CCNA 2 SRWE - Switching, Routing, and Wireless Essentials (Version 7.00) - SRWE Final Exam Answers (2023)

See exhibition. What are the possible port roles for ports A, B, C and D in this RSTP enabled network?

• designated, alternative, root, root
• designated, root, alternative, root
• alternative, root, designated, root
• alternatively, denoted, root, root
  

  Answers Explanation & Notes:

  Since S1 is the root bridge, B is a designated port and C and D are root ports. RSTP supports a new port type, alternative port in discard state, which can be port A in this scenario.

See exhibition. What destination MAC address is used when frames are sent from the workstation to the default gateway?

• MAC address of the virtual router
• MAC addresses of both forwarding and standby routers
• MAC-Address of Standby-Routers
• MAC address of the forwarding router
  

  Answers Explanation & Notes:

  The virtual router IP address acts as the default gateway for all workstations. Therefore, the MAC address returned to the workstation by the Address Resolution Protocol is the MAC address of the virtual router.

What is a secure configuration option for remote access to a network device?

• Configure SSH.
• Configure 802.1x.
• Configure an ACL and apply it to the VTY lines.
• Configure telnet.

After a host generates an IPv6 address using the DHCPv6 or SLAAC process, how does the host verify that the address is unique and therefore usable?

• The host checks the local neighbor's cache for the learned address, and if the address is not stored in the cache, it is considered unique.
• The host sends an ICMPv6 Neighbor Solicitation message to the DHCP or SLAAC learned address, and if no Neighbor Advertisement is returned, the address is considered unique.
• The host sends an ICMPv6 Echo Request message to the DHCPv6 or SLAAC learned address, and if no response is returned, the address is considered unique.
• The host sends an ARP broadcast on the local link, and if no host sends a reply, the address is considered unique.
  

  Answers Explanation & Notes:

  Before a host can actually configure and use an IPv6 address learned via SLAAC or DHCP, the host must ensure that no other host is already using that address. To verify that the address is indeed unique, the host sends an ICMPv6 neighbor query to the address. If no Neighbor Advertisement is returned, the host considers the address unique and configures it on the interface.

See exhibition. Host A sent a packet to Host B. What source MAC and IP addresses does the packet contain when it arrives at Host B?

• Quell-MAC: 00E0.FE91.7799
  Quell-IP: 10.1.1.10
• Quell-MAC: 00E0.FE91.7799
  Quell-IP: 10.1.1.1
• Quell-MAC: 00E0.FE10.17A3
  Quell-IP: 10.1.1.10
• Quell-MAC: 00E0.FE10.17A3
  Quell-IP: 192.168.1.1
• Quell-MAC: 00E0.FE91.7799
  Quell-IP: 192.168.1.1

  Explanation:

  When a packet traverses the network, the Layer 2 addresses change on each hop as the packet is decapsulated and re-encapsulated, but the Layer 3 addresses remain the same.

After connecting four PCs to the switch ports, configuring the SSID, and setting the authentication properties for a small office network, a technician successfully tests the connectivity of all the PCs connected to the switch and the WLAN. A firewall is then configured on the device before it is connected to the Internet. What kind of network device contains all the described functions?

• standalone wireless access point
• Firewall-Appliance
• switch
• WLAN router

Which WiFi encryption method is the most secure?

• WPA2 mit AES
• WPA2 with TKIP
• WEP
• WPA

Match the description to the correct VLAN type. (Not all options are used.)

See exhibition. A network administrator has connected two switches together using EtherChannel technology. When STP runs, what will the end result be?

• The switches perform load balancing and use both EtherChannels to forward packets.
• Both port channels are shut down.
• The resulting loop creates a broadcast storm.
• STP blocks one of the redundant connections.
  

  Answers Explanation & Notes:

  Cisco switches support two protocols for negotiating a channel between two switches: LACP and PAgP. PAgP is Cisco proprietary. In the topology shown, the switches are connected to each other via redundant links. By default, STP is enabled on switch devices. STP blocks redundant connections to avoid loops.

What are three techniques to mitigate VLAN attacks? (Choose three.)

• Activate the BPDU guard.
• Set the native VLAN to an unused VLAN.
• Use private VLANs.
• Disable DTP.
• Enable source protection.
• Manually enable trunking.
  

  Answers Explanation & Notes:

  A VLAN attack can be mitigated by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and setting the native VLAN of trunk links to unused VLANs.

An administrator attempts to remove configurations from a switch. After using the erase startup-config command and reloading the switch, the administrator finds that VLANs 10 and 100 still exist on the switch. Why weren't these VLANs removed?

• These VLANs can only be deleted when the switch is in VTP Client mode.
• These VLANs can only be removed from the switch using the no vlan 10 and no vlan 100 commands.
• These VLANs are default VLANs that cannot be removed.
• Because these VLANs are stored in a file called vlan.dat that resides in flash memory, this file must be manually deleted.
  

  Answers Explanation & Notes:

  Default range VLANs (1-1005) are stored in a file called vlan.dat located in flash memory. Clearing the boot configuration and reloading a switch does not automatically remove these VLANs. The vlan.dat file must be manually deleted from the flash memory and the switch then reloaded.

See exhibition. What static route would an IT tech enter to create a backup route to the 172.16.1.0 network to be used only if the primary RIP learned route fails?

• IP-Route 172.16.1.0 255.255.255.0 s0/0/0
• IP-Route 172.16.1.0 255.255.255.0 s0/0/0 91
• IP-Route 172.16.1.0 255.255.255.0 s0/0/0 111
• IP-Route 172.16.1.0 255.255.255.0 s0/0/0 121
  

  Answers Explanation & Notes:

  A static backup route is called a floating static route. A floating static route has a management distance that is greater than the management distance of any other static or dynamic route.

See exhibition. In addition to the static routes that route traffic to the 10.10.0.0/16 and 10.20.0.0/16 networks, Router HQ is also configured with the following command:ip route 0.0.0.0 0.0.0.0 serial 0/1/1What is the purpose of this command?

