Share your SWITCH v2.0 Experience

@ Mirco.
The sim only troubleshooting

@proton I have already checked it and mac address learning is disabled so what you put is the right choice

@innu – Thank you for checking.

So just to verify that the following DND below for RSPAN True and False:

RSPAN True
Mac address
STP
VTP
RSPAN False
2-1001
2-1024

@Innu – Thank you

we have to input copy run start at the end of all lab , right?

@landry somebode comment a gdrive link of the new questions 6,7,8 some 4 or 5 pages back at the comments section, links are still there… i think.

hi guys can any one confirm wich dump is valid!!!

where can i found it please !!

I passed the exam today, 845/1000.

Several questions of DHCP SOOPING, DAI. Please double check the etherchanel and stackwise.

simlets
HSRP
LACP with STP
VTPv3 Sim

Did anyone see any SDM questions on the test?

I failed today again.
all questions are old question that I took exam since 2018.
1 DD
3 Sim (STP,HSRP and VTP)

I will take this exam on Feb 20, 2020.

@Magic

I din’t see SDM template question on my exam.

@cybernet, did you see any of these questions in the exam

1. Which statement about VSPAN is true?
A. It can monitor ingress and egress traffic on the source VLAN
B. It sends all VLAN traffic to the destination port regardless of the VLAN’s status
C. It can monitor destination port traffic that belongs to a source VLAN
D. It can monitor token ring VLANs
Ans : A
2. Which mechanism is specific for RSPAN and not for SPAN?
A. source port
B. monitor port
C. reflector port
D. redundant port
E. destination port
Ans : C
3. Which two statements about source port monitoring in a SPAN are true? (Choose two.)
A. Traffic through a destination port can be copied and included in the SPAN session.
B. The entire EtherChannel must be monitored.
C. It can monitor only FastEthernet and GigabitEthernet port types.
D. It can monitor individual interfaces within a port channel.
E. It can monitor ingress and egress traffic.
Ans : D, E
4. A switch has been configured with the vlan dot1q tag native command. Which statement describes what the switch does with untagged frames that it receive?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunked port is put in err-disable state
D. Untagged frames are forwarded via the native VLAN
Ans : B
5. Which two operational attributes can be checked for EtherChannel ports that are in err-disabled state? (Choose 2)
A. Port mode B. Port cost C. Duplex D. DTP E. VLAN
Ans: C, E
6. Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15
Ans: A
7. Which two statements are true about port security? (Choose two)
A. It is used on EtherChannel bundle.
B. It must be used on the switch interface.
C. It can be configured for SPAN.
D. It is configured on an access port.
E. ?
Ans :
8. Which two statements about static MAC addresses are true? (Choose two)
A. They are configured without an aging time.
B. They have a default aging time of 300 seconds.
C. They supersede dynamically learned MAC address.
D. They can be configured on multiple interfaces in the same VLAN.
E. They have a default aging time of 60 seconds.
Ans: A, D
9. Which security feature inspects ARP packets based on valid IP-to-MAC address bindings?
A. BPDU guard
B. port security
C. DAI
D. IP source Guard
Ans: C
10. In which two ways can a port respond to a port-security violation? (Choose two)
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
C. The Security Violation counter is incremented and the port sends a critical syslog message to the console.
D. The port triggers an EEM script to notify support staff and continues to forward traffic normally.
E. The port immediately begins to drop all traffic.
F. The port enters the shutdown state.
Ans : A, B
11. Which three features can be optimized by using SDM templates? (Choose three)
A. port security
B. Trunk
C. VLAN
D. access
E. DHCP snooping
F. routing
Ans: C,D, F
12. What types of SDM templates you can use in switch? (Choose three)
A. Access B. Default C. Routing D. VLANs E. ? F. ?
Ans: A, B, C, D
13. Which two statements about default FHRP behavior are true? (Choose two)
A. A backup GLBP active virtual gateway can become active only if the current active virtual gateway fails
B. Preemption is enabled by default
C. Unless specifically configured, the priority of an HSRP router is 200
D. A standby HSRP router becomes active if it has a higher priority than the priority of the current active router
E. A VRRP backup virtual router becomes the master router if its priority is higher than the priority of the current master router
Ans: A, E
14. How many AVGs can be elected by GLBP member?
A. 1
B. 2
C. 4
D. 6
Ans: 4 or 1
15. Which option is the minimum number of bindings that the DHCP snooping database can store?
A. 1000 bindings
B. 2000 bindings
C. 5000 bindings
D. 8000 bindings
Ans: D
16. A switch has been configured with the VLAN dot1q tag native command. Which statement describes what the switch does with untagged frames when it
receives on a trunked interface?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunk ports is put in err-disable state.
D. Untagged frames are forward via the native vlan
Ans: B
17. Which two commands display the VLANs that are present in the VLAN database? (Choose two.)
