
Correct Answer: D Section: STP Explanation
Explanation/Reference:
Answer: D
SW-A is the root bridge for VLANs 1 and 106 and we can easily find the MAC address of this root bridge from the output of SW-C, it is 000d.65db.0102. Notice that SW-A has 2 bridge IDs for VLANs 1 and 106, they are 32769.000d.65db.0102 and 24682.000d.65db.0102

Exam E
QUESTION 1
Which statement is true about RSTP topology changes?
A. Any change in the state of the port generates a TC BPDU.
B. Only nonedge ports moving to the forwarding state generate a TC BPDU.
C. If either an edge port or a nonedge port moves to a block state, then a TC BPDU is generated.
D. Only edge ports moving to the blocking state generate a TC BPDU.
E. Any loss of connectivity generates a TC BPDU.
Correct Answer: B Section: RSTP, MST Explanation
Explanation/Reference:
Explanation:
The IEEE 802.1D Spanning Tree Protocol was designed to keep a switched or bridged network loop free,
with adjustments made to the network topology dynamically. A topology change typically takes 30
seconds, where a port moves from the Blocking state to the Forwarding state after two intervals of the
Forward Delay timer. As technology has improved, 30 seconds has become an unbearable length of time
to wait for a production network to failover or “heal” itself during a problem.

Topology Changes and RSTP
Recall that when an 802.1D switch detects a port state change (either up or down), it signals the Root
Bridge by sending topology change notification (TCN) BPDUs. The Root Bridge must then signal a
topology change by sending out a TCN message that is relayed to all switches in the STP domain. RSTP
detects a topology change only when a nonedge port transitions to the Forwarding state. This might seem
odd because a link failure is not used as a trigger. RSTP uses all of its rapid convergence mechanisms to
prevent bridging loops from forming.

Therefore, topology changes are detected only so that bridging tables can be updated and corrected as
hosts appear first on a failed port and then on a different functioning port. When a topology change is
detected, a switch must propagate news of the change to other switches in the network so they can correct
their bridging tables, too. This process is similar to the convergence and synchronization mechanism-
topology change (TC) messages propagate through the network in an everexpanding wave.

QUESTION 2
Refer to the exhibit.

Which four statements about this GLBP topology are true? (Choose four.)
A. Router A is responsible for answering ARP requests sent to the virtual IP address.
B. If router A becomes unavailable, router B forwards packets sent to the virtual MAC address of router A.
C. If another router is added to this GLBP group, there would be two backup AVGs.
D. Router B is in GLBP listen state.
E. Router A alternately responds to ARP requests with different virtual MAC addresses.
F. Router B transitions from blocking state to forwarding state when it becomes the AVG.

Correct Answer: ABDE Section: GLBP Explanation
Explanation/Reference:
Explanation:
With GLBP the following is true:
With GLB, there is 1 AVG and 1 standby VG. In this case Company1 is the AVG and Company2 is the
standby. Company2 would act as a VRF and would already be forwarding and routing packets.
Any additional routers would be in a listen state.
As the role of the Active VG and load balancing, Company1 responds to ARP requests with different virtual
MAC addresses.
In this scenario, Company2 is the Standby VF for the VMAC 0008.b400.0101 and would become the
Active VF if Company1 were down.
As the role of the Active VG, the primary responsibility is to answer ARP requests to the virtual IP address.
As an AVF router Company2 is already forwarding/routing packets

QUESTION 3
Refer to the exhibit.

Which VRRP statement about the roles of the master virtual router and the backup virtual router is true?
A. Router A is the master virtual router, and router B is the backup virtual router. When router A fails, router B becomes the master virtual router. When router A recovers, router B maintains the role of master virtual router.
B. Router A is the master virtual router, and router B is the backup virtual router. When router A fails, router B becomes the master virtual router. When router A recovers, it regains the master virtual router role.
C. Router B is the master virtual router, and router A is the backup virtual router. When router B fails, router A becomes the master virtual router. When router B recovers, router A maintains the role of master virtual router.
D. Router B is the master virtual router, and router A is the backup virtual router. When router B fails, router A becomes the master virtual router. When router B recovers, it regains the master virtual router role.

Correct Answer: B Section: VRRP Explanation
Explanation/Reference:
Explanation:
QUESTION 4
Which description correctly describes a MAC address flooding attack?
A. The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device then becomes the destination address found in the Layer 2 frames sent by the valid network device.
B. The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device then becomes the source address found in the Layer 2 frames sent by the valid network device.
C. The attacking device spoofs a destination MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device.
D. The attacking device spoofs a source MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device.
E. Frames with unique, invalid destination MAC addresses flood the switch and exhaust CAM table space. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports.
F. Frames with unique, invalid source MAC addresses flood the switch and exhaust CAM table space. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports.
Correct Answer: F Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 5
Refer to the exhibit.

An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server for a man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack?
A. All switch ports in the Building Access block should be configured as DHCP trusted ports.
B. All switch ports in the Building Access block should be configured as DHCP untrusted ports.
C. All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted ports.
D. All switch ports connecting to hosts in the Building Access block should be configured as DHCP untrusted ports.
E. All switch ports in the Server Farm block should be configured as DHCP untrusted ports.
F. All switch ports connecting to servers in the Server Farm block should be configured as DHCP untrusted ports.

Correct Answer: D Section: Access Security Explanation
Explanation/Reference:
Explanation: One of the ways that an attacker can gain access to network traffic is to spoof responses that would be sent by a valid DHCP server. The DHCP spoofing device replies to client DHCP requests. The legitimate server may reply also, but if the spoofing device is on the same segment as the client, its reply to the client may arrive first. The intruder’s DHCP reply offers an IP address and supporting information that designates the intruder as the default gateway or Domain Name System (DNS) server. In the case of a gateway, the clients will then forward packets to the attacking device, which will in turn send them to the desired destination. This is referred to as a “man-in-the-middle” attack, and it may go entirely undetected as the intruder intercepts the data flow through the network. Untrusted ports are those that are not explicitly configured as trusted. A DHCP binding table is built for untrusted ports. Each entry contains the client MAC address, IP address, lease time, binding type, VLAN number, and port ID recorded as clients make DHCP requests. The table is then used to filter subsequent DHCP traffic. From a DHCP snooping perspective, untrusted access ports should not send any DHCP server responses, such as DHCPOFFER, DHCPACK, DHCPNAK.
QUESTION 6
Refer to the exhibit.