• Packets from the 10.10.0.0/16 network are forwarded to the 10.20.0.0/16 network, and packets from the 10.20.0.0/16 network are forwarded to the 10.10.0.0/16 network.
• Packets received from the Internet are forwarded to one of the LANs connected to R1 or R2.
• Packets with a destination network that is not 10.10.0.0/16 or 10.20.0.0/16 or is not a directly connected network are forwarded to the Internet.
• Packets destined for networks not included in HQ's routing table are discarded.

See exhibition. A network administrator configures inter-VLAN routing on a network. Only one VLAN is currently in use, but more will be added soon. What is the missing parameter shown as a highlighted question mark in the graph?

• It identifies the number of hosts allowed on the interface.
• It identifies the type of encapsulation used.
• It identifies the subinterface.
• It identifies the native VLAN number.
• It identifies the VLAN number.
  

  Answers Explanation & Notes:

  The finished command would be encapsulation dot1q 7 . The dot1q encapsulation portion of the command enables trunking and identifies the type of trunking to use. The 7 identifies the VLAN number.

Match connection status to interface and protocol status. (Not all options are used.)

See exhibition. How is a frame sent by PCA forwarded to PCC when the MAC address table on switch SW1 is empty?

• SW1 forwards the frame directly to SW2. SW2 floods the frame to all ports connected to SW2 except the port through which the frame entered the switch.
• SW1 floods the frame on all ports of the switch except the port connected to the switch SW2 and the port through which the frame entered the switch.
• SW1 discards the frame because it does not know the destination MAC address.
• SW1 floods the frame on all ports of SW1 except the port through which the frame entered the switch.
  

  Answers Explanation & Notes:

  When a switch is powered on, the MAC address table is empty. The switch builds the MAC address table by examining the source MAC address of incoming frames. The switch forwards based on the destination MAC address found in the frame header. If a switch has no entries in the MAC address table, or if the destination MAC address is not in the switch table, the switch forwards the frame to all ports except the port that brought the frame into the switch has.

Map the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)

A network administrator configures a WLAN. Why would the administrator disable the broadcast function for the SSID?

• to reduce the risk of interference from external devices such as microwave ovens
• to reduce the risk of unauthorized APs being added to the network
• Providing privacy and integrity to wireless traffic by using encryption
• to eliminate outsiders searching for available SSIDs in the area

What are the two advantages of using static routes on a router versus dynamic routes? (Choose two.)

• They automatically change the path to the target network when the topology changes.
• They improve the efficiency of finding neighboring networks.
• You use fewer router resources.
• They improve network security.
• They take less time to converge when network topology changes.

See exhibition. Which route has been configured as a static route to a specific network using the next hop address?

• S 0.0.0.0/0[1/0] via 10.16.2.2
• S 10.17.2.0/24 is connected directly, Serial 0/0/0
• C 10.16.2.0/24 is connected directly, Serial0/0/0
• S 10.17.2.0/24 [1/0] over 10.16.2.2
  

  Explanation:

  The C in a routing table indicates an interface that is up and has an IP address assigned. The S in a routing table means that a route was installed using the ip route command. Two of the routing table entries shown are static routes to a specific destination (the 10.17.2.0 network). The entry with the S for a static route and [1/0] was configured with the next hop address. The other entry (S 10.17.2.0/24 is directly connected, Serial 0/0/0) is a static route configured through the exit interface. The entry with route 0.0.0.0 is a default static route used to send packets to any destination network not explicitly listed in the routing table.

See exhibition. What is the metric to forward a data packet with IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2?

• 90
• 128
• 2170112
• 2681856
• 2682112
• 3193856
  

  Explanation:

  The IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2 belongs to the network 2001:DB8:ACAD:E::/64. In the routing table, the route to forward the packet has Serial 0/0/1 as the output interface and 2682112 as the cost.

A static route has been configured on a router. However, the target network no longer exists. What should an administrator do to remove the static route from the routing table?

• Remove the route with the no ip route command.
• Change the administrative distance for this route.
• Nothing. The static route will disappear by itself.
• Change the routing metric for this route.

Which two statements are characteristics of routed ports on a multilayer switch? (Choose two.)​

• In a switched network, they are most often configured between switches at the core and distribution planes.
• They are used for point-to-multipoint connections.
• They are not assigned to a specific VLAN.
• They support sub-interfaces, such as interfaces on the Cisco IOS routers.
• The interface vlan <vlan number> command must be entered to create a VLAN on routed ports.

See exhibition. After attempting to enter the configuration displayed in Router RTA, an administrator receives an error message and users in VLAN 20 report that they cannot reach users in VLAN 30. What is causing the problem?

• The no shutdown command should have been issued on Fa0/0.20 and Fa0/0.30.
• There is no address on Fa0/0 that can be used as the default gateway.
• Dot1q does not support subinterfaces.
• RTA uses the same subnet for VLAN 20 and VLAN 30.

See exhibition. Which trunk connection does not forward traffic after the root bridge election process is complete?

• root1
• Stamm2
• Stamm3
• Stamm4

A network administrator prepares to deploy Rapid PVST+ on a production network. How are the Rapid PVST+ connection types determined on the switch interfaces?

• Connection types can only be determined if PortFast has been configured.
• Connection types can only be configured on access ports configured with a single VLAN.
• Link types are determined automatically.
• Link types must be configured using specific port configuration commands.
  

  Explanation:

  When Rapid PVST+ is implemented, link types are determined automatically but can be specified manually. Connection types can be either point-to-point, shared, or edge.

Which two types of spanning tree protocols can cause suboptimal traffic flows because they assume only one spanning tree instance for the entire bridged network? (Choose two.)

• STP
• Fast PVST+
• MSTP
• PVST+
• RSTP

What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port?

• The switch clears the entire MAC address table.
• The switch replaces the old entry and uses the more recent port.
• The switch updates the update timer for the entry.
• The switch forwards the frame from the specified port.

A network administrator configures port security on a switch. The security policy states that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security breach mode should be configured for each access port?

• warning
• restrict
• switch off
• protection

Which network attack does activating BPDU Guard prevent?