A. show running-config
B. show vlan database
C. show vlan brief
D. show vlan
E. show vlan id
Ans: B, D
18. Which two commands do you enter to add VLAN 20 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 20
B. switchport access vlan 20
C. vlan 20
D. switchport trunk allowed vlan 20
E. encapsulation dot1q 20
Ans: B, C
19. Which two commands do you enter to add VLAN 15 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 15
B. switchport access vlan 15
C. vlan 15
D. switchport trunk allowed vlan 15
E. encapsulation dot1q 15
Ans: B, C
20. Refer to the exhibit. A single server in Company 123 is connected via EtherChannel to a single upstream switch. Which EtherChannel load balancing method on the switch makes optimal use of the redundant links as traffic flows from the routers to the server?
A. source MAC address
B. source IP address
C. source and destination MAC address
D. destination MAC address
Ans: B
21. Which command enables root guard on a Cisco switch?
A. Switch(config)#spanning-tree guard root
B. Switch(config)#spanning-tree root guard
C. Switch(config-if)#spanning-tree guard-root
D. Switch(config-if)#spanning-tree guard root
E. Switch(config-if)#spanning-tree root guard
Ans: A
22. Which two configuration requirements for port security are true? (Choose two.)
A. Port must be in access mode
B. Port security must be enabled on the port level
C. Port must be in interface VLAN mode
D. Port security must be disabled on the port level
E. Port must be in encapsulation mode
Ans: A, B
23. Which two configuration requirements for port security are true? (Choose two.)
A. The port must be part of a trunk.
B. Port security must be enable at the port level
C. Port security must be enabled at the global level.
D. The port must be SPAN port.
E. The port must be part of an EtherChannel bundle.
F. The port must be in access mode.
Ans: B, F
24. Which type of failure has occurred, if a link fails and the MEC successfully redistributes the load among the remaining operational links?
A. multiple MEC link failure
B. standby switch failure
C. active switch failure
D. single MEC link failure
25. Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?
A. aaa authorization exec default group tacacs+ if-authenticated
B. aaa authorization exec default group tacacs+ local-case
C. aaa authorization exec default group tacacs+ enable
D. aaa authentication exec default group tacacs+ if-authenticated
Ans: A
26. Which two statements about the local user database are true? (Choose two.)
A. For console connections, it can be used only as a backup authentication method.
B. It can be configured to grant a user-specific privilege level.
C. It can store passwords in clear text only.
D. For VTY connections, it can be used only as a backup authentication method.
E. It can be used as the only method of authentication or as a backup for other methods.
Ans: B, E
27. What is the value of the TPID/tag protocol identifier in dot1q?
A. 0x8100
B. 0x8a88
C. 0x8b45
D. 0x8200
Ans: B
28. Which two TLVs are included in Cisco Discovery Protocol advertisements? (Choose two.)
A. Network Policy TLV
B. VTP Management Domain TLV
C. System Name TLV
D. Inventory Management TLV
E. Native VLAN TLV
Ans:B, E
29. Which two statements about sticky MAC address learning are true? (Choose two.)
A. A single device can learn up to three sticky MAC addresses.
B. Devices can learn sticky MAC addresses dynamically.
C. Learned addresses are saved to the startup configuration file by default.
D. Learned addresses are saved to the running configuration by default.
E. Learned addresses are automatically preserved when the device reboots.
F. It can be used only on devices that operate in a single layer.
Ans: B, D
30. After you connected a host to switch port G0/1, the port is error disabled. Which command can you enter to determine the reason?
A. show interfaces g0/1 status
B. show log
C. show run interface g0/1
D. show ip interface brief
Ans: B
31. Refer to the exhibit.
Which option is the most likely explanation of the duplicate address message logged?
A. spanning-tree loop
B. HSRP misconfiguration
C. a PC with IP of 10.10.1.1
D. a hardware problem
Ans: B
32. Which feature can prevent ARP poisoning attacks on a device?
A. Dynamic ARP Inspection
B. DHCP snooping
C. MAC snooping
D. CGMP snooping
E. Dynamic MAC Inspection
F. Static ARP Inspection
Ans: A
33. Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices
Ans: A, B
34. You want to correctly configure IP Source Guard on a switch. Which two tasks must you perform? (Choose two.)
A. Enable DHCP snooping on the switch.
B. Enable DHCP packet validation on the device.
C. Configure the DHCP snooping relay.
D. Enable DHCP option 82.
E. Configure the ip verify source vlan dhcp-snooping command.
Ans: D, E
35. Refer to the exhibit. An engineer is configuring a trunking port-channel between switch 1 and switch 2 and receives an error message on switch 1. Which
option corrects this error?
A. enabling BPDU guard on interface Fa0/23 of switch 2.
B. enabling BPDU guard on interface Fa0/23 of switch 1.
C. disabling BPDU guard on interface Fa0/23 of switch 2.
D. disabling BPDU guard on interface Fa0/23 of switch 1.
Ans: D