The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. However, the servers do need to communicate with a database server located in the inside
network. Which configuration isolates the servers from each other?
A. The switch ports 3/1 and 3/2 are defined as secondary VLAN isolated ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.
B. The switch ports 3/1 and 3/2 are defined as secondary VLAN community ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.
C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.
D. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN community ports.

Correct Answer: A Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
Service providers often have devices from multiple clients, in addition to their own servers, on a single
Demilitarized Zone (DMZ) segment or VLAN. As security issues proliferate, it becomes necessary to
provide traffic isolation between devices, even though they may exist on the same Layer 3 segment and
VLAN. Catalyst 6500/4500 switches implement PVLANs to keep some switch ports shared and some
switch ports isolated, although all ports exist on the same VLAN. The 2950 and 3550 support “protected
ports,” which are functionality similar to PVLANs on a per- switch basis.

A port in a PVLAN can be one of three types:
Isolated: An isolated port has complete Layer 2 separation from other ports within the same PVLAN,
except for the promiscuous port. PVLANs block all traffic to isolated ports, except the traffic from
promiscuous ports. Traffic received from an isolated port is forwarded to only promiscuous ports.
Promiscuous: A promiscuous port can communicate with all ports within the PVLAN, including the
community and isolated ports. The default gateway for the segment would likely be hosted on a
promiscuous port, given that all devices in the PVLAN will need to communicate with that port. Community:
Community ports communicate among themselves and with their promiscuous ports. These interfaces are
isolated at Layer 2 from all other interfaces in other communities, or in isolated ports within their PVLAN.

QUESTION 7
What does the command “udld reset” accomplish?
A. allows a UDLD port to automatically reset when it has been shut down
B. resets all UDLD enabled ports that have been shut down
C. removes all UDLD configurations from interfaces that were globally enabled
D. removes all UDLD configurations from interfaces that were enabled per-port
Correct Answer: B Section: STP Protection Explanation
Explanation/Reference:
Explanation:
QUESTION 8
Refer to the exhibit.

Dynamic ARP Inspection is enabled only on switch SW_A. Host_A and Host_B acquire their IP addresses from the DHCP server connected to switch SW_A. What would the outcome be if Host_B initiated an ARP spoof attack toward Host_A ?
A. The spoof packets are inspected at the ingress port of switch SW_A and are permitted.
B. The spoof packets are inspected at the ingress port of switch SW_A and are dropped.
C. The spoof packets are not inspected at the ingress port of switch SW_A and are permitted.
D. The spoof packets are not inspected at the ingress port of switch SW_A and are dropped.

Correct Answer: C Section: Access Security Explanation Explanation/Reference:
Explanation:
When configuring DAI, follow these guidelines and restrictions:

· DAI is an ingress security feature; it does not perform any egress checking. · DAI is not effective for hosts
connected to routers that do not support DAI or that do not have this feature enabled. Because man-in-the-middle attacks are limited to a single Layer 2 broadcast domain, separate the domain with DAI checks from
the one with no checking. This action secures the ARP caches of hosts in the domain enabled for DAI. ·
DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address bindings
in incoming ARP requests and ARP responses. Make sure to enable DHCP snooping to permit ARP
packets that have dynamically assigned IP addresses. · When DHCP snooping is disabled or in non-DHCP
environments, use ARP ACLs to permit or to deny packets.
· DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports. In our
example, since Company2 does not have DAI enabled (bullet point 2 above) packets will not be inspected
and they will be permitted.

Reference:
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/dynarp.html

QUESTION 9
Which statement is true about Layer 2 security threats?
A. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use Dynamic ARP Inspection to determine vulnerable attack points.
B. DHCP snooping sends unauthorized replies to DHCP queries.
C. ARP spoofing can be used to redirect traffic to counter Dynamic ARP Inspection.
D. Dynamic ARP Inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.
E. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
F. Port scanners are the most effective defense against Dynamic ARP Inspection.
Correct Answer: E Section: Access Security Explanation
Explanation/Reference:
Explanation:
First of all, MAC spoofing is not an effective counter-measure against any reconnaissance attack; it IS an
attack! Furthermore, reconnaissance attacks don’t use dynamic ARP inspection (DAI); DAI is a switch
feature used to prevent attacks.

QUESTION 10
What does the global configuration command “ip arp inspection vlan 10-12,15” accomplish?
A. validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15
B. intercepts all ARP requests and responses on trusted ports
C. intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings
D. discards ARP packets with invalid IP-to-MAC address bindings on trusted ports
Correct Answer: C Section: Access Security Explanation
Explanation/Reference:
Explanation: The “ip arp inspection” command enables Dynamic ARP Inspection (DAI) for the specified VLANs. DAI is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. This capability protects the network from certain “man-in-the- middle” attacks.
Reference:
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/dynarp .html
QUESTION 11
Refer to the exhibit.

Host A has sent an ARP message to the default gateway IP address 10.10.10.1. Which statement is true?
A. Because of the invalid timers that are configured, DSw1 does not reply.
B. DSw1 replies with the IP address of the next AVF.
C. DSw1 replies with the MAC address of the next AVF.
D. Because of the invalid timers that are configured, DSw2 does not reply.
E. DSw2 replies with the IP address of the next AVF.
F. DSw2 replies with the MAC address of the next AVF.
Correct Answer: F Section: HSRP Explanation
Explanation/Reference:
Explanation:
The Gateway Load Balancing Protocol (GLBP) is a Cisco-proprietary protocol designed to overcome the
limitations of existing redundant router protocols. Some of the concepts are the same as with HSRP/
VRRP, but the terminology is different and the behavior is much more dynamic and robust.

