Share your SWITCH v2.0 Experience

@ Bez

waiting for your update to post all question answers please…. that very important

@ CLI

correct answer is D >> spanning-tree portfast bpdufilter default

@cli
My take on Q21 is it would be B because this would only cover the access ports. In order to do the trunk ports this command needs to be used, ‘spanning-tree portfast trunk’.
http://www.ciscopress.com/articles/article.asp?p=2832407&seqNum=6
The spanning-tree portfast default global configuration mode command enables PortFast on all non-trunking interfaces

@cli, @karim, @Switch

yes Q21 is B – spanning-tree portfast default

if you configure spanning-tree portfast default, portfast is disabled on any trunk ports

you can see this if you do ‘show spanning-tree interface portfast’ on a trunk port.
portfastt is disabled for the port.

can someone confirm this D&D RSPAN true and false

RSPAN True
2-1001
STP
VTP

RSPAN False
Mac address
2-1024

Which commands configures all access ports on a switch to immediately enter the forwarding state when the switch is reset?
A. spanning-tree portfast bpduguard default
B. spanning-tree portfast default <<- CORRECT
C. spanning-tree portfast
D. spanning-tree portfast bpdufilter default

portfast is disabled on operational trunk ports

you can use the show spanning-tree interface portfast command to verify the portfast status of any given port. Try it..

@ Karim

Below are the ones i have had a look at and hopefully post the rest soon. Last one im not sure on and hope our fellow exam takers can help.

1.Which feature prevents a switch port from receiving and forwarding general traffic, so that it handles only a copy of specifically designated traffic?
Ans. A
2. Which device type can act as a client in a system that uses TACACS+?
A .AD server
B end user workstation
C Router
D end user wireless device
Ans. C
3.A server with a statically assigned IP address is attached to a switch that is provisioned for DHCP snooping. For more protection against malicious attacks, the network team is considering enabling dynamic ARP inspection alongside DHCP snooping. Which solution ensures that the server maintains network reachability in the future?
A. Disable DHCP snooping information option.
B. Configure a static DHCP snooping binding entry on the switch.
C. Trust the interface that is connected to the server with the ip dhcp snooping trust command.
D. Verify the source MAC address of all untrusted interfaces with ip dhcp snooping verify mac-address command.
Ans. B
4. Which two statements about HSRP times are true? (Choose two.)
A. The default Hello timer is 30 seconds
B. The default Hello timer is 3 seconds
C. The default Hold timer is 10 seconds
D. The default Hold timer is 30 seconds
E. The default Hold timer is 15 seconds
F. The default Hello timer is 5 seconds
Ans. B,C
5. Which two statements about VRRP object tracking are true? (Choose two.)
A. VRRP supports only interface tracking.
B. A VRRP group can track only one object at a time.
C. The priority of a VRRP device can change in accordance with the up or down status of a VRRP object.
D. VRRP can track the status of interfaces and routes.
E. The VRRP interface priority must be manually configured by the administrator.
Ans. A, C
6.When a Layer 2 EtherChannel is configured, which statement about interaction with the Spanning Tree Protocol is true?
A . Spanning Tree uses only the member ports for forwarding.
B . Spanning Tree does not use port channels in loop prevention

