Cisco 642-813 Actual Questions, Provides Cisco 642-813 Certification Braindumps On Store

GOOD NEWS:Flydumps has published the new version with all the new added questions and answers.By training the Cisco 642-813 VCE dumps, you can pass the exam easily and quickly.

QUESTION 11

You administer the network shown above. You issue the show interfaces trunk command on SwitchA and receive the following output:

Which of the following statements is true regarding VLAN 32?
A. VLAN 32 is not allowed on the trunk port.
B. VLAN 32 is not active on the switch.
C. Traffic from VLAN 32 is not being sent over the trunk port.
D. Traffic from VLAN 32 is not restricted to only the trunk ports that require it.

Correct Answer: C Section: VLAN Trunking Explanation
Explanation/Reference:
In the ※Vlans in spanning tree forwarding state and not pruned§ VLAN 32 is not listed so we can conclude that traffic from vlan 32 can’t be forwarded.
QUESTION 12
Which statement is true regarding the configuration of ISL trunks?
A. A Catalyst switch cannot have ISL and IEEE 802.1q trunks enabled.
B. All Catalyst switches support ISL trunking.
C. A Catalyst switch will report giants if one side is configured for ISL while the other side is not.
D. ISL trunking requires that native VLANs match.
Correct Answer: C Section: VLAN Trunking Explanation
Explanation/Reference:
First you should know ※giant§ frames are frames that exceed the maximum IEEE 802.3 frame size (usually greater then 1518 bytes). As you know, ISL does not modify the original Ethernet frame it received but it

But a normal Ethernet frame itself can have a maximum size of 1518 bytes. Therefore an Ethernet frame can be up to 1518 + 30 = 1548 bytes, which creates a ※giant§.
That is why both ends must be configured as ISL trunks because only ISL-aware devices are able to read it.
QUESTION 13
While logged into a Company switch you issue the following command:
CompanySwitch(config-mst)#instance 10 vlan 11-12
What does this command accomplish?
A. It enables a PVST+ instance of 10 for vlan 11 and vlan 12
B. It enables vlan 11 and vlan 12 to be part of the MST region 10
C. It maps vlan 11 and vlan 12 to the MST instance of 10.
D. It creates an Internal Spanning Tree (1ST) instance of 10 for vlan 11 and vlan 12
E. It create a Common Spanning Tree (CST) instance of 10 for vlan 11 and vlan 12
F. It starts two instances of MST, one instance for vlan 11 and another instance for vlan 12.

Correct Answer: C Section: STP Explanation
Explanation/Reference:
MST maps multiple VLANs that have the same traffic flow requirements into the same spanning-tree instance. The main enhancement introduced by MST raises the problem, however, of determining what VLAN is to be associated with what instance. More precisely, based on received BPDUs, devices need to identify these instances and the VLANs that are mapped to the instance.

Note: To be part of a common MST region, a group of switches must share the same configuration attributes. In particular, the configuration name (or region name 每 32 bits), revision number (16 bits), and VLAN mapping (associate VLANs with spanning-tree instances) need to be the same for all the switches within the same region.
QUESTION 14
By default, all VLANs will belong to which MST instance when using Multiple STP?
A. MST00
B. MST01
C. the last MST instance configured
D. none
Correct Answer: A Section: STP Explanation
Explanation/Reference:
By default, all VLANs are assigned to MST instance 0. Instance 0 is known as the Internal Spanning-Tree (IST), which is reserved for interacting with other Spanning-Tree Protocols (STPs) and other MST regions.
QUESTION 15
What will occur when a nonedge switch port that is configured for Rapid Spanning Tree does not receive a BPDU from its neighbor for three consecutive hello time intervals?
A. RSTP information is automatically aged out.
B. The port sends a TCN to the root bridge.
C. The port moves to listening state,
D. The port becomes a normal spanning tree port.
Correct Answer: A Section: STP Explanation
Explanation/Reference:
In STP 802.1D, a non-root bridge only generates BPDUs when it receives one on the root port. But in RSTP 802.1w, a bridge sends a BPDU with its current information every hello-time seconds (2 by default), even if it does not receive any from the root bridge. Also, on a given port, if hellos are not received three consecutive times, protocol information can be immediately aged out (or if max_age expires). Because of the previously mentioned protocol modification, BPDUs are now used as a keep-alive mechanism between bridges. A bridge considers that it loses connectivity to its direct neighbor root or designated bridge if it misses three BPDUs in a row. This fast aging of the information allows quick failure detection. If a bridge fails to receive BPDUs from a neighbor, it is certain that the connection to that neighbor is lost. This is opposed to 802.1D where the problem might have been anywhere on the path to the root.
(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/ technologies_white_paper09186a0080094cfa.shtml)
QUESTION 16
A port in a redundant topology is currently in the blocking state and is not receiving BPDUs. To ensure that this port does not erroneously transition to the forwarding state, which command should be configured to satisfy the requirement?
A. Switch(config)#spanning-tree loopguard default
B. Switch(config-if)#spanning-tree bpdufilter
C. Switch(config)#udld aggressive
D. Switch(config-if)#spanning-tree bpduguard
Correct Answer: A Section: STP Explanation
Explanation/Reference:
Loop guard prevents alternate or root ports from becoming the designated port due to a failure that could lead to a unidirectional link. An example is shown below: Without loop guard, the blocking port on S3 will transition to listening (upon max age timer expiration) -> learning -> forwarding state which create a loop.n