• Rogue switches on a network
• malicious DHCP servers on a network
• MAC address spoofing
• CAM table overflow attacks
  

  Explanation:

  There are several recommended STP resiliency mechanisms to mitigate against STP manipulation attacks:
  

  • PortFast – used to instantly transition an interface configured as an access or trunk port from a blocking state to the forwarding state. Applies to all end user ports.
  • BPDU Sentinel - immediately disables a port that receives a BPDU. Applies to all end user ports. Receiving BPDUs may be part of an unauthorized attempt to add a switch to the network.
  • Root Guard - Prevents a switch from becoming the root switch. Applies to all ports where the root switch should not be located.
  • Loop Guard - detects one-way connections to prevent alternate or root ports from becoming designated ports. Applies to all ports that are not or cannot be designated.

A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU Guard on a switch. However, the BPDU guard is not enabled on all access ports. What is the cause of the problem?

• PortFast is not configured on all access ports.
• Access ports belong to different VLANs.
• The BPDU guard must be enabled in interface configuration command mode.
• Access ports configured with Root Guard cannot be configured with BPDU Guard.

A new Layer 3 switch is connected to a router and configured for InterVLAN routing. Which three of the five steps are required for the configuration? (Choose three.) *

• Creating SVI interfaces
• Creating VLANs
• Installing a static route
• Adjust route metrics
• Implement a routing protocol
• Changing the default VLAN
• Assign ports to VLANs

A company sets up a wireless network at its distribution facility in suburban Boston. The camp is quite large and requires the use of multiple access points. Since some of the corporate devices still operate at 2.4 GHz, the network administrator decides to use the 802.11g standard. Which channel assignments at the multiple access points ensure that the radio channels do not overlap?

• Channels 1, 6 and 11
• Channels 2, 6 and 10
• Channels 1, 5 and 9
• Channels 1, 7 and 13

Which wireless authentication method depends on a RADIUS authentication server?

• WEP
• WPA2 company
• WPA-Personal
• WPA2 Personal

An administrator notices that a large number of packets are being dropped on one of the branch office routers. What to do or check?

• Create additional static routes to the same location with an AD of 1.
• Check the routing table for a missing static route.
• Create static routes to all internal networks and a default route to the Internet.
• Check the stats on the default route for oversaturation.

Match the step number to the sequence of phases that occur during the HSRP failover process. (Not all options are used.)

In what situation would a technician use the show switch interfaces command?

• to determine if remote access is enabled
• when a terminal can reach local devices but not remote devices
• to determine the MAC address of a directly connected network device on a specific interface
• when packets from a specific directly attached host are dropped
  

  Explanation:

  The show Interfaces command is useful to detect media errors, to see if packets are being sent and received, and to determine if runts, giants, CRCs, interface resets, or other errors have occurred. Remote network reachability issues are likely caused by a misconfigured default gateway or other routing issue, not a switch issue. The show mac address-table command displays the MAC address of a directly attached device.

See exhibition. If the default gateway router and DNS server IP addresses are correct, what is the configuration problem?

• The default-router and dns-server commands must be configured with subnet masks
• The DNS server and the default gateway router should be on the same subnet.
• The DNS server IP address is not included in the excluded address list
• The IP address of the default gateway router is not included in the list of excluded addresses.
  

  Explanation:

  (Video) CCNA 2 v7.0 Final Exam 100% Answers | Switching, Routing, and Wireless Essentials - SRWE Final Exam

  In this configuration, the excluded address list should contain the address assigned to the default gateway router. So the command should be ip dhcp excluded address 192.168.10.1 192.168.10.9.

See exhibition. A network administrator has added a new subnet to the network and needs hosts on that subnet to obtain IPv4 addresses from the DHCPv4 server.

What two commands allow hosts on the new subnet to get addresses from the DHCP4 server? (Choose two.)

• R2 (config-if) # auxiliary IP address 10.2.0.250
• R1(config)# Interface G0/1
• R1 (config-if) # auxiliary IP address 10.2.0.250
• R1(config)# Interface G0/0
• R1 (config-if) # auxiliary IP address 10.1.0.254
• R2(config)# Interface G0/0

See exhibition. R1 has been configured as shown. However, PC1 cannot receive an IPv4 address. What's the problem?​

• R1 is not configured as a DHCPv4 server
• A DHCP server must be installed on the same LAN as the host receiving the IP address.
• The ip helper-address command was applied to the wrong interface.
• The ip address dhcp command was not issued on interface Gi0/1.
  

  Explanation:

  The ip helper-address command must be applied to the Gi0/0 interface. This command must be present on the interface of the LAN containing the DHCPv4 client PC1 and must be directed to the correct DHCPv4 server.

What network attack attempts to create a DoS for clients by preventing them from obtaining a DHCP lease?

• CAM Table Attack
• IP address spoofing
• DHCP-Spoofing
• DHCP-Hunger
  

  Explanation:

  DHCP starvation attacks are launched by an attacker with the intention of creating a DoS on DHCP clients. To achieve this goal, the attacker uses a tool that sends many DHCPDISCOVER messages in order to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.

A cybersecurity analyst uses the macof tool to assess configurations of switches deployed in an organization's backbone network. What type of LAN attack is the analyst targeting in this assessment?

• VLAN-Double-Tagging
• MAC address table overflow
• VLAN-Hopping
• DHCP-Spoofing

What information does a switch use to populate the MAC address table?

• the source MAC address and the incoming port
• the destination MAC address and the incoming port
• the source MAC address and the outgoing port
• the source and destination MAC addresses and the outgoing port
• the source and destination MAC addresses and the incoming port
• the destination MAC address and the outgoing port
  

  Explanation:

  To maintain the MAC address table, the switch uses the source MAC address of the incoming packets and the port where the packets arrive. The destination address is used to select the outgoing port.

Which statement describes a result after connecting multiple Cisco LAN switches together?

• There is one broadcast domain and one collision domain per switch.
• The broadcast domain extends to all switches.
• There is one collision domain per switch.
• Frame collisions are increasing on the segments connecting the switches.
  

  Explanation:

  In Cisco LAN switches, micro-segmentation allows each port to represent a separate segment, and thus each switch port to represent a separate collision domain. This fact does not change when multiple switches are connected together. However, LAN switches do not filter broadcast frames. A broadcast frame is flooded to all ports. Connected switches form one large broadcast domain.

