Share your SWITCH v2.0 Experience

Which command enables you to determine whether any interface on a device was shut down as a result of a port security violation?

A. show port-security address
B. show errdisable detect
C. show interface err-disabled status
D. show port-security

B or D?? please share your thoughts. Thanks.

Which command can you enter to most effectively rate-limit multicast traffic based on available bandwidth?
A . storm-control multicast level pps 10k
B . storm-control multicast level bps 10k
C . storm-control multicast level 20 10
D . storm-control multicast level 10

Is it B or C??

@ Moe
ans is C

@Feb23
i think B –> show errdisable detect
Could be C, but correct syntax is “show interface status err-disabled”

need help please
do i have to configure default gateway on Switch B on STP LACp configuration exam? because mention no routing should be configured on switch B

1. Which two statements about native VLANs are true? (Choose two.)

A. All outgoing traffic without a VLAN tag is tagged with the native VLAN
B. All untagged traffic that arrives on the device is placed into the native VLAN
C. The VLAN tag is stripped from all incoming traffic that matches the native VLAN
D. They are propagated through VTP
E. The default native VLAN is VLAN 11
F. All incoming traffic that matches the native VLAN is dropped at the switch

ANS: B & D but I guess its B & C?

2. Which command enables you to determine the spanning-tree guard features that are enabled globally?

A. show spanning-tree
B. show spanning-tree summary
C. show spanning-tree active
D. show spanning-tree detail

ANS: B?

3. You are configuring an interface, and you want to enable Layer 3 mode on an EtherChannel. Which task must you perform?

A. issue the no switchport command
B. Set the channel group to desirable
C. Set the channel group to active
D. Issue the ip address command

ANS: D but i think its A.

3. Which command configures all access ports on a switch to immediately enter the forwarding state when the switch is reset?

A. spanning-tree portfast bpduguard default
B. spanning-tree portfast default
C. spanning-tree portfast
D. spanning-tree portfast bpdufilter default

ANS: B or C?

4. Which feature can protect a Layer 2 port from spoofed IP address?

A. port security
B. IP source guard
C. uRPF
D. DHCP snooping

ANS: B?

@Proton

I’m pretty sure I just worked out the HSRP problem in my lab (EVE-NG) from memory. Since Eth0/1 (R1-R5) is being tracked, when that interface is shut down, then R2 becomes the active router for standby group 1, which makes sense because the primary link from R1 to R5 is lost so you want R2-R4 to be the active data path. Try it out in your lab and let me know what you think. I had to know so I labbed it up.

Im not sure what the correct answer for this is. They’re all wrong.

Which command enables you to determine whether any interface on a device was shut down as a result of a port security violation?

A. show port-security address
B. show errdisable detect
C. show interface err-disabled status
D. show port-security

A – Shows mac addresses configured or learned on secure ports. No port status / err-disable information here
B – Shows all the detection reasons and their current mode. No port status / err-disable information here either
D – shows counters and violation action for ports with port security enabled. But no port status / err-disable information here too

C – ‘show interface status err-disabled’ would be the closest correct answer. Can anyone remember seeing this on the exam?

For me, i would bet its a typo. The output of the other option give no indication of port status or error disable reason

@NeedHelp

Which two statements about native VLANs are true? (Choose two.)
B. All untagged traffic that arrives on the device is placed into the native VLAN
C. The VLAN tag is stripped from all incoming traffic that matches the native VLAN

Which command enables you to determine the spanning-tree guard features that are enabled globally?
B. show spanning-tree summary.
Example below shows guard features default (a.k.a. ‘global’ modes)

EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is enabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled

You are configuring an interface, and you want to enable Layer 3 mode on an EtherChannel. Which task must you perform?
A. issue the no switchport command
Note: ‘no switchport’ is the command to turn a L2 port into an L3 port. You do this before you bundle the member ports to make an L3 etherchannel

Which command configures all access ports on a switch to immediately enter the forwarding state when the switch is reset?
B. spanning-tree portfast default
Reason – “question states ‘all access ports on a switch’. This means portfast default (global)”

Which feature can protect a Layer 2 port from spoofed IP address?
B. IP source guard

Reason: DHCP snooping protects against rogue DHCP servers not spoofed IP’s

ABOUT THIS Q
Which VTP mode is needed to configure an extended VLAN, when a switch is configured to use VTP versions 1 or 2?
A. transparent
B. client
C. server
D. Extended VLANs are only supported in version 3 and not in versions 1 or 2.