1. 6. Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15
Ans: A
Correct Answer: D
7. Which two statements are true about port security? (Choose two)
A. It is used on EtherChannel bundle.
B. It must be used on the switch interface.
C. It can be configured for SPAN.
D. It is configured on an access port.
E. ?
Ans :
Correct Answer: B D
14. How many AVGs can be elected by GLBP member?
A. 1
B. 2
C. 4
D. 6
Ans: 4 or 1
Correct Answer: A
17. Which two commands display the VLANs that are present in the VLAN database? (Choose two.)
A. show running-config
B. show vlan database
C. show vlan brief
D. show vlan
E. show vlan id
Ans: B, D
Correct Answer: C D
21. Which command enables root guard on a Cisco switch?
A. Switch(config)#spanning-tree guard root
B. Switch(config)#spanning-tree root guard
C. Switch(config-if)#spanning-tree guard-root
D. Switch(config-if)#spanning-tree guard root
E. Switch(config-if)#spanning-tree root guard
Ans: A
Correct Answer: D
24. Which type of failure has occurred, if a link fails and the MEC successfully redistributes the load among the remaining operational links?
A. multiple MEC link failure
B. standby switch failure
C. active switch failure
D. single MEC link failure
Correct Answer: D
27. What is the value of the TPID/tag protocol identifier in dot1q?
A. 0x8100
B. 0x8a88
C. 0x8b45
D. 0x8200
Ans: B
Correct Answer: A
34. You want to correctly configure IP Source Guard on a switch. Which two tasks must you perform? (Choose two.)
A. Enable DHCP snooping on the switch.
B. Enable DHCP packet validation on the device.
C. Configure the DHCP snooping relay.
D. Enable DHCP option 82.
E. Configure the ip verify source vlan dhcp-snooping command.
Ans: D, E
Correct Answer: A E