Assign the redirection characteristic to its type. (Not all options are used.)

Which method of IPv6 prefix assignment is based on the prefix contained in RA messages?

• EUI-64
• Stateful DHCPv6
• static
• SLAAC

On a Cisco 3504 WLC summary page ( Advanced > Summary ), which tab allows a network administrator to configure a specific wireless network with a WPA2 policy?

• MANAGEMENT
• WLANs
• SECURITY
• WIRELESS

A network administrator at a small advertising company uses WPA2-PSK to configure wireless security. What access data do office users need to connect their laptop to the WLAN?

• a key that matches the key on the AP
• a username and password configured on the AP
• a user passphrase
• the company username and password through the Active Directory service

Which two default wireless router settings can compromise network security? (Choose two.)

• The SSID is broadcast.
• MAC address filtering is enabled.
• WEP encryption is enabled.
• The radio channel is selected automatically.
• A well-known administrator password is set.
  

  Explanation:

  Default settings on wireless routers often include broadcasting the SSID and using a known administrator password. Both pose security risks for wireless networks. WEP encryption and MAC address filtering are not set by default. The automatic selection of the radio channel does not pose any security risks.

See exhibition. Based on the configuration and output shown, why is VLAN 99 missing?

• because there is a cabling problem at VLAN 99
• because VLAN 1 is active and there can only be one management VLAN on the switch
• because VLAN 99 has not yet been created
• because VLAN 99 is not a valid management VLAN

What three pairs of trunking modes produce a working trunk connection between two Cisco switches? (Choose three.)

• Access - trunk
• dynamic car - dynamic car
• dynamically desirable – dynamically desirable
• dynamic desired – dynamic auto
• dynamically desired – proboscis
• Access – dynamic auto

What three steps should be taken before moving a Cisco switch to a new VTP management domain? (Choose three.)

• Reset the VTP counters to allow the switch to synchronize with the other switches in the domain.
• Download the VTP database from the VTP server in the new domain.
• Select the correct VTP mode and version.
• Reboot the switch.
• Configure the VTP server in the domain to recognize the new switch's BID.
• Configure the switch with the new management domain name.
  

  Explanation:

  When adding a new switch to a VTP domain, it is important to configure the switch with a new domain name, correct VTP mode, VTP version number, and password. A switch with a higher revision number can propagate invalid VLANs and delete valid VLANs, preventing connectivity for multiple devices on the valid VLANs.

Select the three PAgP channel setup modes. (Choose three.)

• active
• passive
• desirable
• An
• Auto
• blocking

See exhibition. What static route command can be entered on R1 to route traffic to the LAN connected to R2?

• IPv6-Route 2001:db8:12:10::/64 S0/0/0 fe80::2
• IPv6-Route 2001:db8:12:10::/64 S0/0/1 fe80::2
• IPv6-Route 2001:db8:12:10::/64 S0/0/1 2001:db8:12:10::1
• IPv6-Route 2001:db8:12:10::/64 S0/0/0

See exhibition. R1 has been configured with the static route command ip route 209.165.200.224 255.255.255.224 S0/0/0 and consequently users on the 172.16.0.0/16 network cannot reach resources on the internet. How should this static route be modified to allow user traffic from the LAN to reach the internet?

• Add the next hop neighbor address 209.165.200.226.
• Change the target network and mask to 0.0.0.0 0.0.0.0.
• Change the exit interface to S0/0/1.
• Add an administrative distance of 254.
  

  Explanation:

  The static route on R1 was incorrectly configured with the wrong destination network and mask. The correct target network and mask is 0.0.0.0 0.0.0.0.

See exhibition. Currently router R1 uses an EIGRP route learned from Branch2 to reach the 10.10.0.0/16 network. What static floating route would create a backup route to the 10.10.0.0/16 network in case the link between R1 and Branch2 fails?

• IP Route 10.10.0.0 255.255.0.0 Serial 0/0/0 100
• IP-Route 10.10.0.0 255.255.0.0 209.165.200.226 100
• IP-Route 10.10.0.0 255.255.0.0 209.165.200.225 100
• IP-Route 10.10.0.0 255.255.0.0 209.165.200.225 50
  

  Explanation:

  A floating static route must have an administrative distance greater than the administrative distance of the active route in the routing table. Router R1 uses an EIGRP route with an administrative distance of 90 to reach the 10.10.0.0/16 network. To be a backup route, the floating static route must have an administrative distance greater than 90 and a next-hop address that matches the IP address of Branch1's serial port.

See exhibition. A network engineer configures IPv6 routing on the network. Which command issued on Router HQ configures a default route to the Internet to forward packets to a destination IPv6 network not listed in the routing table?​

• ipv6 route ::/0 serial 0/1/1
• IPv6 route ::1/0 serial 0/1/1
• IPv6 route ::/0 serial 0/0/0
• ip route 0.0.0.0 0.0.0.0 serial 0/1/1

What protocol or technology does a standby router use to take responsibility for packet forwarding if the active router fails?

• HSRP
• EtherChannel
• VTP
• DTP

What is the effect of entering the ip arp inspection vlan 10 configuration command on a switch?

• It enables DHCP snooping globally on a switch.
• It specifies the maximum number of L2 addresses allowed on a port.
• It enables DAI on specific switch interfaces previously configured with DHCP snooping.
• It globally enables BPDU protection on all PortFast-enabled ports.

See exhibition. A network administrator checks the configuration of switch S1. Which protocol was implemented to combine multiple physical ports into one logical connection?

• DTP
• LACP
• PAgP
• STP

Successful inter-VLAN routing has worked for some time in a network with multiple VLANs across multiple switches. When a trunk link between switches fails and the Spanning Tree Protocol establishes a backup trunk link, hosts in two VLANs are reported to be able to access some, but not all, network resources that were previously accessible. Hosts in all other VLANS do not have this problem. What is the most likely cause of this problem?

• The allowed VLANs on the backup link have not been properly configured.
• The protected edge port feature on the backup trunk interfaces has been disabled.
• The dynamic trunking protocol on the link failed.
• Inter-VLAN routing also failed when the trunk link failed.