With loop guard enabled, the blocking port on S3 will transition into the STP loop-inconsistent state upon expiration of the max age timer. Because a port in the STP loop-inconsistent state will not pass user traffic, no loop is created. The loop-inconsistent state is effectively equal to the blocking state.
To enable loop guard globally use the command spanning-tree loopguard default.
QUESTION 17
You are the administrator of a switch and currently all host-connected ports are configured with the portfast command. You have received a new directive from your manager that states that, in the future, any host-connected port that receives a BPDU should automatically disable PortFast and begin transmitting BPDUs. Which of the following commands will support this new requirement?
A. Switch(config)# spanning-tree portfast bpduguard default
B. Switch(config-if)# spanning-tree bpduguard enable
C. Switch(config-if)# spanning-tree bpdufilter enable
D. Switch(config)# spanning-tree portfast bpdufilter default
Correct Answer: D Section: STP Explanation
Explanation/Reference:
The bpdufilter option feature is used to globally enable BPDU filtering on all Port Fast-enabled interfaces and this prevent the switch interfaces connected to end stations from sending or receiving BPDUs.
Note: The spanning-tree portfast bpdufilter default global configuration command can be overridden by the spanning-tree bdpufilter enable command in interface mode.
QUESTION 18
Which two statements correctly describe characteristics of the PortFast feature? (Choose two)
A. STP will be disabled on the port
B. PortFast can also be configured on trunk ports.
C. PortFast is required to enable port-based BPDU guard.
D. PortFast is used for both STP and RSTP host ports.
E. PortFast is used for STP-only host ports.
Correct Answer: BD Section: STP Explanation
Explanation/Reference:
You can use PortFast on switch or trunk ports connected to a single workstation, switch, or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state -> B is correct.
Also, PortFast can be used for both STP and RSTP -> D is correct.
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configuration/guide/ stp_enha.html)
Answer C is not correct because BPDU guard can be enabled without PortFast. But what will happen if the PortFast and BPDU guard features are configured on the same port?
Well, at the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured.
(Reference and good resource: http://www.cisco.com/en/US/tech/tk389/tk621/ technologies_tech_note09186a008009482f.shtml)
QUESTION 19
Which of the following commands can be issued without interfering with the operation of loop guard?
A. Switch(config-if)#spanning-tree guard root
B. Switch(config-if)#spanning-tree portfast
C. Switch(config-if)#switchport mode trunk
D. Switch(config-if)#switchport mode access
Correct Answer: C Section: STP Explanation
Explanation/Reference:
PortFast & Root guard should be placed on ports configured as access ports while loop guard should be placed on trunk ports -> we can use the ※switchport mode trunk§ without interfering with the operation of loop guard.
QUESTION 20
Which statement correctly describes enabling BPDU guard on an access port that is also enabled for PortFast?
A. Upon startup, the port transmits 10 BPDUs. If the port receives a BPDU, PortFast and BPDU guard are disabled on that port and it assumes normal STP operation.
B. The access port ignores any received BPDU.
C. If the port receives a BPDU, it is placed into the error-disable state.
D. BPDU guard is only configured globally and the BPDU filter is required for port-level configuration.
Correct Answer: C Section: STP Explanation
Explanation/Reference:
If any BPDU is received on a port where BPDU guard is enabled, that port is put into the err-disable state immediately. The port is shut down in an error condition and must be either manually re-enabled or automatically recovered through the errdisable timeout function.
Note: A port that has PortFast enabled also has BPDU guard automatically enabled. By combining PortFast & BPDU guard we have a port that can quickly enter the Forwarding state from Blocking state and automatically shut down when receiving BPDUs.
QUESTION 21
Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning-tree topology of a network?
A. BPDU guard can guarantee proper selection of the root bridge.
B. BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.
C. BPDU guard can be utilized to prevent the switch from transmitteing BPDUs and incorrectly altering the root bridge election.
D. BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network.
Correct Answer: B Section: STP Explanation
Explanation/Reference:
QUESTION 22
Which three statements about STP timers are true? (Choose three)
A. STP timers values (hello, forward delay, max age) are included in each BPDU.
B. A switch is not concerned about its local configuration of the STP timers values. It will only consider the value of the STP timers contained in the BPDU it is receiving.
C. To successfully exchange BPDUs between two switches, their STP timers value (hello, forward delay, max age) must be the same.
D. If any STP timer value (hello, forward delay, max age) needs to be changed, it should at least be changed on the root bridge and backup root bridge.
E. On a switched network with a small network diameter, the STP hello timer can be tuned to a lower value to decrease the load on the switch CPU.
F. The root bridge passes the timer information in BPDUs to all routers in the Layer 3 configuration.
Correct Answer: ABD Section: STP Explanation
Explanation/Reference:
Each BPDU includes the hello, forward delay, and max age STP timers. An IEEE bridge is not concerned about the local configuration of the timers value. The IEEE bridge considers the value of the timers in the BPDU that the bridge receives. Effectively, only a timer that is configured on the root bridge of the STP is important. If you lose the root, the new root starts to impose its local timer value on the entire network. So, even if you do not need to configure the same timer value in the entire network, you must at least configure any timer changes on the root bridge and on the backup root bridge.
(Reference: http://www.cisco.com/en/US/tech/tk389/tk621/
technologies_tech_note09186a0080094954.shtml)
QUESTION 23
Refer to the exhibit. VTP has been enabled on the trunk links between all switches within the Certprepare
domain. An administrator has recently enabled VTP pruning.
Port 1 on Switch 1 and port 2 on Switch 4 are assigned to VLAN 2. A broadcast is sent from the host
connected to Switch 1. Where will the broadcast propagate?
A. Every switch in the network receives the broadcast and will forward it out all ports.
B. Every switch in the network receives the broadcast, but only Switch 4 will forward it out port 2.
C. Switches 1, 2, and 4 will receive the broadcast, but only Switch 4 will forward it out port 2.
D. Only Switch 4 will receive the broadcast and will forward it out port 2.
Correct Answer: C Section: VTP Explanation
Explanation/Reference:
With VTP pruning enabled network-wide, switch 2 and switch 4 automatically use VTP to learn that none of the switches in the lower-left part of the figure have any ports assigned to VLAN 10. As a result, switch 2 and switch 4 prune VLAN 2 from the trunks connected to these switches. The pruning causes switch 2 and switch 4 to not send frames in VLAN 2 out these trunks -> Switches 3, 5 and 6 will not receive the broadcast while Switch 4 will receive it and forward out to port 2 -> C is correct.
QUESTION 24
Switch R1 is part of the Company VTP domain. What*s true of VTP Pruning within this domain?
A. It does not prune traffic from VLANs that are pruning-ineligible
B. VLAN 1 is always pruning-eligible
C. It will prune traffic from VLANs that are pruning-ineligible
D. VLAN 2 is always pruning-ineligible
Correct Answer: A Section: VTP Explanation
Explanation/Reference:
VLAN 1 and VLANs 1002 to 1005 are always pruning-ineligible; traffic from these VLANs cannot be pruned. Extended-range VLANs (VLAN IDs greater than 1005) are also pruning-ineligible -> A is correct.
QUESTION 25
Switch R1 has been configured with DTP using the desirable option. Which statement describes Dynamic Trunking Protocol (DTP) desirable mode?
A. The interface actively attempts to convert the link to a trunk link
B. The interface is put into permanent trunking mode but prevented from generating DTP frames.
C. The interface is put into permanent trunking mode and negotiates to convert the link into a trunk link.
D. The interface is put into a passive mode, waiting to convert the link to a trunk link.
Correct Answer: A Section: VTP Explanation
Explanation/Reference:
Note: If an interface is set to switchport mode dynamic desirable, it will actively attempt to convert the link into trunking mode. If the peer port is configured as switchport mode trunk, dynamic desirable, or dynamic auto mode, trunking is negotiated successfully.
QUESTION 26
Refer to the exhibit. What happens when the switch SW2 is connected to the rest of the network in the VTP domain Lab_Network?