The trick behind this load balancing lies in the GLBP group. One router is elected the active virtual gateway
(AVG). This router has the highest priority value, or the highest IP address in the group, if there is no

highest priority. The AVG answers all ARP requests for the virtual router address. Which MAC address it returns depends on which load-balancing algorithm it is configured to use. In any event, the virtual MAC address supported by one of the routers in the group is returned. According to exhibit, Router Company2 is the Active Virtual Gateway (AVG) router because it has highest IP address even having equal priority. When router Company1 sends the ARP message to 10.10.10.1 Router Company2 will reply to Company1 as a Active Virtual Router.
QUESTION 12
What are two methods of mitigating MAC address flooding attacks? (Choose two.)
A. Place unused ports in a common VLAN.
B. Implement private VLANs.
C. Implement DHCP snooping.
D. Implement port security.
E. Implement VLAN access maps
Correct Answer: DE Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 13
Refer to the exhibit.

What information can be derived from the output?
A. Interfaces FastEthernet3/1 and FastEthernet3/2 are connected to devices that are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. After the sending of BPDUs has stopped, the interfaces must be shut down administratively, and brought back up, to resume normal operation.
B. Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter, but traffic is still forwarded across the ports.
C. Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. After the inaccurate BPDUs have been stopped, the interfaces automatically recover and resume normal operation.
D. Interfaces FastEthernet3/1 and FastEthernet3/2 are candidates for becoming the STP root port, but neither can realize that role until BPDUs with a superior root bridge parameter are no longer received on at least one of the interfaces.

Correct Answer: C Section: STP Protection Explanation
Explanation/Reference:
Explanation:
QUESTION 14
What is one method that can be used to prevent VLAN hopping?
A. Configure ACLs.
B. Enforce username and password combinations.
C. Configure all frames with two 802.1Q headers.
D. Explicitly turn off DTP on all unused ports.
E. Configure VACLs.
Correct Answer: D Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
When securing VLAN trunks, also consider the potential for an exploit called VLAN hopping. Here, an
attacker positioned on one access VLAN can craft and send frames with spoofed 802.1Q tags so that the
packet payloads ultimately appear on a totally different VLAN, all without the use of a router.

For this exploit to work, the following conditions must exist in the network configuration:
The attacker is connected to an access switch port.
The same switch must have an 802.1Q trunk.
The trunk must have the attacker’s access VLAN as its native VLAN. To prevent from VLAN hopping turn
off Dynamic Trunking Protocol on all unused ports.

QUESTION 15
Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning-tree topology of a network?
A. BPDU guard can guarantee proper selection of the root bridge.
B. BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.
C. BPDU guard can be utilized to prevent the switch from transmitting BPDUs and incorrectly altering the root bridge election.
D. BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network.
Correct Answer: B Section: STP Protection Explanation
Explanation/Reference:
Explanation:
QUESTION 16
What two steps can be taken to help prevent VLAN hopping? (Choose two.)
A. Place unused ports in a common unrouted VLAN.
B. Enable BPDU guard.
C. Implement port security.
D. Prevent automatic trunk configurations.
E. Disable Cisco Discovery Protocol on ports where it is not necessary.

Correct Answer: AD Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
QUESTION 17
Refer to the exhibit.

Assume that Switch_A is active for the standby group and the standby device has only the default HSRP configuration. Which statement is true?
A. If port Fa1/1 on Switch_A goes down, the standby device takes over as active.
B. If the current standby device had the higher priority value, it would take over the role of active for the HSRP group.
C. If port Fa1/1 on Switch_A goes down, the new priority value for the switch would be 190.
D. If Switch_A had the highest priority number, it would not take over as active router.
Correct Answer: C Section: HSRP Explanation
Explanation/Reference:
Explanation:
QUESTION 18
When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to gather information?
A. The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk.
B. The attacking station tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.
C. The attacking station generates frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.
D. The attacking station uses VTP to collect VLAN information that is sent out and then tags itself with the domain information to capture the data.
Correct Answer: A Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
DTP should be disabled for all user ports on a switch. If the port is left with DTP auto-configured (default on
many switches), an attacker can connect and arbitrarily cause the port to start trunking and therefore pass
all VLAN information.

Reference:
http://www.cisco.com/en/US/solutions/ns340/ns517/ns224/ns376/net_design_guidance0900aecd8
00ebd1e.pdf

QUESTION 19
Refer to the exhibit.

GLBP has been configured on the network. When the interface serial0/0/1 on router R1 goes down, how is the traffic coming from Host1 handled?
A. The traffic coming from Host1 and Host2 is forwarded through router R2 with no disruption.
B. The traffic coming from Host2 is forwarded through router R2 with no disruption. Host1 sends an ARP request to resolve the MAC address for the new virtual gateway.
C. The traffic coming from both hosts is temporarily interrupted while the switchover to make R2 active occurs.
D. The traffic coming from Host2 is forwarded through router R2 with no disruption. The traffic from Host1 is dropped due to the disruption of the load balancing feature configured for the GLBP group.

Correct Answer: A Section: GLBP Explanation
Explanation/Reference:
Explanation: The Gateway Load Balancing Protocol (GLBP) is a Cisco-proprietary protocol designed to overcome the limitations of existing redundant router protocols. Some of the concepts are the same as with HSRP/VRRP, but the terminology is different and the behavior is much more dynamic and robust and allows for load balancing. The trick behind this load balancing lies in the GLBP group. One router is elected the active virtual gateway (AVG). This router has the highest priority value, or the highest IP address in the group, if there is no highest priority. The AVG answers all ARP requests for the virtual router address. Which MAC address it returns depends on which load-balancing algorithm it is configured to use. In any event, the virtual MAC address supported by one of the routers in the group is returned. According to exhibit, Company1 is the active virtual gateway and Company2 is the standby virtual gateway. So, when Company1 goes down, Company2 will become active virtual gateway and all data goes through Company2.
QUESTION 20
Refer to the exhibit.

DHCP snooping is enabled for selected VLANs to provide security on the network. How do the switch ports handle the DHCP messages?
A. A DHCPOFFER packet from a DHCP server received on Ports Fa2/1 and Fa2/2 is dropped.
B. A DHCP packet received on ports Fa2/1 and Fa2/2 is dropped if the source MAC address and the DHCP client hardware address does not match Snooping database.
C. A DHCP packet received on ports Fa2/1 and Fa2/2 is forwarded without being tested.
D. A DHCPRELEASE message received on ports Fa2/1 and Fa2/2 has a MAC address in the DHCP snooping binding database, but the interface information in the binding database does not match the interface on which the message was received and is dropped.
Correct Answer: C Section: Access Security Explanation
Explanation/Reference:
Explanation:

Exam F QUESTION 1
Refer to the exhibit and the partial configuration on routers R1 and R2.