See exhibition. An administrator tries to install an IPv6 static route on router R1 to reach the network attached to router R2. After entering the static route command, the connection to the network still fails. What mistake was made in static route configuration?

• The interface is wrong.
• The next hop address is incorrect.
• The network prefix is ​​incorrect.
• The destination network is incorrect.
  

  Answers Explanation & Notes:

  In this example, the interface in the static route is incorrect. The interface should be the exit interface on R1, so s0/0/0.

What protocol or technology does the source IP to destination IP use as a load balancing mechanism?

• EtherChannel
• VTP
• STP
• DTP

See exhibition. Router R1 has an OSPF neighbor relationship with the ISP router over the 192.168.0.32 network. The network connection 192.168.0.36 should serve as a backup if the OSPF connection fails. The floating static route command ip route 0.0.0.0 0.0.0.0 S0/0/1 100 was issued on R1 and now the traffic uses the backup connection even if the OSPF connection is up and working. What change should be made to the static route command so that traffic only uses the OSPF link when it is up?​

• Change the administrative distance to 120.
• Change the administrative distance to 1.
• Add the next hop neighbor address 192.168.0.36.
• Change the target network to 192.168.0.34.
  

  Answers Explanation & Notes:

  (Video) SRWE Final Exam (CCNA 2 version 7.00)

  The problem with the current floating static route is that the administrative distance is set too low. The administrative distance must be higher than that of OSPF, which is 110, so that the router only uses the OSPF connection when it is active.

What kind of static route is configured with greater administrative distance to provide a backup route to a route learned from a dynamic routing protocol?

• static default route
• default static route
• floating static route
• summary static route
  

  Explanation:

  There are four basic types of static routes. Floating static routes are backup routes that are inserted into the routing table when a primary route is lost. A summary static route combines multiple routes into one, reducing the routing table. Static standard routes are routes entered manually in the routing table. Static default routes create a gateway of last resort.

Which option shows a properly configured default IPv4 static route?

• IP-Route 0.0.0.0 0.0.0.0 S0/0/0
• IP-Route 0.0.0.0 255.0.0.0 S0/0/0
• IP-Route 0.0.0.0 255.255.255.0 S0/0/0
• IP-Route 0.0.0.0 255.255.255.255 S0/0/0
  

  Explanation:

  The static route ip route 0.0.0.0 0.0.0.0 S0/0/0 is considered the default static route and matches all target networks.

Which command starts the process of bonding two physical interfaces to create an EtherChannel group over LACP?

• Channel group 2 mode auto
• Channel group 1 mode desirable
• Interface port-channel 2
• Interface range GigabitEthernet 0/4 – 5
  

  Answers Explanation & Notes:

  To specify the interfaces in an EtherChannel team, use the interface range interface global configuration command for the interface range being used. The interface range GigabitEthernet 0/4 – 5 command is the correct option because it specifies two interfaces for the EtherChannel group.

What would be the main reason why an attacker would launch a MAC address overflow attack?

• to allow the attacker to run arbitrary code on the switch
• for the switch to stop forwarding traffic
• so the attacker can see frames destined for other hosts
• so that legitimate hosts cannot obtain a MAC address

What is a method to launch a VLAN hopping attack?

• Introduction of a rogue switch and activation of trunking
• Flooding the switch with MAC addresses
• Sending spoofed IP addresses from the attacking host
• Sending fake native VLAN information

See exhibition. All switches shown are Cisco 2960 switches with the same default priority and operating at the same bandwidth. Which three ports will be STP designated ports? (Choose three.)

• fa0/21
• fa0/10
• fa0/13
• fa0/9
• fa0/20
• fa0/11

What is the general term for SNMP log messages generated by network devices and sent to the SNMP server?

• Fallen
• audit
• confirmations
• warnings

A technician troubleshoots a slow Wi-Fi network and decides to take a split-the-traffic approach. Which two parameters would have to be configured for this? (Choose two.)

• Configure the 2.4 GHz band for basic Internet traffic that is not time-sensitive.
• Configure the security mode for both networks to WPA Personal TKIP/AES.
• Configure the security mode for one network to WPA Personal TKIP/AES and for the other network to WPA2 Personal AES
• Configure a common SSID for both split networks.
• Configure the 5 GHz band for streaming multimedia and time-sensitive traffic.

A corporate security policy requires that all MAC addresses be dynamically learned and added to both the MAC address table and the running configuration on each switch. What port security configuration will achieve this?

• automatically secure MAC addresses
• dynamic secure MAC addresses
• static secure MAC addresses
• sticky secure MAC addresses
  

  Answers Explanation & Notes:

  With Sticky Secure MAC addressing, MAC addresses can either be learned dynamically or configured manually and then stored in the address table and added to the running configuration file. In contrast, dynamic secure MAC addressing provides dynamically learned MAC addressing that is only stored in the address table.

What is the IPv6 prefix used for link-local addresses?

• FE80::/10
• FF01::/8
• FC00::/7
• 2001::/3

What action takes place when a frame entering a switch has a unicast destination MAC address that is not in the MAC address table?

• The switch resets the refresh timer for all MAC address table entries.
• The switch updates the update timer for the entry.
• The switch replaces the old entry and uses the more recent port.
• The switch forwards the frame through all ports except the incoming port.

A new switch is to be added to an existing network in a remote office. The network administrator does not want the technicians in the remote office to be able to add new VLANs to the switch, but the switch should receive VLAN updates from the VTP domain. What two steps must be taken to configure VTP on the new switch to meet these conditions? (Choose two.)

• Configure the existing VTP domain name on the new switch.
• Configure all ports of both switches for access mode.
• Enable VTP cleaning.
• Configure an IP address on the new switch.
• Configure the new switch as a VTP client.

See exhibition. Given that port Fa0/4 on both switches is configured to carry traffic for multiple VLANs, which three hosts will receive ARP requests from Host A? (Choose three.)

• host F
• host B
• host d
• host G
• host c
• host E
  

  Explanation:

  ARP requests are sent as broadcasts. This means that the ARP request is only sent over a specific VLAN. VLAN 1 hosts only listen to ARP requests from hosts on VLAN 1. VLAN 2 hosts only listen to ARP requests from hosts on VLAN 2.