A. The recently introduced switch SW2 adds one more VLAN to the VLAN database in the VTP domain.
B. The recently introduced switch SW2 creates a STP loop in the VTP domain.
C. The recently introduced switch SW2 removes all configured VLANs throughout the VTP domain.
D. The recently introduced switch SW2 switches over to VTP transparent mode in order to be included into the VTP domain.
E. A trunk should be configured between the two switches in order to integrate SW2 into the VTP domain.
Correct Answer: C Section: VTP Explanation
Explanation/Reference:
The Configuration Revision number of SW2 is higher than that of SW1 (147 > 47) and SW2 is operating in Client mode so it can send update to other switches. The result is SW1 and other switches in that VTP domain will remove their current VLAN information and copy VLAN information from SW2.
QUESTION 27
When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to gather information?
A. The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk.
B. The attacking station tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.
C. The attacking station will generate frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.
D. The attacking station uses VTP to collect VLAN information that is sent out and then tags itself with the domain information in order to capture the data.
Correct Answer: C Section: VLAN Hopping Explanation
Explanation/Reference:
QUESTION 28
An attacker is launching a DoS attack with a public domain hacking tool that is used to exhaust the IP address space available from the DHCP servers for a period of time. Which procedure would best defend against this type of attack?
A. Configure only trusted interfaces with root guard.
B. Implement private VLANs (PVLANs) to carry only user traffic.
C. Implement private VLANs (PVLANs) to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients.
F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
Correct Answer: F Section: DHCP Snooping Explanation
Explanation/Reference:
To defend DHCP spoofing attack, we only need to configure DHCP snooping on trusted interfaces because other ports are classified as untrusted ports by default.
QUESTION 29
Which three statements are true about DAI? (Choose three)
A. DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.
B. DAI forwards all ARP packets received on a trusted interface without any checks.
C. DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.
D. DAI forwards all ARP packets received on a trusted interface after verifying and inspecting the packet against the DAI table.
E. DAI intercepts all ARP packets on untrusted ports
F. DAI is used to prevent against a DHCP Snooping attack.
Correct Answer: ABE Section: Dynamic ARP Inspection DAI Explanation
Explanation/Reference:
QUESTION 30
You need to configure port security on switch R1. Which two statements are true about this technology? (Choose two)
A. Port security can be configured for ports supporting VoIP.
B. With port security configured, four MAC addresses are allowed by default.
C. The network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.
D. With port security configured, only one MAC addresses is allowed by default.
E. Port security cannot be configured for ports supporting VoIP.
Correct Answer: AD Section: Port Security Explanation
Explanation/Reference:
Port security can be set on ports supporting VoIP. This example shows how to designate a maximum of one MAC address for a voice VLAN (for a Cisco IP Phone) and one MAC address for the data VLAN (for a PC) on Fast Ethernet interface 5/1 and to verify the configuration: Switch(config)# interface fa5/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# switchport port-security maximum 1 vlan voice Switch(config-if)# switchport port-security maximum 1 vlan access
-> A is correct.
By default, only one MAC addresses is allowed but we can use the ※switchport port-security maximum number§ command to set the maximum number of MAC allowed -> D is correct.
(Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/ port_sec.html)
QUESTION 31
Refer to the exhibit. Which of these is true based upon the output shown in the command?