HSRP is configured on the network to provide network redundancy for the IP traffic. The network administrator noticed that R2 does not become active when the R1 serial0 interface goes down. What should be changed in the configuration to fix the problem?
A. R2 should be configured with an HSRP virtual address.
B. R2 should be configured with a standby priority of 100.
C. The Serial0 interface on router R2 should be configured with a decrement value of 20.
D. The Serial0 interface on router R1 should be configured with a decrement value of 20.

Correct Answer: D Section: HSRP Explanation
Explanation/Reference:
Explanation:
You can configure a router to preempt or immediately take over the active role if its priority is the highest at
any time. Use the following interface configuration command to allow preemption:
Switch(config-if)# standby group preempt [delay seconds] By default, the router can preempt another
immediately, without delay. You can use the delay keyword to force it to wait for seconds before becoming
active. This is usually done if there are routing protocols that need time to converge.

QUESTION 2
Which optional feature of an Ethernet switch disables a port on a point-to-point link if the port does not receive traffic while Layer 1 status is up?
A. BackboneFast
B. UplinkFast
C. Loop Guard
D. UDLD aggressive mode
E. Fast Link Pulse bursts
F. Link Control Word
Correct Answer: D Section: STP Protection Explanation
Explanation/Reference:
Explanation:
QUESTION 3
Which three statements about routed ports on a multilayer switch are true? (Choose three.)
A. A routed port can support VLAN subinterfaces.
B. A routed port takes an IP address assignment.
C. A routed port can be configured with routing protocols.
D. A routed port is a virtual interface on the multilayer switch.
E. A routed port is associated only with one VLAN.
F. A routed port is a physical interface on the multilayer switch.
Correct Answer: BCF Section: MultiLayer Switching Explanation
Explanation/Reference:
Explanation:
QUESTION 4
Refer to the exhibit.

Why are users from VLAN 100 unable to ping users on VLAN 200?
A. Encapsulation on the switch is wrong.
B. Trunking must be enabled on Fa0/1.
C. The native VLAN is wrong.
D. VLAN 1 needs the no shutdown command.
E. IP routing must be enabled on the switch.

Correct Answer: B Section: VLANs, Trunks Explanation
Explanation/Reference:
Explanation:
QUESTION 5
Which three statements about Dynamic ARP Inspection are true? (Choose three.)
A. It determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP snooping database.
B. It forwards all ARP packets received on a trusted interface without any checks.
C. It determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.
D. It forwards all ARP packets received on a trusted interface after verifying and inspecting the packet against the Dynamic ARP Inspection table.
E. It intercepts all ARP packets on untrusted ports.
F. It is used to prevent against a DHCP snooping attack.
Correct Answer: ABE Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 6
A network administrator wants to configure 802.1x port-based authentication, however, the client workstation is not 802.1x compliant. What is the only supported authentication server that can be used?
A. TACACS with LEAP extensions
B. TACACS+
C. RADIUS with EAP extensions
D. LDAP
Correct Answer: C Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 7
The following command was issued on a router that is being configured as the active HSRP router.
standby ip 10.2.1.1
Which statement about this command is true?
A. This command will not work because the HSRP group information is missing.
B. The HSRP MAC address will be 0000.0c07.ac00.
C. The HSRP MAC address will be 0000.0c07.ac01.
D. The HSRP MAC address will be 0000.070c.ac11.
E. This command will not work because the active parameter is missing.

Correct Answer: B Section: HSRP Explanation
Explanation/Reference:
Explanation:
QUESTION 8
Refer to the exhibit.

The link between switch SW1 and switch SW2 is configured as a trunk, but the trunk failed to establish connectivity between the switches. Based on the configurations and the error messages received on the console of SW1, what is the cause of the problem?
A. The two ends of the trunk have different duplex settings.
B. The two ends of the trunk have different EtherChannel configurations.
C. The two ends of the trunk have different native VLAN configurations.
D. The two ends of the trunk allow different VLANs on the trunk.
Correct Answer: C Section: VLANs, Trunks Explanation
Explanation/Reference:
Explanation:
QUESTION 9
A campus infrastructure supports wireless clients via Cisco Aironet AG Series 1230, 1240, and 1250
access points. With DNS and DHCP configured, the 1230 and 1240 access points appear to boot and
operate normally. However, the 1250 access points do not seem to operate correctly.
What is the most likely cause of this problem?