A technician configures a router for a small business with multiple wireless networks and doesn't need the complexity of a dynamic routing protocol. What to do or check?

• Check the configuration on the floating static route and adjust the AD.
• Create a floating static route to this network.
• Ensure that there is no default route in any of the edge router routing tables.
• Create static routes to all internal networks and a default route to the Internet.

What two functions does a WLC take on when using Split Media Access Control (MAC)? (Choose two.)

• Packet Acknowledgments and Retransmissions
• Frame translation to other protocols
• Association and reassociation of roaming clients
• Beacons and Probe Responses
• Frame queuing and packet prioritization

See exhibition. A network administrator has configured routers R1 and R2 as part of HSRP Group 1. After the routers were reloaded, a user on Host1 complained about a lack of connection to the internet. The network administrator issued the show standby short command on both routers to verify HSRP operations. The administrator also observed the ARP table on Host1. What entry should you see in the ARP table on Host1 to connect to the internet?

• the IP address and MAC address of R1
• the virtual IP address of HSRP group 1 and the MAC address of R1
• the virtual IP address of HSRP group 1 and the MAC address of R2
• the virtual IP address and virtual MAC address for HSRP group 1
  

  Explanation:

  Hosts send an ARP request to the default gateway, which is the virtual IP address. ARP replies from the HSRP routers contain the virtual MAC address. The host ARP tables contain a virtual IP to virtual MAC mapping.

A network administrator configures a new Cisco switch for remote management access. What three items need to be configured on the switch for the task? (Choose three.)

• IP Address
• Standard-Gateway
• Standard-VLAN
• vty lines
• VTP-Domain
• Loopback-Adresse
  

  Explanation:

  To enable remote management access, the Cisco switch must be configured with an IP address and default gateway. Also, vty lines must be configured to allow either Telnet or SSH connections. A loopback address, default VLAN, and VTP domain configurations are not required for remote switch management.

See exhibition. What can be concluded from the configuration shown on R1?

• R1 is configured as a DHCPv4 relay agent.
• R1 sends a message to a local DHCPv4 client to contact a DHCPv4 server at 10.10.10.8.
• R1 sends out DHCPv4 requests on behalf of local DHCPv4 clients.
• R1 works as a DHCPv4 server.

What action does a DHCPv4 client take when receiving more than one DHCPOFFER from multiple DHCP servers?

• It sends a DHCPREQUEST indicating which lease offer the client will accept.
• It sends out a DHCPNAK and starts the DHCP process again.
• It accepts both DHCPOFFER messages and sends a DHCPACK.
• It discards both offers and sends a new DHCPDISCOVER.

Which protocol should be disabled to mitigate VLAN attacks?

• STP
• CDP
• DTP
• ARP

Why is DHCP snooping required when using the Dynamic ARP Inspection feature?

• It uses MAC address table to check default gateway IP address.
• It redirects ARP requests to the DHCP server for inspection.
• It relies on trusted and untrusted port settings determined by DHCP snooping.
• It uses MAC address to IP address binding database to validate an ARP packet.
  

  Explanation:

  DAI is based on DHCP snooping. DHCP snooping monitors the exchange of DHCP messages and creates a binding database of valid tuples (MAC address, IP address, VLAN interface).

  When DAI is enabled, the switch drops the ARP packet if the sender MAC address and sender IP address do not match an entry in the DHCP snooping bindings database. However, it can be overcome by static mappings. Static mappings are useful when hosts are configuring static IP addresses, DHCP snooping cannot be performed, or other switches on the network are not performing dynamic ARP inspection. A static mapping maps an IP address to a MAC address on a VLAN.

To get an overview of the spanning tree status of a switched network, a network engineer issues the show spanning-tree command at a switch. What two pieces of information does this command display? (Choose two.)

• The role of ports in all VLANs.
• Die Root-Bridge-BID.
• The number of broadcasts received on each root port.
• The IP address of the management VLAN interface.
• Der Status nativer VLAN-Ports.

A WLAN engineer deploys a WLC and five wireless APs using CAPWAP protocol with DTLS function to secure the control plane of network devices. When testing the wireless network, the WLAN engineer finds that the data traffic between the WLC and the APs is exchanged in plain text and is not encrypted. What is the most likely reason for this?

• DTLS only provides data security through authentication and does not provide encryption for data transmitted between a Wireless LAN Controller (WLC) and an Access Point (AP).
• Data encryption requires the installation of a DTLS license on each access point (AP) before being activated on the wireless LAN controller (WLC).
• Although DTLS is enabled by default to secure the CAPWAP control channel, it is disabled by default for the data channel.
• DTLS is a protocol that only provides security between the Access Point (AP) and the wireless client.
  

  Explanation:

  DTLS is a protocol that provides security between the AP and the WLC. It enables them to communicate in encrypted form and prevents eavesdropping or tampering.
  DTLS is enabled by default to secure the CAPWAP control channel but disabled by default for the data channel. All CAPWAP management and control traffic exchanged between an AP and WLC is encrypted and secured by default to ensure control plane privacy and prevent Man-In-the-Middle (MITM) attacks.

See exhibition. The network administrator configures both switches as shown. However, Host C cannot ping Host D and Host E cannot ping Host F. What actions should the admin take to enable this communication?

• Assign hosts A and B to VLAN 10 instead of VLAN 1.
• Configure one of the trunk ports in dynamically desirable mode.
• Add switchport nonegotiate command to configure SW2.
• Include a router in the topology.
• Remove the native VLAN from the trunk.

What action takes place if the source MAC address of a frame entering a switch is not in the MAC address table?

• The switch replaces the old entry and uses the more recent port.
• The switch adds a MAC address table entry for the destination MAC address and egress port.
• The switch updates the update timer for the entry.
• The switch adds the MAC address and incoming port number to the table.

A technician configures a wireless network for a small business using a SOHO wireless router. What two authentication methods are used when the router is configured with WPA2? (Choose two.) **

• AES
• TKIP
• personal
• WEP
• Pursue

A network administrator adds a new WLAN on a Cisco 3500 Series WLC. On which tab should the admin create a new VLAN interface to be used for the new WiFi?