My final conclusion is A
The reason why D is kind of right because it is true that extended VLAN is only supported in Version 3 but if the Switch is in transparent mode doesn’t matter the version because you can configure the extended VLAN manually. SO 100% A I was confused. Thank you to all the people involved.

FYI – regarding HSRP lab, Seems like you need preemption on both routers when HSRP is tracking and lowers the priority or else the Active router will not give up control. This was a good lab because I learned something new.

https://community.cisco.com/t5/routing/do-i-have-to-preempt-both-routers/td-p/826258

@NeedHelp

3. You are configuring an interface, and you want to enable Layer 3 mode on an EtherChannel. Which task must you perform?

A. issue the no switchport command
B. Set the channel group to desirable
C. Set the channel group to active
D. Issue the ip address command

ANS: D but i think its A.

I think A to

@CCNPBound

yes, preempt is the only way that can transfer from Active to Standby

Just verified that the sim in the premium does not have preempt on both routers for the same standby group and that’s where I got the configs for my lab. Only after shutting the link between R1-R5 and then seeing R1 with the lower priority but still active did I start to question what was wrong. Anyway, I’m almost positive I got that question correct on my exam.

The lab was also essential for the VTPv3 lab with all the back and forth in the comments section. It was only after I labbed it that I could be sure of the correct answers for #3 and #4. Another good lab where I learned something. FYI, there is NO Primary VTP Server that I was able to find in the lab. I also looked at the ID’s to see if there was just a bug in the SIM that was not showing one of the routers as Primary but none of the ID’s seemed to match.

@CCNPBound
Congrats! So what you are saying for the VTPv3 and HSRP sims is that the answers on the site are correct and what you used in the exam?

@switch

HSRP was different in that the interface being tracked was eth0/1, leading to R5. The question was different but the answer was the same.

VTPv3 – the answers for 3 and 4 are incorrect, if you lab it up you will see why. The confusion lies in the fact that there is no Primary Server in the Exam and that is the only device you can make changes on in VTPv3. Therefore there is only a Best answer…..the sim is flawed.

@Recent exam takers
Has anyone seen the other lab/sims on the exam?
AAAdot1x
MLS and EIGRP

@switch – I think they are “retired” from all I’ve seen but you should learn them anyway, they are super simple once you practice it a couple times. Good luck.

Passes today

LACP lab
HSRP and VTP3 sim

3 DD

Question from here

I passed the exam with 8XX, but some point during the exam i thought i would not make it, because there were many new MCQs, i was preparing for this exam for last 4 months, work experience, official cert guide, training videos, virtual labs, question dumps from various websites, helped a lot.

I got LACP and STP LAB, Both HSRP and VTPv3 simlets, HSRP-VRRP D&D, so it is better to have overall idea of all exam topics and to cover all the questions in the dumps, please do not trust only the dumps. With only one week left we cannot recreate the wheel now, but if possible go through training videos on all exam topics, so it will really help to answer new MCQs.

@HongDo, high chances are that you would have missed to no shut the physical interfaces, or would have missed any commands, LACP and STP lab works perfectly, with the commands provided in Certprepare website.

Does anyone have any of the new MCQ?

need help please
do i have to configure default gateway on Switch B on STP LACp configuration Lab exam? because mention no routing should be configured on switch B

@CCNPBound – That is correct.

In the actual Lab you only have access to R1 and R2.

R1 is configured with HSRP towards R2 and vice versa, R2 connecting to R4 have a HSRP configuration (Standby command). Unlike R1, the only HSRP configured is the interface towards R2.

Looking at the Interface of R1 connecting to R5 it does not have any “Standby” configuration so the closest answer in the multiple choice is the default priority of 100.

As for the Tracked Interface, that configuration I missed to look in the running configuration of R1 or R2. I could be wrong on that part but my point is that the Interface connecting to R5 does not have any HSRP configuration in it. It is simply an interface with an IP address.

Hi Guys,

These are the question I can remember from my exam yesterday, I hope these can help you with your studies. As previously mentioned yesterday I notice 3 questions that are not in my materials so what I did was to proof read the question multiple times and remove the choices that is not possible based in the question.

