1.
Refer to the exhibit. The exhibit shows partial output of the show
running-config command. The enable password on this switch is "cisco." What can
be determined from the output shown?
Correct Answer
C. Any configured line mode passwords will be encrypted in this configuration.
Explanation
From the given output, it can be determined that any configured line mode passwords will be encrypted in this configuration. This is because the output shows the "service password-encryption" command, which is used to encrypt passwords in the configuration file. Therefore, any passwords configured in the line mode (such as console, telnet, or SSH) will be encrypted.
2.
Refer to the exhibit. The switch and workstation are administratively configured
for full-duplex operation. Which statement accurately reflects the operation of
this link?
Correct Answer
A. No collisions will occur on this link.
Explanation
The correct answer is "No collisions will occur on this link." This is because both the switch and workstation are configured for full-duplex operation. In full-duplex mode, both devices can transmit and receive data simultaneously on separate channels, eliminating the possibility of collisions. Therefore, there will be no collisions on this link.
3.
Refer to the exhibit. What action does SW1 take on a frame sent from PC_A to
PC_C if the MAC address table of SW1 is empty?
Correct Answer
B. SW1 floods the frame on all ports on SW1, except port Fa0/1.
Explanation
If the MAC address table of SW1 is empty, it means that SW1 does not have any information about which MAC addresses are associated with which ports. In this case, SW1 will flood the frame on all ports on SW1, except port Fa0/1. Flooding the frame means that SW1 will send the frame out of all of its ports, except the one it received the frame on. This is done in order to ensure that the frame reaches its destination, as SW1 does not have the necessary information to make a forwarding decision based on the MAC address.
4.
A network administrator uses the CLI to enter a command that requires several
parameters. The switch responds with "% Incomplete command". The administrator
cannot remember the missing parameters. What can the administrator do to get the
parameter information?
Correct Answer
B. Append a space and then ? to the last parameter
Explanation
By appending a space and then ? to the last parameter, the administrator can get the parameter information. This allows the CLI to provide a list of available options or parameters that can be used with the command.
5.
If a network administrator enters these commands in global configuration mode on
a switch, what will be the result?
Switch1(config-line)# line
console 0
Switch1(config-line)#
password cisco
Switch1(config-line)# login
Correct Answer
A. To secure the console port with the password "cisco"
Explanation
The given commands are used to configure the console port on a switch. The command "line console 0" is used to enter the line configuration mode for the console port. The command "password cisco" is used to set the password for the console port as "cisco". The command "login" is used to enable the login authentication for the console port. Therefore, the result of entering these commands will be securing the console port with the password "cisco".
6.
Refer to the exhibit. What happens when Host 1 attempts to send
data?
Correct Answer
A. Frames from Host 1 cause the interface to shut down.
Explanation
When Host 1 attempts to send data, frames from Host 1 cause the interface to shut down. This means that the interface on the receiving device will be disabled or turned off, preventing any further communication. This could be due to a configuration issue or a security measure implemented on the device.
7.
Which statement is true about the command banner login "Authorized personnel
Only" issued on a switch?
Correct Answer
B. The command will cause the message Authorized personnel Only to display before a user logs in.
Explanation
The command "banner login" is used to display a message before a user logs in. In this case, the message "Authorized personnel Only" will be displayed before a user can log in to the switch.
8.
What happens when the transport input ssh command is entered on the switch vty
lines?
Correct Answer
B. Communication between the switch and remote users is encrypted.
Explanation
When the "transport input ssh" command is entered on the switch vty lines, it enables the SSH client on the switch. This means that communication between the switch and remote users is encrypted. It provides a secure remote connection to the switch, ensuring that data transmitted between the switch and remote users cannot be intercepted or accessed by unauthorized individuals. This command does not eliminate the need for a username/password combination, as authentication is still required to establish a secure connection. It also does not require the use of proprietary client software for remote connections.
9.
Refer to the exhibit. Which hosts will receive a broadcast frame sent from Host
A?
Correct Answer
C. Hosts B, C, D, and E
Explanation
Hosts B, C, D, and E will receive a broadcast frame sent from Host A because they are all connected to the same network segment. In a broadcast, the frame is sent to all hosts on the same network segment, so all hosts connected to that segment will receive the frame.
10.
Which two statements about Layer 2 Ethernet switches are true? (Choose two.)
Correct Answer(s)
B. Layer 2 switches have multiple collision domains.
E. Layer 2 switches can send traffic based on the destination MAC address.
Explanation
Layer 2 switches have multiple collision domains because they break up a network into separate collision domains, reducing the chances of collisions occurring. Additionally, Layer 2 switches can send traffic based on the destination MAC address, allowing them to make forwarding decisions based on the MAC address in the Ethernet frame header.
11.