A. DHCP with option 150
B. DHCP with option 43
C. PoE
D. DNS
E. switch port does not support gigabit speeds
Correct Answer: C Section: WLANs Explanation
Explanation/Reference:
Explanation:
QUESTION 10
A standalone wireless AP solution is being installed into the campus infrastructure. The access points appear to boot correctly, but wireless clients are not obtaining correct access. You verify that this is the local switch configuration connected to the access point:
interface ethernet 0/1 switchport access vlan 10 switchport mode access spanning-tree portfast mls qos trust dscp
What is the most likely cause of the problem?
A. QoS trust should not be configured on a port attached to a standalone AP.
B. QoS trust for switchport mode access should be defined as “cos”.
C. switchport mode should be defined as “trunk” with respective QoS.
D. switchport access vlan should be defined as “1”.
Correct Answer: C Section: WLANs Explanation
Explanation/Reference:
Explanation:
QUESTION 11
During the implementation of a voice solution, which two required items are configured at an access layer switch that will be connected to an IP phone to provide VoIP communication? (Choose two.)
A. allowed codecs
B. untagged VLAN
C. auxiliary VLAN
D. Cisco Unified Communications Manager IP address
E. RSTP
Correct Answer: BC Section: IP Telephony Explanation Explanation/Reference:
Explanation:
QUESTION 12
Which two statements best describe Cisco IOS IP SLA? (Choose two.)
A. only implemented between Cisco source and destination-capable devices
B. statistics provided by syslog, CLI, and SNMP
C. measures delay, jitter, packet loss, and voice quality
D. only monitors VoIP traffic flows
E. provides active monitoring
Correct Answer: CE Section: Network Monitoring Explanation
Explanation/Reference:
Explanation:
QUESTION 13
Which two items best describe a Cisco IOS IP SLA responder? (Choose two.)
A. required at the destination to implement Cisco IOS IP SLA services
B. improves measurement accuracy
C. required for VoIP jitter measurements
D. provides security on Cisco IOS IP SLA messages via LEAP or EAP-FAST authentication
E. responds to one Cisco IOS IP SLA operation per port
F. stores the resulting test statistics
Correct Answer: BC Section: Network Monitoring Explanation
Explanation/Reference:
Explanation:
QUESTION 14
Which two characteristics apply to Cisco Catalyst 6500 Series Switch supervisor redundancy using NSF? (Choose two.)
A. supported by RIPv2, OSPF, IS-IS, and EIGRP
B. uses the FIB table
C. supports IPv4 and IPv6 multicast
D. prevents route flapping
E. independent of SSO
F. NSF combined with SSO enables supervisor engine load balancing
Correct Answer: BD Section: Supervisor and Route Processor Redundancy Explanation
Explanation/Reference:
Explanation:
QUESTION 15
You are tasked with designing a security solution for your network. What information should be gathered before you design the solution?
A. IP addressing design plans, so that the network can be appropriately segmented to mitigate potential network threats
B. a list of the customer requirements
C. detailed security device specifications
D. results from pilot network testing
Correct Answer: B Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 16
Which two components should be part of a security implementation plan? (Choose two.)
A. detailed list of personnel assigned to each task within the plan
B. a Layer 2 spanning-tree design topology
C. rollback guidelines
D. placing all unused access ports in VLAN 1 to proactively manage port security
E. enabling SNMP access to Cisco Discovery Protocol data for logging and forensic analysis
Correct Answer: BC Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 17
When creating a network security solution, which two pieces of information should you have obtained previously to assist in designing the solution? (Choose two.)
A. a list of existing network applications currently in use on the network
B. network audit results to uncover any potential security holes
C. a planned Layer 2 design solution
D. a proof-of-concept plan
E. device configuration templates
Correct Answer: AB Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 18
What action should you be prepared to take when verifying a security solution?
A. having alternative addressing and VLAN schemes
B. having a rollback plan in case of unwanted or unexpected results
C. running a test script against all possible security threats to insure that the solution will mitigate all potential threats
D. isolating and testing each security domain individually to insure that the security design will meet overall requirements when placed into production as an entire system
Correct Answer: B Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 19
When you enable port security on an interface that is also configured with a voice VLAN, what is the maximum number of secure MAC addresses that should be set on the port?
A. No more than one secure MAC address should be set.
B. The default is set.
C. The IP phone should use a dedicated port, therefore only one MAC address is needed per port.
D. No value is needed if the switchport priority extend command is configured.
E. No more than two secure MAC addresses should be set.
Correct Answer: B Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 20
Refer to the exhibit.

From the configuration shown, what can be determined?
A. The sticky addresses are only those manually configured MAC addresses enabled with the sticky keyword.
B. The remaining secure MAC addresses are learned dynamically, converted to sticky secure MAC addresses, and added to the running configuration.
C. A voice VLAN is configured in this example, so port security should be set for a maximum of 2.
D. A security violation restricts the number of addresses to a maximum of 10 addresses per access VLAN and voice VLAN. The port is shut down if more than 10 devices per VLAN attempt to access the port.
Correct Answer: B Section: Access Security Explanation
Explanation/Reference:
Explanation:

Exam G QUESTION 1
Refer to the exhibit.

BPDUGuard is enabled on both ports of SwitchA. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements about the possible result of attaching the second link are true? (Choose two.)
A. The switch port attached to LinkB does not transition to up.
B. One or both of the two switch ports attached to the hub goes into the err-disabled state when a BPDU is received.
C. Both switch ports attached to the hub transitions to the blocking state.
D. A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
E. The switch port attached to LinkA immediately transitions to the blocking state.

Correct Answer: BD Section: STP Protection Explanation
Explanation/Reference:
Explanation:
QUESTION 2
What action should a network administrator take to enable VTP pruning on an entire management domain?
A. Enable VTP pruning on any client switch in the domain.
B. Enable VTP pruning on every switch in the domain.
C. Enable VTP pruning on any switch in the management domain.
D. Enable VTP pruning on a VTP server in the management domain.
Correct Answer: D Section: VTP Explanation
Explanation/Reference:
Explanation:
VTP pruning should only be enabled on VTP servers, all the clients in the VTP domain will automatically enable VTP pruning -> C is correct.
QUESTION 3
How does VTP pruning enhance network bandwidth?
A. by restricting unicast traffic across VTP domains
B. by reducing unnecessary flooding of traffic to inactive VLANs
C. by limiting the spreading of VLAN information
D. by disabling periodic VTP updates
Correct Answer: B Section: VTP Explanation
Explanation/Reference:
Answer B. Explanation VTP Pruning makes more efficient use of trunk bandwidth by forwarding broadcast and unknown unicast frames on a VLAN only if the switch on the receiving end of the trunk has ports in that VLAN. The following example shows the operation of a VTP domain without and with VTP Pruning.
Without VTP Pruning:

VTP domain without VTP Pruning
When PC A sends a broadcast frame on VLAN 10, it travels across all trunk links in the VTP domain. Switches Server, Sw2, and Sw3 all receive broadcast frames from PC A. But only Sw3 has user on VLAN 10 and it is a waste of bandwidth on Sw2. Moreover, that broadcast traffic also consumes processor time on Sw2. The link between switches Server and Sw2 does not carry any VLAN 10 traffic so it can be “pruned”.