A. If the number of devices attempting to access the port exceeds 11, the port will shut down for 20 minutes, as configured.
B. The port has security enabled and has shut down due to a security violation
C. The port is operational and has reached its configured maximum allowed number of MAC addresses.
D. The port will allow access for 11 MAC addresses in addition to the 3 configured MAC addresses.

Correct Answer: C Section: Port Security Explanation
Explanation/Reference:
Notice that the ※Violation mode: Shutdown§ line only describes what the switch will do if a violation occurs; it is not the current status of that port. The last line ※Security Violation count: 0∪ tells us no violation has occurred -> the port is operational. Also ※the Maximum MAC§ and ※Total MAC Addresses§ are both 11 -> the maximum MAC addresses have ben reached.
From the ※Configured MAC Addresses: 3∪ we also learn that there are 3 MAC addresses are manually learned and 8 MAC addresses are dynamically learned.
QUESTION 32
Refer to the exhibit. Based on the running configuration that is shown for interface FastEthemet0/2, what two conclusions can be deduced? (Choose two)

A. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthemet0/2 into error disabled state.
B. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds of inactivity.
C. The sticky secure MAC addresses are treated as static secure MAC addresses after the running configuration is saved to the startup configuration and the switch is restarted.
D. Interface FastEthemet0/2 is a voice VLAN port.
E. The host with address 0000.0000.000b is removed from the secure address list after 300 seconds.
Correct Answer: CE Section: Port Security Explanation
Explanation/Reference:
In this case the ※switchport port-security aging time 5∪ sets aging time to 5 minutes and the ※switchport port-security aging static§ tells the switch to age out for statically configured MAC addresses -> the MAC 0000.0000.000b will be aged out after 5 minutes (300 seconds).
Note: Cisco switch does not support port security aging of sticky secure MAC addresses -> the sticky secure MAC addresses are not aged out.
QUESTION 33
Refer to the exhibit. What can be concluded about VLANs 200 and 202?

A. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic between community ports and to promiscuous ports.
B. VLAN 202 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 200 carries traffic from isolated ports to a promiscuous port.
C. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic between community ports and to promiscuous ports.
D. VLAN 200 carries traffic from promiscuous ports to isolated, community, and other promiscuous ports in the same VLAN. VLAN 202 carries traffic from isolated ports to a promiscuous port.
Correct Answer: B Section: Private VLAN Explanation
Explanation/Reference:
In fact the exhibit above is wrong, that output should be from the command ※show vlan private-vlan§. The

With this output we can see VLAN 202 is configured as the primary VLAN while VLAN 200 is configured as secondary (isolated) VLAN -> B is correct.
QUESTION 34
Refer to the exhibit. LACP has been configured on Switch1 as shown. Which is the correct command set to configure LACP on Switch2?

A. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode auto
B. Switch2# configure terminal Switch2(config)# interface range gigabitethemet3/1 -2 Switch2(config-if)# channel-group 5 mode passive
C. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode desirable
D. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode on
Correct Answer: B Section: EtherChannel Explanation
Explanation/Reference:
LACP trunking supports four modes of operation, as follows:
*
On: The link aggregation is forced to be formed without any LACP negotiation. In other words, the switch will neither send the LACP packet nor process any incoming LACP packet. This is similar to the on state for PAgP.

*
Off: The link aggregation will not be formed. We do not send or understand the LACP packet. This is similar to the off state for PAgP.

*
Passive: The switch does not initiate the channel, but does understand incoming LACP packets. The peer (in active state) initiates negotiation (by sending out an LACP packet) which we receive and reply to, eventually forming the aggregation channel with the peer. This is similar to the auto mode in PAgP.

*
Active: We are willing to form an aggregate link, and initiate the negotiation. The link aggregate will be formed if the other end is running in LACP active or passive mode. This is similar to the desirable mode of PAgP.
LACP does not have ※auto§ & ※desirable§ modes so A & C are not correct.

Therefore if Switch1 is set ※active§ mode, we cannot set ※on§ mode on Switch2 -> D is not correct.
Only answer B is suitable in this case.
(Reference: http://www.cisco.com/en/US/tech/tk389/tk213/

technologies_configuration_example09186a0080094470.shtml)
QUESTION 35
Which statement is true regarding the Port Aggregation Protocol?
A. Configuration changes made on the port-channel interface apply to all physical ports assigned to the portchannel interface.
B. Configuration changes made on a physical port that is a member of a port-channel interface apply to the port-channel interface.
C. Configuration changes are not permitted with Port Aggregation Protocol; instead, the standardized Link Aggregation Control Protocol should be used if configuration changes are required.
D. The physical port must first be disassociated from the port-channel interface before any configuration changes can be made.
Correct Answer: A Section: EtherChannel Explanation
Explanation/Reference:
The port-channel interface represents for the whole bundle and all the configurations on this interface are applied to all physical ports that are assigned to this logical interface.
Note: We must manually create port-channel logical interface when configuring Layer 3 EtherChannels. The port-channel logical interface is automatically created when configuring Layer 2 EtherChannels (you can*t put Layer 2 ports into a manually created port channel interface).
An example of configuring Layer 3 EtherChannels with port-channel interfaces:

QUESTION 36
Based on the following exhibit, which problem is preventing users on VLAN 100 from pinging addresses on VLAN 200?