• WLANs
• RULES
• WIRELESS
• MANAGEMENT

See exhibition. What two conclusions can be drawn from the output? (Choose two.)

• The port channel ID is 2.
• The bundle is fully functional.
• The port channel is a layer 3 channel.
• The load balancing method used is source port to destination port.
• The EtherChannel is down.

Which three statements accurately describe the duplex and speed settings on Cisco 2960 switches? (Choose three.)

• By default, the speed is set to 100 Mb/s and the duplex mode is set to autonegotiation.
• Auto-negotiation failure can cause connectivity issues.
• The duplex and speed settings of each switch port can be configured manually.
• When the speed is set to 1000 Mb/s, the switch ports operate in full duplex mode.
• By default, the autonegotiation function is disabled.
• Enabling auto-negotiation on a hub prevents mismatched port speeds when connecting the hub to the switch.

See exhibition. A Layer 3 switch routes for three VLANs and connects to a router for internet connectivity. What two configurations would be applied to the switch? (Choose two.)

• (config)# interface fastethernet0/4
  (config-if)# Trunk im Switchport-Modus
• (config)# Interface VLAN 1
  (config-if)# IP-Adresse 192.168.1.2 255.255.255.0
  (config-if)# no shutdown
• (config)# IP-Routing
• (config)# Interface gigabit ethernet 1/1
  (config-if)# kein Switchport
  (config-if)# IP-Adresse 192.168.1.2 255.255.255.252
• (config)# interface Gigabitethernet1/1
  (config-if)# Trunk im Switchport-Modus

See exhibition. Note that main power has just been restored. PC3 issues a broadcast IPv4 DHCP request. To which port does SW1 forward this request?​

• only to Fa0/1​
• only on Fa0/1, Fa0/2 and Fa0/4
• to Fa0/1, Fa0/2, Fa0/3 and Fa0/4
• only on Fa0/1, Fa0/2 and Fa0/3
• only on Fa0/1 and Fa0/2

Which statement about how a Layer 2 switch determines how frames are forwarded is correct?

• Only frames with a broadcast destination address are forwarded to all active switch ports.
• Frame forwarding decisions are based on MAC address and port mappings in the CAM table.
• Cut-through frame forwarding ensures that invalid frames are always discarded.
• Unicast frames are always forwarded regardless of the destination MAC address.
  

  Explanation:

  Cut-through frame forwarding only reads up to the first 22 bytes of a frame, eliminating the frame check sequence and therefore possibly forwarding invalid frames. In addition to broadcast frames, frames with a destination MAC address not present in the CAM are also flooded through all active ports. Unicast frames are not always forwarded. Received frames with a destination MAC address associated with the switch port on which they are received are not forwarded because the destination exists on the network segment connected to that port.

  (Video) CCNA v7.02 SRWE Packet Tracer Skills Assessment PTSA

Employees cannot connect to servers on any of the internal networks. What to do or check?

• Use the show ip interface brief command to see if an interface is down.
• Ensure that there is no default route in any of the edge router routing tables.
• Check the stats on the default route for oversaturation.
• Create static routes to all internal networks and a default route to the Internet.

What protocol or technology requires switches in server or client mode?

• VTP
• EtherChannel
• HSRP
• DTP

What does entering the shutdown configuration command do on a switch?

• It disables an unused port.
• It enables portfast on a specific switch interface.
• It disables DTP on a non-trunking interface.
• It enables BPDU protection on a specific port.

What else is required when configuring a static IPv6 route with a link-local next-hop address? **

• Network number and subnet mask on the interface of the neighboring router
• IP address of the neighboring router
• Interface number and type
• administrative distance

A junior engineer added a route to a LAN router. A traceroute to a device on the new network returned an incorrect path and unreachable status. What to do or check?

• Ensure that there is no default route in any of the edge router routing tables.
• Create a floating static route to this network.
• Check the configuration on the floating static route and adjust the AD.
• Check the exit interface configuration on the new static route.

A network technician troubleshoots a newly deployed wireless network that uses the latest 802.11 standards. When users access high-bandwidth services such as B. video streaming, wireless network performance is poor. To improve performance, the network engineer decides to configure a 5 GHz frequency band SSID and train users to use that SSID for streaming media services. Why could this solution improve wireless network performance for this type of service?

• The 5GHz band has more channels and is less crowded than the 2.4GHz band, making it better suited for streaming multimedia.
• The only users who can switch to the 5GHz band are those with the latest wireless NICs, which reduces usage.
• Requiring users to switch to the 5GHz band to stream media is impractical and results in fewer users accessing these services.
• The 5GHz band has a longer range and is therefore likely to be free of interference.
  

  Answers Explanation & Notes:

  The radio range is determined by the antenna and the output power of the access point, not by the frequency band used. This scenario states that all users have wireless NICs that comply with the latest standard, and thus all have access to the 5 GHz band. Although some users find it inconvenient to switch to the 5GHz band to access streaming services, the larger number of channels, rather than just fewer users, improves network performance.

On which switch ports should BPDU Guard be enabled to improve STP stability?

• only ports selected as designated ports
• only ports connected to a neighboring switch
• all PortFast-enabled ports
• all trunk ports that are not root ports

How does a router handle static routing differently when Cisco Express Forwarding is disabled?

• Point-to-point serial interfaces require fully specified static routes to avoid routing inconsistencies.
• No recursive searches are performed.
• Static routes using an exit interface become unnecessary.
• Ethernet multiaccess interfaces require fully specified static routes to avoid routing inconsistencies.

Which protocol or technology allows data to be transmitted over redundant switch connections?

• STP
• VTP
• EtherChannel
• DTP

A PC sent an RS message to an IPv6 router connected to the same network. What two pieces of information does the router send to the client? (Choose two.)

• prefix
• domain name
• Subnet mask in dotted decimal notation
• administrative distance
• IP-Adresse des DNS-Servers
• prefix length
  

  Answers Explanation & Notes:

  The router is part of the IPv6 All Routers group and received the RS message. It generates an RA containing the local network prefix and prefix length (e.g. 2001:db8:acad:1::/64)

What two VTP modes allow creating, modifying and deleting VLANs on the local switch? (Choose two.)