====

How many Active Virtual Gateways (AVG) that can be used in a group:
A.1 B.2 C.3 D.4
A

Which mechanism is specific for RSPAN and not for SPAN?
A. source port
B. monitor port
C. reflector port
D. redundant port
E. destination port
C

Refer to the exhibit. An engineer is configuring a trunking port-channel between switch 1 and switch 2 and receives an error message on switch 1. Which
option corrects this error?
A. enabling BPDU guard on interface Fa0/23 of switch 2.
B. enabling BPDU guard on interface Fa0/23 of switch 1.
C. disabling BPDU guard on interface Fa0/23 of switch 2.
D. disabling BPDU guard on interface Fa0/23 of switch 1.
D

Which two device types does DHCP snooping treat as untrusted in an ISP environment? (Choose two.)
A. end host devices
B. customer edge services
C. user-facing provider edge devices
D. provider edge devices
E. provider devices
AB

What is the value of the TPID/tag protocol identifier in dot1q?
A. 0x8100
B. 0x8a88
C. 0x8b45
D. 0x8200
A

Which two statements about sticky MAC address learning are true? (Choose two.)
A. A single device can learn up to three sticky MAC addresses.
B. Devices can learn sticky MAC addresses dynamically.
C. Learned addresses are saved to the startup configuration file by default.
D. Learned addresses are saved to the running configuration by default.
E. Learned addresses are automatically preserved when the device reboots.
F. It can be used only on devices that operate in a single layer.
BD

Which command do you enter on a device so that users are automatically placed in enable mode after they authenticate with TACACS+?
A. aaa authorization exec default group tacacs+ if-authenticated
B. aaa authorization exec default group tacacs+ local-case
C. aaa authorization exec default group tacacs+ enable
D. aaa authentication exec default group tacacs+ if-authenticated
A

Which two statements about the local user database are true? (Choose two.)
A. For console connections, it can be used only as a backup authentication method.
B. It can be configured to grant a user-specific privilege level.
C. It can store passwords in clear text only.
D. For VTY connections, it can be used only as a backup authentication method.
E. It can be used as the only method of authentication or as a backup for other methods.
BE

Which two configuration requirements for port security are true? (Choose two.)
A. Port must be in access mode
B. Port security must be enabled on the port level
C. Port must be in interface VLAN mode
D. Port security must be disabled on the port level
E. Port must be in encapsulation mode
AB

Which command enables root guard on a Cisco switch?
A. Switch(config)#spanning-tree guard root
B. Switch(config)#spanning-tree root guard
C. Switch(config-if)#spanning-tree guard-root
D. Switch(config-if)#spanning-tree guard root
E. Switch(config-if)#spanning-tree root guard
D

Which two commands do you enter to add VLAN 15 on a switch VLAN configuration file? (Choose two.)
A. switchport trunk native vlan 15
B. switchport access vlan 15
C. vlan 15
D. switchport trunk allowed vlan 15
E. encapsulation dot1q 15
BC

Which command do you enter to enable Dynamic ARP Inspection for VLAN 15?
A. SW1(config-vlan)# ip arp inspection vlan 15
B. SW1(config-vlan)# ip arp inspection trust
C. SW1(config-if)# ip arp-inspection trust
D. SW1(config)# ip arp inspection vlan 15
D

Which statement about VSPAN is true?
A. It can monitor ingress and egress traffic on the source VLAN
B. It sends all VLAN traffic to the destination port regardless of the VLAN’s status
C. It can monitor destination port traffic that belongs to a source VLAN
D. It can monitor token ring VLANs
A

Which two operational attributes can be checked for EtherChannel ports that are in err-disabled state? (Choose 2)
A. Port mode B. Port cost C. Duplex D. DTP E. VLAN
AE

Which feature must be enabled to eliminate the broadcasting of all unknown traffic to switches that are not participating in the specific VLAN?
A. VTP pruning
B. port-security
C. storm control
D. bpdguard
A

Refer to the exhibit.
Which option is the most likely explanation of the duplicate address message logged?
A. spanning-tree loop
B. HSRP misconfiguration
C. a PC with IP of 10.10.1.1
D. a hardware problem
B

Which option is the minimum number of bindings that the DHCP snooping database can store?
A. 1000 bindings
B. 2000 bindings
C. 5000 bindings
D. 8000 bindings
D

Which feature can prevent ARP poisoning attacks on a device?
A. Dynamic ARP Inspection
B. DHCP snooping
C. MAC snooping
D. CGMP snooping
E. Dynamic MAC Inspection
F. Static ARP Inspection
A

Note: Another question where in two routers are connected to 1 switch and the switch is connected to a Server using multiple cable. The question is something about the best load balancing method that can be configured in the switch.

Looking at the picture since the switch is connected to the server using multiple cable. I assume that the cables are connected to multiple NIC cards which is multiple mac addresses per NIC card. I choose the answer Destination MAC Address.