A. Native VLAN mismatch.
B. Subinterfaces should be created on Fa0/7 and Fa0/8 on DLS1.
C. Trunking needs to be enabled.
D. The ip routing command is missing on DLS1.
Correct Answer: D Section: InterVLAN Routing Explanation
Explanation/Reference:
To allow communication between two VLANs, we need to enables Layer 3 routing on the switch with the ※ip routing§ command. Some flatforms are enabled by default but some are not.
QUESTION 37
You work as a network technician, study the exhibit carefully. What is the effect on the trust boundary of configuring the command mls qos trust cos on the switch port that is connected to the IP phone?

A. Effectively the trust boundary has been moved to the IP phone.
B. The host is now establishing the CoS value and has effectively become the trust boundary.
C. The switch SW is rewriting packets it receives from the IP phone and determining the CoS value.
D. The switch SW will no longer tag incoming voice packets and will trust the distribution layer switch to set the CoS.
Correct Answer: A Section: Voice Support Explanation
Explanation/Reference:
The ※mls qos trust cos§ command is used to configure the port trust state (by default, the port is not trusted). By using this command, you can configure the switch port to which the telephone is connected to trust the CoS labels of all traffic received on that port.
(Note: All current Cisco IP Phones include an internal three-port Layer 2 switch therefore you can think an IP Phone as a switch and network administrators generally accept a Cisco IP Phone as a trusted device.)
QUESTION 38
Which two statements about the HSRP priority are true? (Choose two)
A. To assign the HSRP router priority in a standby group, the standby group-number priority priority-value global configuration command must be used.
B. The default priority of a router is zero (0).
C. The no standby priority command assigns a priority of 100 to the router.
D. Assuming that preempting has also been configured, the router with the lowest priority in an HSRP group would become the active router.
E. When two routers in an HSRP standby group are configured with identical priorities, the router with the highest configured IP address will become the active router.
Correct Answer: CE Section: HSRP Explanation
Explanation/Reference:
The ※no standby priority§ command will reset the priority to the default value (100) -> C is correct.
QUESTION 39
HSRP has been configured between two Company devices. Which of the following describe reasons for deploying HSRP? (Choose three)
A. HSRP provides redundancy and fault tolerance
B. HSRP allows one router to automatically assume the function of the second router if the second router fails
C. HSRP allows one router to automatically assume the function of the second router if the second router starts
D. HSRP provides redundancy and load balancing
Correct Answer: ABD Section: HSRP Explanation
Explanation/Reference:
Answer A and B are correct because they are the functions of HSRP. I just want to mention about answer
D. In fact answer D is not totally correct, in SWITCH only GLBP has the load-balancing feature. HSRP can only load-sharing by configuring some different HSRP groups. But answer D is the only choice left in this question so we have to choose it.
QUESTION 40
Regarding high availability, with the MAC address 0000.0c07.ac03, what does the ※03∪ represent?
A. The GLBP group number
B. The type of encapsulation
C. The HSRP router number
D. The VRRP group number
E. The HSRP group number
F. The active router number
Correct Answer: E Section: HSRP Explanation
Explanation/Reference:
The last two-digit hex value in the MAC address presents the HSRP group number.
QUESTION 41
Three Cisco Catalyst switches have been configured with a first-hop redundancy protocol. While reviewing some show commands, debug output, and the syslog, you discover the following information:

What conclusion can you infer from this information?
A. VRRP is initializing and operating correctly.
B. HSRP is initializing and operating correctly.
C. GLBP is initializing and operating correctly.
D. VRRP is not properly exchanging three hello messages.
E. HSRP is not properly exchanging three hello messages.
F. GLBP is not properly exchanging three hello messages.
Correct Answer: E Section: HSRP Explanation
Explanation/Reference:
These error messages describe a situation in which a standby HSRP router did not receive three successive HSRP hello packets from its HSRP peer (by default, hello messages are sent every 3 seconds while the holdtime is 10 seconds). The output shows that the standby router moves from the standby state to the active state. Shortly thereafter, the router returns to the standby state. Unless this error message occurs during the initial installation, an HSRP issue probably does not cause the error message. The error messages signify the loss of HSRP hellos between the peers. When you troubleshoot this issue, you must verify the communication between the HSRP peers. A random, momentary loss of data communication between the peers is the most common problem that results in these messages. HSRP state changes are often due to High CPU Utilization. If the error message is due to high CPU utilization, put a sniffer on the network and the trace the system that causes the high CPU utilization.
(Reference and good resource: http://www.cisco.com/en/US/tech/tk648/tk362/ technologies_tech_note09186a0080094afd.shtml)
QUESTION 42
You administer a network that uses two routers, R1 and R2, configured as an HSRP group to provide

Which of the following describes the effect the ※standby preempt delay minimum 50§ command will have on router R1?
A. The HSRP priority for router R1 will increase to 200.
B. Router R1 will become the standby router if the priority drops below 50.
C. The HSRP priority for router R1 will decrease to 50 points when FaO/2 goes down.
D. Router R1 will wait 50 seconds before attempting to preempt the active router.
Correct Answer: D Section: HSRP Explanation
Explanation/Reference:
If R1, for some reason, loses its active state, the ※standby preempt delay minimum 50∪ command will cause R1 to wait 50 seconds before it tries to get the active state again -> D is correct.
QUESTION 43
Refer to the exhibit. HSRP has been configured and Link A is the primary route to router R4. When Link A fails, router R2 (Link B) becomes the active router. Which router will assume the active role when Link A becomes operational again?

A. The primary router R1 will reassume the active role when it comes back online.
B. The standby router R2 will remain active and will forward the active role to router R1 only in the event of its own failure.
C. The standby router R2 will remain active and will forward the active role to router R1 only in the event of Link B failure.
D. The third member of the HSRP group, router R3, will take over the active role only in event of router R2 failure.
Correct Answer: A Section: HSRP Explanation
Explanation/Reference:
When R1 fails, the ※standby 1 preempt§ command on R2 will cause R2 to take over the active state of R1. But when R1 comes up again, the ※standby 1 preempt§ command on R1 will help R1 take over the active state again. Without the ※preempt§ command configured on R2, R2 only takes over the active state only if it receives information indicating that there is no router currently in active state (by default it does not receive 3 hello messages from the active router). Without the ※preempt§ command on R2, it will not become active router even if its priority is higher than all other routers.
QUESTION 44
Which first-hop redundancy solution listed would supply clients with MAC address 0000.0C07.AC0A for group 10 in response to an ARP request for a default gateway?
A. IRDP
B. Proxy ARP
C. GLBP
D. HSRP
E. VRRP
F. IP Redirects

Correct Answer: D Section: HSRP Explanation
Explanation/Reference:
The last two-digit hex value in the MAC address presents the HSRP group number. In this case 0A in hexa equals 10 in decimal so this router belongs to group 10 and it is running HSRP.
QUESTION 45
Which one of the statements below correctly describes the Virtual Router Redundancy Protocol (VRRP), which is being used in the Company network to provide redundancy?
A. A VRRP group has one active and one or more standby virtual routers.
B. A VRRP group has one master and one or more backup virtual routers.
C. A VRRP group has one master and one redundant virtual router.
Correct Answer: B Section: VRRP Explanation
Explanation/Reference:
Unilike HSRP (which has one active router, one standby router and many listening routers), a VRRP group has one master router and one or more backup routers. All backup routers are in backup state.
QUESTION 46
Refer to the exhibit. The Gateway Load Balancing Protocol has been configured on routers R1 and R2, and hosts A and B have been configured as shown. Which statement can be derived from the exhibit?

A. The host A default gateway has been configured as 10.88.1.10/24.
B. The GLBP weighted load balancing mode has been configured.
C. The GLBP round-robin, load-balancing mode has been configured.
D. The GLBP host-dependent, load-balancing mode has been configured.
E. The host A default gateway has been configured as 10.88.1.1/24.
F. The host A default gateway has been configured as 10.88.1.4/24.
Correct Answer: A Section: GLBP Explanation
Explanation/Reference:
QUESTION 47
Refer to the exhibit. What is the result of setting GLBP weighting at 105 with lower threshold 90 and upper threshold 100 on this router?