@cybernet

or any of these questions

1)How many Active Virtual Gateways (AVG) that can be used in a group:
A.1 B.2 C.3 D.4
ANS:A
2)Which two statements about default FHRP behavior are true? (Choose two)
A. A backup GLBP active virtual gateway can become active only if the current active virtual
gateway fails
B. Preemption is enabled by default
C. Unless specifically configured, the priority of an HSRP router is 200
D. A standby HSRP router becomes active if it has a higher priority than the priority of the
current active router
E. A VRRP backup virtual router becomes the master router if its priority is higher than the
priority of the current master router
Ans:A,E
3)Which mechanism is specific for RSPAN and not for SPAN?
A. source port
B. monitor port
C. reflector port
D. redundant port
E. destination port
Answer: C
6) Refer to the exhibit. An engineer is configuring a trunking port-channel between switch 1 and switch 2 and receives an error message on switch 1. Which
option corrects this error?
A. enabling BPDU guard on interface Fa0/23 of switch 2.
B. enabling BPDU guard on interface Fa0/23 of switch 1.
C. disabling BPDU guard on interface Fa0/23 of switch 2.
D. disabling BPDU guard on interface Fa0/23 of switch 1.
Ans: D
7) Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices
Ans: A, B
8) What is the value of the TPID/tag protocol identifier in dot1q?
A. 0x8100
B. 0x8a88
C. 0x8b45
D. 0x8200
Ans:A
9) Which two TLVs are included in Cisco Discovery Protocol advertisements? (Choose two.)
A. Network Policy TLV
B. VTP Management Domain TLV
C. System Name TLV
D. Inventory Management TLV
E. Native VLAN TLV
Ans:B, E
10) Which two statements about sticky MAC address learning are true? (Choose two.)
A. A single device can learn up to three sticky MAC addresses.
B. Devices can learn sticky MAC addresses dynamically.
C. Learned addresses are saved to the startup configuration file by default.
D. Learned addresses are saved to the running configuration by default.
E. Learned addresses are automatically preserved when the device reboots.
F. It can be used only on devices that operate in a single layer.
Ans: B, D
11) After you connected a host to switch port G0/1, the port is error disabled. Which command can you enter to determine the reason?
A. show interfaces g0/1 status
B. show log
C. show run interface g0/1
D. show ip interface brief
Ans: B
12) Refer to the exhibit.
Which option is the most likely explanation of the duplicate address message logged?
A. spanning-tree loop
B. HSRP misconfiguration
C. a PC with IP of 10.10.1.1
D. a hardware problem
Ans: B
13) Which feature can prevent ARP poisoning attacks on a device?
A. Dynamic ARP Inspection
B. DHCP snooping
C. MAC snooping
D. CGMP snooping
E. Dynamic MAC Inspection
F. Static ARP Inspection
Ans: A
14) Which type of failure has occurred, if a link fails and the MEC successfully redistributes the load among the remaining operational links?
A. multiple MEC link failure
B. standby switch failure
C. active switch failure
D. single MEC link failure
ANS:D
15) Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?
A. aaa authorization exec default group tacacs+ if-authenticated
B. aaa authorization exec default group tacacs+ local-case
C. aaa authorization exec default group tacacs+ enable
D. aaa authentication exec default group tacacs+ if-authenticated
Ans: A
16) Which two statements about the local user database are true? (Choose two.)
A. For console connections, it can be used only as a backup authentication method.
B. It can be configured to grant a user-specific privilege level.
C. It can store passwords in clear text only.
D. For VTY connections, it can be used only as a backup authentication method.
E. It can be used as the only method of authentication or as a backup for other methods.
Ans: B, E
17) Which two configuration requirements for port security are true? (Choose two.)
A. Port must be in access mode
B. Port security must be enabled on the port level
C. Port must be in interface VLAN mode
D. Port security must be disabled on the port level
E. Port must be in encapsulation mode
Ans: A, B
18) Which command enables root guard on a Cisco switch?
A. Switch(config)#spanning-tree guard root
B. Switch(config)#spanning-tree root guard
C. Switch(config-if)#spanning-tree guard-root
D. Switch(config-if)#spanning-tree guard root
E. Switch(config-if)#spanning-tree root guard
Ans: D
19)Which two commands do you enter to add VLAN 15 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 15
B. switchport access vlan 15
C. vlan 15
D. switchport trunk allowed vlan 15
E. encapsulation dot1q 15
Ans: B, C
20)Refer to the exhibit.(R1+R2—SW===Server)
A single server in Company 123 is connected via EtherChannel to a single upstream switch. Which EtherChannel load balancing method on the switch makes optimal use of the redundant links as traffic flows from the routers to the server?
A. source MAC address
B. source IP address
C. source and destination MAC address
D. destination MAC address
Ans: B
21) A switch has been configured with the VLAN dot1q tag native command. Which statement describes what the switch does with untagged frames when it
receives on a trunked interface?
A. Untagged frames are forwarded via the default VLAN
B. It drops the untagged frames
C. The trunk ports is put in err-disable state.
D. Untagged frames are forward via the native vlan
Ans: B
22) Which two commands display the VLANs that are present in the VLAN database? (Choose two.)
A. show running-config
B. show vlan database
C. show vlan brief
D. show vlan
E. show vlan id
Ans:C, D
23) Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15
Ans: D
23) Which statement about VSPAN is true?
A. It can monitor ingress and egress traffic on the source VLAN
B. It sends all VLAN traffic to the destination port regardless of the VLAN’s status
C. It can monitor destination port traffic that belongs to a source VLAN
D. It can monitor token ring VLANs
Ans : A
24) Which two statements about source port monitoring in a SPAN are true? (Choose two.)
A. Traffic through a destination port can be copied and included in the SPAN session.
B. The entire EtherChannel must be monitored.
C. It can monitor only FastEthernet and GigabitEthernet port types.
D. It can monitor individual interfaces within a port channel.
E. It can monitor ingress and egress traffic.
Ans : D, E
25) Which two operational attributes can be checked for EtherChannel ports that are in err-disabled state? (Choose 2)
A. Port mode B. Port cost C. Duplex D. DTP E. VLAN
26) Which two configuration requirements for port security are true? (Choose two.)
A. The port must be part of a trunk.
B. Port security must be enable at the port level
C. Port security must be enabled at the global level.
D. The port must be SPAN port.
E. The port must be part of an EtherChannel bundle.
F. The port must be in access mode.
Ans: B, F
27) Which feature must be enabled to eliminate the broadcasting of all unknown traffic to switches that are not participating in the specific VLAN?
A. VTP pruning
B. port-security
C. storm control
D. bpdguard
28) In which two ways can a port respond to a port-security violation? (Choose two)
A. The port enters the err-disabled state.
B. The Security Violation counter is incremented and the port sends an SNMP trap.
C. The Security Violation counter is incremented and the port sends a critical syslog message to the console.
D. The port triggers an EEM script to notify support staff and continues to forward traffic normally.
E. The port immediately begins to drop all traffic.
F. The port enters the shutdown state.
Ans : A, B
29) Refer to the exhibit. An engineer is configuring a trunking port-channel between switch 1 and switch 2 and receives an error message on switch 1. Which
option corrects this error?
A. enabling BPDU guard on interface Fa0/23 of switch 2.
B. enabling BPDU guard on interface Fa0/23 of switch 1.
C. disabling BPDU guard on interface Fa0/23 of switch 2.
D. disabling BPDU guard on interface Fa0/23 of switch 1.
Ans: D
30) Refer to the exhibit.
Which option is the most likely explanation of the duplicate address message logged?
A. spanning-tree loop
B. HSRP misconfiguration
C. a PC with IP of 10.10.1.1
D. a hardware problem
Ans: B