God Bless you all and Good luck to all test takers!

Just to add, as for the Lab the configuration are the one I practiced in GNS3 and type them every day so I can memorized it.

During the exam day, as soon as I enter sit it I immediately type in these configuration (LACP with STP) so I can have hard copy while I type it just to make sure.

I did not configure the following in the LACP LAB:

>ip default-gateway 192.168.1.1
>IP Address under interface vlan 1 is already configured (192.168.1.11/24) This interface is already up as well (unshut)
>Did not configure anything under the port-channel interface as well

======

HSRP LAB:

1. What percentage of the outgoing traffic from the 172.16.10.0/24 subnet is being forwarded through R1?

(R1: show standby)

D. R1-100%

2. If router R1 interface Etherne0/0 goes down and recovers, which of the statement regarding HSRP priority is true?

(R1: show runnning-config)

C. The interface will have its current priority incremented by 40 for HSRP group 1

3. What issue is causing Router R1 and R2 to both be displayed as the HSRP active router for group 2?

(R1 , R2: show running-config )

B. The HSRP group authentication is misconfigured

4. What is the virtual mac-address of HSRP group 1?

(R1: show standby)

B. 4000.0000.0010

======================================

VTPv3 LAB:

1. You are connecting the New_Switch to the LAN topology; the switch has been partially configured and you need to complete the rest of configuration to enable PC1 communication with PC2. Which of the configuration is correct?

(SW1: show vtp status)

Answer:

vtp domain CCNP
vtp password cisco
vtp version 3
vtp mode client
interface e0/0
switchport mode access
switchport access vlan 100

2. Refer to the configuration. For which configured VLAN are untagged frames sent over trunk between SW1 and SW2?

(SW1 , SW2: show interfaces trunk)

B. VLAN 99

3. You are adding new VLANs: VLAN500 and VLAN600 to the topology in such way that you need to configure SW1 as primary root for VLAN 500 and secondary for VLAN 600 and
SW2 as primary root for VLAN 600 and secondary for VLAN 500. Which configuration step is valid?

(SW1 , SW2: show vtp status)

Answer:

Configure VLAN 500 & VLAN 600 on both SW1 & SW2

4. You are required to configure private VLANs for a new server deployment connecting to the SW4 switch. Which of the following configuration steps will allow creating private VLANs?

Answer: Disable VTP pruning on SW4 only

======================================

LACP with STP

Switch A:

config terminal
spanning-tree vlan 11-13,21-23 root primary

vlan 21
name Marketing
exit
vlan 22
name Sales
exit
vlan 23
name Engineering
exit

interface range fa0/3 – 4
shutdown
no switchport mode access
no switchport access vlan 98
switchport mode trunk
switchport trunk allowed vlan 1,21-23
switchport trunk native vlan 99
channel-group 1 mode active
channel-protocol lacp
exit
exit
copy running-config startup-config

Switch B:

config terminal
vtp mode transparent
spanning-tree mode rapid-pvst

vlan 21
name Marketing
exit
vlan 22
name Sales
exit
vlan 23
name Engineering
exit
vlan 99
name TrunkNative
exit

interface range fa0/9 – 10
switchport mode access
switchport access vlan 21
spanning-tree portfast
no shutdown
exit

interface range fa0/13 – 14
switchport mode access
switchport access vlan 22
spanning-tree portfast
no shutdown
exit

interface range fa0/15 – 16
switchport mode access
switchport access vlan 23
spanning-tree portfast
no shutdown
exit

interface range fa0/3 – 4
shutdown
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1,21-23
switchport trunk native vlan 99
channel-group 1 mode passive
channel-protocol lacp
exit
exit

copy running-config startup-config

===

Note: As for the LACP with STP, after I’ve completely configured both Switch A and B I’ve perform post checks using these commands.

show spanning-tree summary
show vtp status
show etherchannel 1 port-channel

Good luck to all!

@Please, no routing means, layer 3 routing protocols like Eigrp or OSPF should not be configured, which we are not doing anyways in this LACP lab

@Cybernet

How many VLANs can be assigned to a user access port configured for VoIP?

A. 1
B. 2
C. 3
D. unlimited

I’m not sure A or B.
Answer is A. The port has already been configured for VoIP. You can only have 1 access port. A VoIP packet is tagged. So the answer is 1.

@Access 2

Access vlan and voice vlan

@West
Incorrect. Score 1000 with the question on the exam. I answered 1.

@BoxingSurfer

Thanks for answering and explanations. Appreciate it man