VTP domain with VTP Pruning
QUESTION 4
In the hardware address 0000.0c07.ac0a, what does 07.ac represent?
A. vendor code
B. HSRP group number
C. HSRP router number
D. HSRP well-known physical MAC address
E. HSRP well-known virtual MAC address
Correct Answer: E Section: HSRP Explanation
Explanation/Reference:
Explanation: HSRP code (HSRP well-known virtual MAC address) The fact that the MAC address is for an HSRP virtual router is indicated in the next two bytes of the address. The HSRP code is always 07.ac. The HSRP protocol uses a virtual MAC address, which always contains the 07.ac numerical value. Reference: Building Cisco Multilayer Switched Networks (Cisco Press) page 268
QUESTION 5
Refer to the exhibit.
The network operations center has received a call stating that users in VLAN 107 are unable to access
resources through router 1. What is the cause of this problem?
The network operations center has received a call stating that users in VLAN 107 are unable to access resources through router 1. What is the cause of this problem?
A. VLAN 107 does not exist on switch A.
B. VTP is pruning VLAN 107.
C. VLAN 107 is not configured on the trunk.
D. Spanning tree is not enabled on VLAN 107.
Correct Answer: B Section: VTP
Explanation Explanation/Reference:
Answer: B

“VLAN allowed on trunk” – Each trunk allows all VLANs by default. However,
administrator can remove or add to the list by using the “switchport trunk allowed”
command.
“VLANs allowed and active in management” – To be active, a VLAN must be in this list.
“VLANs in spanning tree forwarding state and not pruned” – This list is a subset of the
“allowed and active” list but with any VTP-pruned VLANs removed.
All VLANs were configured except VLAN 101 so D is not correct. VLAN 107 exists in the
“allowed and active” section so A and C are not correct, too. In the “forwarding state and
not pruned” we don’t see VLAN 107 so the administrator had wrongly configured this
VLAN as pruned.

QUESTION 6
Which protocol will enable a group of routers to form a single virtual router and will use the real IP address of a router as the gateway address?
A. Proxy ARP
B. HSRP
C. IRDP
D. VRRP
E. GLBP
Correct Answer: D Section: VRRP Explanation
Explanation/Reference:
Explanation:
The Virtual Router Redundancy Protocol (VRRP) feature enables a group of routers to form a single virtual

router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual
router, representing a group of routers, is also known as a VRRP group.
VRRP is defined in RFC 2338.
Reference: http://www.faqs.org/rfcs/rfc2338.html

QUESTION 7
On a multilayer Cisco Catalyst switch, which interface command is used to convert a Layer 3 interface to a Layer 2 interface?
A. switchport
B. no switchport
C. switchport mode access
D. switchport access vlan vlan-id
Correct Answer: A Section: MultiLayer Switching Explanation
Explanation/Reference:
Explanation:
The switchport command puts the port in Layer 2 mode. Then, you can use other switchport command
keywords to configure trunking, access VLANs, and so on.

QUESTION 8
Refer to the exhibit.

What can be determined about the HSRP relationship from the displayed debug output?
A. The preempt feature is not enabled on the 172.16.11.111 router.
B. The nonpreempt feature is enabled on the 172.16.11.112 router.
C. Router 172.16.11.111 will be the active router because its HSRP priority is preferred over router
172.16.11.112.
D. Router 172.16.11.112 will be the active router because its HSRP priority is preferred over router
172.16.11.111.
E. The IP address 172.16.11.111 is the virtual HSRP router IP address.
F. The IP address 172.16.11.112 is the virtual HSRP router IP address.

Correct Answer: A Section: HSRP Explanation
Explanation/Reference:
Explanation: The standby preempt interface configuration command allows the router to become the active router when its priority is higher than all other HSRP-configured routers in this Hot Standby group. The configurations of both routers include this command so that each router can be the standby router for the other router. The 1 indicates that this command applies to Hot Standby group 1. If you do not use the standby preempt command in the configuration for a router, that router cannot become the active router.
QUESTION 9
Refer to the exhibit.

All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users report that they experience slower network performance when accessing the server farm than the Reception office experiences. Which two statements are true? (Choose two.)
A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance.
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.

Correct Answer: BD Section: STP Explanation
Explanation/Reference:
Explanation:
QUESTION 10
What two things occur when an RSTP edge port receives a BPDU? (Choose two.)
A. The port immediately transitions to the forwarding state.
B. The switch generates a Topology Change Notification BPDU.
C. The port immediately transitions to the err-disable state.
D. The port becomes a normal STP switch port.
Correct Answer: BD Section: RSTP, MST Explanation
Explanation/Reference:
Explanation:
QUESTION 11
What is the effect of configuring the following command on a switch?
Switch(config) # spanning-tree portfast bpdufilter default
A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for PortFast, the port transitions to the forwarding state.
D. The command enables BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.
Correct Answer: A Section: STP Protection Explanation
Explanation/Reference:
Explanation:
QUESTION 12
Refer to the exhibit.

Based on the debug output, which three statements about HSRP are true? (Choose three.)
A. The final active router is the router with IP address 172.16.11.111.
B. The router with IP address 172.16.11.111 has preempt configured.
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address
172.16.11.111.
D. The IP address 172.16.11.115 is the virtual HSRP IP address.
E. The router with IP address 172.16.11.112 has nonpreempt configured.
F. The router with IP address 172.16.11.112 is using default HSRP priority.

Correct Answer: ABD Section: HSRP Explanation
Explanation/Reference:
Explanation:
QUESTION 13
Refer to the exhibit.

Which two problems are the most likely cause of the exhibited output? (Choose two.)
A. spanning tree issues
B. HSRP misconfiguration
C. VRRP misconfiguration
D. physical layer issues
E. transport layer issues

Correct Answer: BD Section: HSRP Explanation
Explanation/Reference:
Explanation:
QUESTION 14
Refer to the exhibit.

What does the command channel-group 1 mode desirable do?
A. enables LACP unconditionally
B. enables PAgP only if a PAgP device is detected
C. enables PAgP unconditionally
D. enables EtherChannel only
E. enables LACP only if an LACP device is detected
Correct Answer: C Section: EtherChannels Explanation
Explanation/Reference:
Explanation:
QUESTION 15
Refer to the exhibit.