@remotedesk

Only 2 questions.

9. Which security feature inspects ARP packets based on valid IP-to-MAC address bindings?
A. BPDU guard
B. port security
C. DAI
D. IP source Guard
Ans: C
=========================
11. Which three features can be optimized by using SDM templates? (Choose three)
A. port security
B. Trunk
C. VLAN
D. access
E. DHCP snooping
F. routing
Ans: C,D, F

Hi guys,have the new exams been released?

i’m scheduled tomorrow and I got 4 main study mats:
>iphelper
>passleader
>october certprepare file
>january 6,7,8

i’ll get back tomorrow with the topics and questions i encountered once finished.

@RADEN I learn that to download the new question part 6,7;8 you must be a prenium membership of this forum or I’m not a prenium membership of this forum pleases could you share to me the link to download it or share it on my address aurelienlandry2 @ gmail . com

@JJ material offered by Portuguese Guy some days ago are a very complete source of information.

@jj please could you share with me the link to download new question part 6,7,8 or share it on my address aurelienlandry2 @ gmail . com. thank’s

@cybernet what exam code did you took last 2018? Is it 642-813?

@sarasa did you just study Portuguese questions? Is it enough? I’ve heard there are so many new questions in the exam recently

@Scared

300-115

Hi Guys, congrats to those who passed could you please advise where to get the 6,7,8

@fafacalvs @chuck… thanks for the info.

Just passed 8XX, the labs are the same

D&D true and false RSPAN

IN HSRP SIM Q2, it asked :

Refer to the exhibit. If router R1 interface Etherne0/1 (the one facing R5) goes down and recovers, which of the statement regarding HSRP priority is true?

I answer it wrong, I think correct answer was E

Guys, is IP Source guard the real answer? I got this question once in Exam. Or the answer in BPDU guard?

A network engineer is trying to prevent users from connecting unauthorized equipment to a production network. Which option can be campus-wide to satisfy this requirement?
A. IP Source Guard
B. switch port block
C. Uplink fast
D. private VLANs
E. BPDU Guard

@remotedesk

6. Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15
Ans: D

14. How many AVGs can be elected by GLBP member?
A. 1
B. 2
C. 4
D. 6
Ans: 1

I would like to know this too

Guys, is IP Source guard the real answer? I got this question once in Exam. Or the answer in BPDU guard?

A network engineer is trying to prevent users from connecting unauthorized equipment to a production network. Which option can be campus-wide to satisfy this requirement?
A. IP Source Guard
B. switch port block
C. Uplink fast
D. private VLANs
E. BPDU Guard

@Dan21
A network engineer is trying to prevent users from connecting unauthorized equipment to a production network. Which option can be campus-wide to satisfy this requirement?
A. IP Source Guard
B. switch port block
C. Uplink fast
D. private VLANs
E. BPDU Guard

Ans: E