A. Only if both tracked objects are up will this router will be available as an AVF for group 1.
B. Only if the state of both tracked objects goes down will this router release its status as an AVF for group 1.
C. If both tracked objects go down and then one comes up, but the other remains down, this router will be available as an AVF for group 1.
D. This configuration is incorrect and will not have any effect on GLBP operation.
E. If the state of one tracked object goes down then this router will release its status as an AVF for group
1.
Correct Answer: B Section: GLBP Explanation
Explanation/Reference:
Each tracked object goes down will decrease the weighting of this router by 10, that makes the weighting = 105 每 10 = 95. This value is still higher than the lower threshold (90) so this router is not lost its status as an AVF. Only if both tracked objects go down, the weighting will fall below the lower threshold (105 每 10 每 10 = 85 < 90) and this router will release its status as an AVF for group 1 -> B is correct.
QUESTION 48
HSRP is a Cisco-proprietary protocol developed to allow several routers (or multilayer switches) to appear as a single gateway address. Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two)
A. Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.
B. Routers configured for HSRP can belong to multiple groups and multiple VLANs.
C. All routers configured for HSRP load balancing must be configured with the same priority.
D. Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.
Correct Answer: BD Section: Gateway Redundancy Explanation
Explanation/Reference:
QUESTION 49
If you are a network technician, study the exhibit carefully. Which Virtual Router Redundancy Protocol (VRRP) statement is true about the roles of the master virtual router and the backup virtual router?

A. Router RA is the master virtual router, and Router RB is the backup virtual router. When Router RA fails, Router RB will become the master virtual router. When Router RA recovers, Router RB will maintain the role of master virtual router.
B. Router RA is the master virtual router, and Router RB is the backup virtual router. When Router RA fails, Router RB will become the master virtual router. When Router RA recovers, it will regain the master virtual router role.
C. Router RB is the master virtual router, and Router RA is the backup virtual router. When Router RB fails, Router RA will become the master virtual router. When Router RB recovers, RouterRA will maintain the role of master.
D. Router RB is the master virtual router, and Router RA is the backup virtual router. When Router RB fails, Router RA will become the master virtual router. When Router RB recovers, it will regain the master virtual router role.
Correct Answer: B Section: Gateway Redundancy Explanation
Explanation/Reference:
Router RA is the master virtual router because of its higher priority (110). By default, the pre-empting function is enabled so Router RB will become the master virtual router when RA fails; and when RA recovers, it will take the master role again.
QUESTION 50
Which set of statements describes the correct order and process of a wireless client associating with a wireless access point?
A. 1. Client sends probe request.
2.
Access point sends probe response.

3.
Client initiates association.

4.
Access point accepts association.

5.
Access point adds client MAC address to association table.
B. 1. Client sends probe request.
2.
Access point sends probe response.

3.
Access point initiates association.

4.
Client accepts association.

5.
Access point adds client MAC address to association table.
C. 1. Access point sends probe request .
2.
Client sends probe response.

3.
Client initiates association.

4.
Access point accepts association.

5.
Client adds access point MAC address to association table.
D. 1. Client sends probe request.
2.
Access point sends probe response.

3.
Client initiates association.

4.
Access point accepts association.

5.
Client adds access point MAC address to association table.
Correct Answer: A Section: Wireless Explanation
Explanation/Reference:
QUESTION 51
You are a network technician, study the exhibit carefully. What should be taken into consideration when using the Cisco Aironet Desktop Utility (ADU) to configure the static WEP keys on the wireless client adapter?

A. Before the client adapter WEP key is generated, all wireless infrastructure devices (such as access points, servers, etc.) must be properly configured for LEAP authentication.
B. The client adapter WEP key should be generated by the AP and forwarded to the client adapter before the client adapter can establish communication with the wireless network.
C. In infrastructure mode the client adapter WEP key must match the WEP key used by the access point. In ad hoc mode all client WEP keys within the wireless network must match each other.
D. The client adapter WEP key should be generated by the authentication server and forwarded to the client adapter before the client adapter can establish communication with the wireless network.
Correct Answer: C Section: Wireless Explanation
Explanation/Reference:
Drag and Drop HotSpot LabSim

Cisco 642-813 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-813 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-813 review questions help you assess your knowledge and reinforce key concepts.Cisco 642-813 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.