Which two statements are true about EXEC mode passwords? (Choose
two.)
Correct Answer(s)
B. The enable secret password command provides better security than the enable password.
C. The enable password and enable secret password protect access to privileged EXEC mode.
Explanation
The first true statement is that the enable secret password command provides better security than the enable password. This is because the enable secret password is stored in an encrypted format, while the enable password is stored in plain text. The second true statement is that both the enable password and enable secret password protect access to privileged EXEC mode. This means that either one of these passwords can be used to gain access to privileged EXEC mode.
12.
When a collision occurs in a network using CSMA/CD, how do hosts with data to
transmit respond after the backoff period has expired?
Correct Answer
A. The hosts return to a listen-before-transmit mode.
Explanation
After the backoff period has expired, hosts with data to transmit in a network using CSMA/CD will return to a listen-before-transmit mode. This means that they will first listen to the network to check if it is idle before attempting to transmit their data. This helps to avoid collisions and ensures that the network is not congested with multiple hosts transmitting at the same time.
13.
When a switch receives a frame and the source MAC address is not found in the
switching table, what action will be taken by the switch to process the incoming
frame?
Correct Answer
C. The switch will map the source MAC address to the port on which it was received.
Explanation
When a switch receives a frame and the source MAC address is not found in the switching table, it will map the source MAC address to the port on which it was received. This means that the switch will update its switching table with the source MAC address and the corresponding port. This allows the switch to know the port through which the source device is connected, enabling it to forward future frames to the correct destination.
14.
Which two statements are true regarding switch port security? (Choose two.)
Correct Answer(s)
B. Dynamically learned secure MAC addresses are lost when the switch reboots.
E. If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.
Explanation
The first statement is true because dynamically learned secure MAC addresses are stored in volatile memory and are lost when the switch reboots. The second statement is true because if fewer than the maximum number of MAC addresses are configured statically, the switch will dynamically learn and add addresses to the CAM table until the maximum number is reached.
15.
Refer to the exhibit. The network administrator has decided to allow only secure shell connections to switch1. After the commands are applied, the administrator is able to connect to switch1 using both secure shell and telnet. What is most likely the problem?
Correct Answer
D. Missing transport input ssh command
Explanation
The most likely problem is that the "transport input ssh" command is missing from the vty lines configuration. This command restricts the input to only secure shell connections, but since it is missing, the switch is still allowing telnet connections as well.
16.
Refer to the exhibit. How many collision domains are depicted in the
network?
Correct Answer
B. 2
17.
Refer to the exhibit. The switch and the hub have default configurations, and
the switch has built its CAM table. Which of the hosts will capture a copy of
the frame when workstation A sends a unicast packet to workstation
C?
Correct Answer
A. Workstation C
Explanation
When workstation A sends a unicast packet to workstation C, only workstation C will capture a copy of the frame. This is because a unicast packet is intended for a specific destination, in this case, workstation C. The switch will use its CAM table to determine the port where workstation C is connected and will forward the packet only to that port. The hub, on the other hand, will broadcast the packet to all connected devices, but only workstation C will process it as it is the intended recipient.
18.
What are two ways to make a switch less vulnerable to attacks like MAC address
flooding, CDP attacks, and Telnet attacks? (Choose two.)
Correct Answer(s)
B. Change passwords regularly.
C. Turn off unnecessary services.
Explanation
To make a switch less vulnerable to attacks like MAC address flooding, CDP attacks, and Telnet attacks, two ways are suggested. First, changing passwords regularly helps in preventing unauthorized access and makes it difficult for attackers to guess or crack the passwords. Second, turning off unnecessary services reduces the attack surface by disabling any services that are not needed, minimizing potential vulnerabilities. By implementing these measures, the switch's security can be enhanced and the risk of attacks can be mitigated.
19.
Which command line interface (CLI) mode allows users to configure switch
parameters, such as the hostname and password?
Correct Answer
C. Global configuration mode
Explanation
Global configuration mode is the correct answer because it is the CLI mode that allows users to configure switch parameters such as the hostname and password. In this mode, users can make changes to the global settings of the switch, including configuring interfaces, setting up VLANs, and defining access control lists. It provides access to all the configuration commands and enables users to make changes that will affect the entire switch.
20.
Where is the startup configuration stored?
Correct Answer
B. NVRAM
Explanation
The startup configuration is stored in NVRAM (Non-Volatile Random Access Memory). NVRAM is a type of memory that retains its data even when the power is turned off or the device is restarted. This makes it an ideal location to store the startup configuration, as it ensures that the configuration settings are preserved and can be loaded during the boot process. Other options like DRAM (Dynamic Random Access Memory) and ROM (Read-Only Memory) are not suitable for storing the startup configuration as they do not retain data when power is lost.