• distribution
• Meister
• Server
• Client
• transparent
• slave

See exhibition. What does router R1 do with a packet with destination IPv6 address 2001:db8:cafe:5::1?

• forward the packet GigabitEthernet0/0
• Forward the packet to Serial0/0/0
• forward the packet GigabitEthernet0/1
• drop the package
  

  Answers Explanation & Notes:

  The route ::/0 is the condensed form of the default route 0000:0000:0000:0000:0000:0000:0000:0000/0. The default route is used when no more specific route is found in the routing table.

What is a disadvantage of local database method of securing device access that can be solved by using AAA with centralized servers?

• There is no possibility of accountability.
• It is very vulnerable to brute force attacks as there is no username.
• The passwords can only be saved in plain text in the running configuration.
• User accounts must be configured locally on each device, which is a non-scalable authentication solution.
  

  Answers Explanation & Notes:

  The local database method of securing device access uses usernames and passwords that are configured locally on the router. This allows administrators to track who logged into the device and when. The passwords can also be encrypted in the configuration. However, the account information must be configured on each device that account should have access to, making this solution very difficult to scale.

What three Wi-Fi standards operate in the 2.4 GHz frequency range? (Choose three.)

• 802.11ac
• 802.11a
• 802.11n
• 802.11b
• 802.11g

Which command creates a static route on R2 to reach PC B?

• R2(config)# IP-Route 172.16.2.0 255.255.255.0 172.16.2.254
• R2(config)# IP-Route 172.16.2.0 255.255.255.0 172.16.3.1
• R2(config)# IP-Route 172.16.2.1 255.255.255.0 172.16.3.1
• R2(config)# IP-Route 172.16.3.0 255.255.255.0 172.16.2.254
  

  Answers Explanation & Notes:

  The correct syntax is:
  router(config)# ip route destinationnetwork destinationmask {next-hop-ip-address | exit interface}
  If the local exit interface is used instead of the next-hop IP address, the route appears as a directly connected route instead of a static route in the routing table. Since the network to reach is 172.16.2.0 and the next hop IP address is 172.16.3.1, the command is R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.3.1

What is the effect of entering the configuration command to access switchport mode on a switch?

• It disables DTP on a non-trunking interface.
• It disables an unused port.
• It manually activates a trunk connection.
• It enables BPDU protection on a specific port.

See exhibition. Which statement shown in the output allows router R1 to respond to stateless DHCPv6 requests?

• ipv6 and other configuration flag​
• IPv6-DHCP-Server LAN1​
• Prefix delegation 2001:DB8:8::/48 00030001000E84244E70
• IPv6-Unicast-Routing
• DNS-Server 2001:DB8:8::8​
  

  Answers Explanation & Notes:

  The ipv6 nd other-config-flag interface command allows RA messages to be sent on this interface indicating that additional information is available from a stateless DHCPv6 server.

See exhibition. The network administrator configures the port security feature on the switch SWC. The administrator has issued the show port-security interface fa 0/2 command to verify the configuration. What can be concluded from the shown output? (Choose three.)

• The port is configured as a trunk link.
• This port is currently active.
• The switch port mode for this interface is access mode.
• Three security violations were detected on this interface.
• No device is currently connected to this port.
• In the event of a security breach, this port will be closed immediately.

What are two reasons a network administrator should segment a network with a Layer 2 switch? (Choose two.)

• to isolate ARP request messages from the rest of the network
• to create more broadcast domains
• increase user bandwidth
• to eliminate virtual circuits
• to create fewer collision domains
• Isolate traffic between segments
  

  Answers Explanation & Notes:

  A switch has the ability to create temporary point-to-point connections between directly attached sending and receiving network devices. The two devices have full-bandwidth, full-duplex connectivity during transmission.

What action takes place when a frame entering a switch has a unicast destination MAC address that appears in the MAC address table?

• The switch resets the refresh timer for all MAC address table entries.
• The switch forwards the frame from the specified port.
• The switch updates the update timer for the entry.
• The switch forwards the frame through all ports except the incoming port.

A network administrator uses the router-on-a-stick model to configure a switch and router for inter-VLAN routing. What configuration should be done on the switch port that connects to the router?

• Configure the port as a trunk port and assign it to VLAN1.
• Configure it as a trunk port and allow only untagged traffic.
• Configure the port as an 802.1q trunk port.
• Configure the port as an access port and member of VLAN1.
  

  Answers Explanation & Notes:

  The port on the switch that connects to the router interface should be configured as a trunk port. Once it becomes a trunk port, it does not belong to any particular VLAN and forwards traffic from different VLANs.

What does entering the switchport port-security configuration command do on a switch?

• It enables port security globally on the switch.
• It dynamically learns the L2 address and copies it into the running configuration.
• It limits the number of discovery messages per second received on the interface.
• It enables port security on an interface.

Users on a LAN cannot access a corporate web server, but can get elsewhere. What to do or check?

• Ensure that the old default route has been removed from the corporate edge routers.
• Make sure the static route to the server exists in the routing table.
• Create a floating static route to this network.
• Check the configuration on the floating static route and adjust the AD.

See exhibition. A network administrator configures router R1 for IPv6 address assignment. Based on the partial configuration, what IPv6 global unicast address allocation scheme does the administrator intend to implement?

• manual configuration
• civic
• stateless
• SLAAC

Match the step of each description to the switch boot sequence. (Not all options are used.)

What protocol or technology disables redundant paths to eliminate Layer 2 loops?

• EtherChannel
• DTP
• STP
• VTP

When is authorization performed during the AAA process?

• immediately after determining which resources a user can access
• immediately after an AAA client has sent authentication information to a central server
• immediately after AAA Accounting and Auditing receives detailed reports
• immediately after successful authentication against an AAA data source
  

  Answers Explanation & Notes:

  (Video) CCNA 2 SRWE Final PT Skills Assessment PTSA

  AAA authorization is implemented immediately after the user is authenticated against a specific AAA data source.

What two protocols are used to provide server-based AAA authentication? (Choose two.)

• TACACS+
• RADIUS
• SNMP
• 802.1x
• SSH