Which two statements are true? (Choose two.)
A. Interface gigabitethernet 0/1 has been configured as Layer 3 ports.
B. Interface gigabitethernet 0/1 does not appear in the show vlan output because switchport is enabled.
C. Interface gigabitethernet 0/1 does not appear in the show vlan output because it is configured as a trunk interface.
D. VLAN2 has been configured as the native VLAN for the 802.1q trunk on interface gigabitethernet 0/1.
E. Traffic on VLAN 1 that is sent out gigabitethernet 0/1 will have an 802.1q header applied.
F. Traffic on VLAN 2 that is sent out gigabitethernet 0/1 will have an 802.1q header applied.
Correct Answer: CF Section: VLANs, Trunks Explanation
Explanation/Reference:
Explanation:
QUESTION 16
Which two statements about HSRP, VRRP, and GLBP are true? (Choose two.)
A. GLBP allows for router load balancing of traffic from a network segment without the different host IP configurations needed to achieve the same results with HSRP.
B. GLBP allows for router load balancing of traffic from a network segment by utilizing the creation of multiple standby groups.
C. GLBP and VRRP allow for MD5 authentication, whereas HSRP does not.
D. Unlike HSRP and VRRP, GLBP allows automatic selection and simultaneous use of multiple available gateways.
E. HSRP allows for multiple upstream active links being simultaneously used, whereas GLBP does not.
Correct Answer: AD Section: GLBP Explanation
Explanation/Reference:
Explanation:
QUESTION 17
Refer to the exhibit and the partial configuration of switch SW_A and SW_B.

STP is configured on all switches in the network. SW_B receives this error message on the console port:
00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex), with SW_A FastEthernet0/4 (half duplex), with TBA05071417(Cat6K-B) 0/4 (half duplex).
What is the possible outcome of the problem?
A. The root port on switch SW_A will automatically transition to full-duplex mode.
B. The root port on switch SW_B will fall back to full-duplex mode.
C. The interfaces between switches SW_A and SW_B will transition to a blocking state.
D. Interface Fa 0/6 on switch SW_B will transition to a forwarding state and create a bridging loop.

Correct Answer: D Section: STP Explanation
Explanation/Reference:
Explanation:
QUESTION 18
Refer to the exhibit.

Which statement is true?
A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 is forwarded, and all other traffic is dropped.
C. All VLAN traffic matching VLAN list 5-10 is forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC is forwarded, and all other traffic is dropped.
Correct Answer: D Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
QUESTION 19
Which two statements about HSRP are true? (Choose two.)
A. Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.
B. Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.
C. Routers configured for HSRP must belong only to one group per HSRP interface.
D. Routers configured for HSRP can belong to multiple groups and multiple VLANs.
E. All routers configured for HSRP load balancing must be configured with the same priority.
Correct Answer: BD Section: HSRP Explanation
Explanation/Reference:
Explanation:
QUESTION 20
Which statement about 802.1x port-based authentication is true?
A. Hosts are required to have an 802.1x authentication client or utilize PPPoE.
B. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
C. RADIUS is the only supported authentication server type.
D. If a host initiates the authentication process and does not receive a response, it assumes it is not authorized.
Correct Answer: C Section: Access Security Explanation
Explanation/Reference:
Explanation: The IEEE 802.1x standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. The authentication server authenticates each workstation that is connected to a switch port before making available any services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is connected. After authentication succeeds, normal traffic can pass through the port.
Authentication server: Performs the actual authentication of the client. The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services. Because the switch acts as the proxy, the authentication service is transparent to the client. The RADIUS security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server. New Questions

Exam H QUESTION 1
Refer to the exhibit.

Switch S1 has been configured with the command spanning-tree mode rapid-pvst. Switch S3 has been configured with the command spanning-tree mode mst. Switch S2 is running the IEEE 802.1D instance of Spanning Tree. What is the result?
A. IEEE 802.1w and IEEE 802.1s are compatible. IEEE 802.1d is incompatible. Switches S1 and S3 can pass traffic between themselves. Neither can pass traffic to switch S2.
B. Switches S1, S2, and S3 can pass traffic between themselves.
C. Switches S1, S2, and S3 can pass traffic between themselves. However, if the topology is changed, switch S2 does not receive notification of the change.
D. IEEE 802.1d, IEEE 802.1w, and IEEE 802.1s are incompatible. All three switches must use the same standard or no traffic can pass between any of the switches.

Correct Answer: B Section: RSTP, MST Explanation
Explanation/Reference:
Explanation:
QUESTION 2
Refer to the exhibit.

What can be concluded about VLANs 200 and 202?
A. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic between community ports and to promiscuous ports.
B. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic from isolated ports to a promiscuous port.
C. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic between community ports and to promiscuous ports.
D. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic from isolated ports to a promiscuous port.

Correct Answer: B Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
QUESTION 3
Refer to the exhibit.

Both routers are configured for the GLBP. Which statement is true?
A. The default gateway addresses of both hosts should be set to the IP addresses of both routers.
B. The default gateway address of each host should be set to the virtual IP address.
C. The hosts learn the proper default gateway IP address from router A.
D. The hosts have different default gateway IP addresses and different MAC addresses for each router.
Correct Answer: B Section: GLBP Explanation
Explanation/Reference:
Explanation: GLBP performs a similar, but not identical, function for the user as the HSRP and VRRP. Both HSRP and VRRP protocols allow multiple routers to participate in a virtual router group configured with a virtual IP address. One member is elected to be the active router to forward packets sent to the virtual IP address for the group. The other routers in the group are redundant until the active router fails. With standard HSRP and VRRP, these standby routers pass no traffic in normal operation – which is wasteful. Therefore the concept cam about for using multiple virtual router groups, which are configured for the same set of routers. But to share the load, the hosts must be configured for different default gateways, which results in an extra administrative burden of going around and configuring every host and creating 2 or more groups of hosts that each use a different default gateway. GLBP is similar in that it provides load balancing over multiple routers (gateways) – but it can do this using only ONE virtual IP address!!! Underneath that one virtual IP address is multiple virtual MAC addresses, and this is how the load is balanced between the routers. Instead of the hassle of configuring all the hosts with a static Default Gateway, you can lket them use ARP’s to find their own. Multiple gateways in a “GLBP redundancy group” respond to client Address Resolution Protocol (ARP) requests in a shared and ordered fashion, each with their own unique virtual MAC addresses. As such, workstation traffic is divided across all possible gateways. Each host is configured with the same virtual IP address, and all routers in the virtual router group participate in forwarding packets Reference: http://www.infocellar.com/networks/Routers/HSRP-GLBP-VRRP.htm
QUESTION 4
A switch has been configured with PVLANs. With what type of PVLAN port should the default gateway be configured?
A. isolated
B. promiscuous
C. community
D. primary
E. trunk
Correct Answer: B Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
Promiscuous: The switch port connects to a router, firewall, or other common gateway device. This port
can communicate with anything else connected to the primary or any secondary VLAN. In other words, the
port is in promiscuous mode, in which the rules of private VLANs are ignored.

QUESTION 5
In the MAC address 0000.0c07.ac03, what does the “03” represent?
A. HSRP router number 3
B. Type of encapsulation
C. HSRP group number
D. VRRP group number
E. GLBP group number
Correct Answer: C Section: HSRP Explanation
Explanation/Reference:
Explanation: Each router keeps a unique MAC address for its interface. This MAC address is always associated with the unique IP address configured on the interface. For the virtual router address, HSRP defines a special MAC address of the form 0000.0c07.acxx, where xx represents the HSRP group number as a two-digit hex value. For example, HSRP Group 1 appears as 0000.0c07.ac01, HSRP Group 16 appears as 0000.0c07.ac10.
QUESTION 6
A network is deployed using recommended practices of the enterprise campus network model, including users with desktop computers connected via IP phones. Given that all components are QoS-capable, where are the two optimal locations for trust boundaries to be configured by the network administrator? (Choose two.)
A. host
B. IP phone
C. access layer switch
D. distribution layer switch
E. core layer switch
Correct Answer: BC Section: IP Telephony Explanation Explanation/Reference:
Explanation:
QUESTION 7
What is needed to verify that a newly implemented security solution is performing as expected?
A. a detailed physical and logical topology
B. a cost analysis of the implemented solution
C. detailed logs from the AAA and SNMP servers
D. results from audit testing of the implemented solution
Correct Answer: D Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 8
When configuring port security on a Cisco Catalyst switch port, what is the default action taken by the switch if a violation occurs?
A. protect (drop packets with unknown source addresses)
B. restrict (increment SecurityViolation counter)
C. shut down (access or trunk port)
D. transition (the access port to a trunking port)
Correct Answer: C Section: Access Security Explanation
Explanation/Reference:
Explanation:
QUESTION 9
hostname Switch1 interface Vlan10 ip address 172.16.10.32 255.255.255.0 no ip redirects standby 1 ip 172.16.10.110 standby 1 timers 1 5 standby 1 priority 130
hostname Switch2 interface Vlan10
ip address 172.16.10.33 255.255.255.0 .

no ip redirects standby 1 ip 172.16.10.110 standby 1 timers 1 5 standby 1 priority 120
Refer to the above. HSRP was implemented and configured on two switches while scheduled network maintenance was performed.
After the two switches have finished rebooting, you notice via show commands that Switch2 is the HSRP active router. Which two items are the most likely cause of Switch1 not becoming the active router? (Choose two.)
A. Booting has been delayed.
B. The standby group number does not match the VLAN number.
C. IP addressing is incorrect.
D. Preemption is disabled.
E. Standby timers are incorrect.
F. IP redirect is disabled.
Correct Answer: AD Section: HSRP Explanation
Explanation/Reference:
Explanation:
QUESTION 10
Private VLANs can be configured as which three port types? (Choose three.)
A. isolated
B. protected
C. private
D. associated
E. promiscuous
F. community
Correct Answer: AEF Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
QUESTION 11
Refer to the exhibit.

Which statement about the private VLAN configuration is true?
A. Only VLAN 503 will be the community PVLAN, because multiple community PVLANs are not allowed.
B. Users of VLANs 501 and 503 will be able to communicate.
C. VLAN 502 is a secondary VLAN.
D. VLAN 502 will be a standalone VLAN, because it is not associated with any other VLANs.

Correct Answer: C Section: VLANs Security Explanation
Explanation/Reference:
Explanation:
QUESTION 12
When configuring a routed port on a Cisco multilayer switch, which configuration task is needed to enable that port to function as a routed port?
A. Enable the switch to participate in routing updates from external devices with the router command in global configuration mode.
B. Enter the no switchport command to disable Layer 2 functionality at the interface level.
C. Each port participating in routing of Layer 3 packets must have an IP routing protocol assigned on a per-interface level.
D. Routing is enabled by default on a multilayer switch, so the port can become a Layer 3 routing interface by assigning the appropriate IP address and subnet information.
Correct Answer: B Section: MultiLayer Switching Explanation
Explanation/Reference:
Explanation:
QUESTION 13
You have configured a Cisco Catalyst switch to perform Layer 3 routing via an SVI and you have assigned that interface to VLAN 20. To check the status of the SVI, you issue the show interfaces vlan 20 command at the CLI prompt. You see from the output display that the interface is in an up/up state. What must be true in an SVI configuration to bring the VLAN and line protocol up?
A. The port must be physically connected to another Layer 3 device.
B. At least one port in VLAN 20 must be active.
C. The Layer 3 routing protocol must be operational and receiving routing updates from neighboring peer devices.
D. Because this is a virtual interface, the operational status is always in an “up/up” state.
Correct Answer: B Section: MultiLayer Switching Explanation
Explanation/Reference:
Explanation:
QUESTION 14
Refer to the exhibit, which is from a Cisco Catalyst 3560 Series Switch.

Which statement about the Layer 3 routing functionality of the interface is true?
A. The interface is configured correctly for Layer 3 routing capabilities.
B. The interface needs an additional configuration entry to enable IP routing protocols.
C. Since the interface is connected to a host device, the spanning-tree portfast command must be added to the interface.
D. An SVI interface is needed to enable IP routing for network 192.20.135.0.

Correct Answer: A Section: MultiLayer Switching Explanation
Explanation/Reference:
Explanation:

Both PDF and software format demos for Cisco 642-813 exam dumps are offered by Flydumps for free.You can try Cisco 642-813 free demo before you decide to buy the full version practice test.Cisco 642-813 exam dumps details are researched and produced by our Professional Certification Experts who are constantly using industry experience to produce precise, and logical.Cisco 642-813 dumps will not only help you pass in one attempt,but also save your valuable time.