C . Spanning Tree uses the port channel and member ports for forwarding.
D . Spanning Tree uses the port channel for forwarding.
Ans. D
7. Which to features does TACACS+ support? (Choose two.)
A. PAP and CHAP authentication
B. encrypting the entire TCP packet containing TACACS+ information
C. decentralizing network access management, reducing the potential impact of a security breach to a central device
D. UDP communication between the network access server and the security server
E. combining authorization and authentication to streamline AAA services
Ans. A, B
8. Which two statements about IP Source Guard are true? (Choose two.)
A . When it is first enabled, it blocks all IP packets except DHCP packets.
B . It is enabled automatically when DHCP snooping is enabled
C . It works together with DHCP snooping to verify source IP packets
D . When it is configured on a Layer 2 port channel, it is applied only to the port channel interface.
E . It must be enabled globally for all ports.
F . When it is first enabled, it allows all IP packets except DHCP packets
Ans. A, C
9.
Refer to the exhibit. You have applied these configurations to Switches A, B, and D respectively, and the switches are connected to one another on a trunk port that is passing all VLAN traffic. Which statement about traffic on the network is true?
A. Unless a layer 3 devices is installed host on the fastethernet 0/1 interface of switch D will be unable to communicate with hosts on the other switches
Ans. A
10. Which Cisco StackWise feature is supported?
A. using same software feature set on all members
B. using mixed software feature set on all members
C. using different versions of the Cisco IOS on each switch
D. using different SDM templates on each switch
Ans. A
11. Which HSRP identifier can an end station use to find default gateway at the data link layer?
A. Mac address
B. BIA
C. Virtual IP address
D. Router priority
Ans. A
12.
Refer to the exhibit. Which statement about the port channel must be true?
A. it is configured as an access port
B. it is configured to pass all Vlan traffic
C. The native vlan is using a nondefault VLAN ID
D. Valn 1,2,3 and 4 were configured with the allowed vlans command
Ans. B
13.Which two tasks must you perform to enable DHCP option 82 on an untrusted port? (Choose two.)
A. Enter the ip dhcp snooping information option replace command to enable DHCP option 82.
B. Enter the ip dhcp snooping information option command to enable option 82.
C. Enter the ip dhcp snooping information option allow-untrusted command to enable the untrusted port.
D. Enter the ip dhcp snooping trust command to enable DHCP option 82.
E. Enter the ip dhcp snooping trust command to enable data insertion DHCP option 82
Ans. B, C
14. Which two statements about UDLD aggressive mode are true? (Choose two.)
A. UDLD message are sent every 15 seconds.
B. UDLD attempts to re-establish a downed link one time before declaring the link down.
C. If a unidirectional link is detected, the port state is changed to errdisable
D. UDLD automatically chooses the messaging interval based on the configured timers.
E. The UDLD detection timer is four times the message interval by default.
F. If a unidirectional link is detected, the port state is determined by spanning tree.
Ans. A, C
15. Which command maximizes system resources for ACLs?
A. sdm prefer access
B. sdm prefer default
C. sdm prefer routing
D. sdm prefer vlan
Ans. A
16.
Refer to the exhibit. Which spanning-tree feature is configured on this interface?
A . The command spanning-tree mst1 vlan 10, 20, 30, 40 in the global configuration mode was entered.
B . The command spanning-tree portfast trunk in the interface configuration mode was entered.
C . The command spanning-tree vlan 10, 20, 30, 40 root primary in the interface configuration mode for faster convergence.
D . The command shut then a no shutdown in the interface configuration mode was entered.
E . The command spanning-tree portfast in the interface configuration mode was entered.
Ans. B
17. Which two accounting types does AAA support? (Choose two.)
A. system
B. authorization
C. privilege
D. connection
E. authentication
Ans. A, D
18.Which two pieces of information are carried in a Cisco Discovery Protocol advertisement? (Choose two.)
A . Processor Type
B . VTP domain name
C . Routing protocol
D . native VLAN-ID
E . Spanning-Tree mode
F . Memory usage
Ans. B, D
19.A network engineer wants to ensure Layer 2 isolation of customers traffic using a private VLAN. Which configuration must be made before the private VLAN is configured?
A. Disable VTP and manually assign VLANs.
B. Configure VTP Transparent Mode.
C. Ensure all switches are configured as VTP server mode.
D. Enable VTP version 3.
Ans. B
20. Which two statements about LLDP frames are true? (Choose two.)
A . LLDP frame has its own CRC.
B . LLDP frame sends to multicast address
C . LLDP frame consists of sequence of TLVs
D . LLDP frame contains unicast address within its fields.
E They Have EtherType of 0x8080
Ans. B, C
21.Which commands configures all access ports on a switch to immediately enter the forwarding state when the switch is reset?
A. Spanning-tree portfast default
B. Spanning-tree portfast bpdguard default
C. Spanning-tree portfast bpdufilter default
D. Spanning-tree portfast
Ans. D
22. Which feature can protect a Layer 2 port from spoofed IP addresses?
A. uRPF
B. IP source guard
C. DHCP snooping
D Port security
Ans. C
23.Drag and drop the statements about remote security database from the left onto the correct security database types on the right.
RADIUS:
+ Multi-vendors
+ Encrypts only the password
+ Combines authentication and authorization
+ UDP
TACACS+:
+ Proprietary
+ Separate AAA
+ Encrypts the entire body
+ TCP

24.Which STP feature can ensure that the path to the root bridge of the network remains consistent with the original network design?
A BPDU guard
B Loop gurad
C Port Fast
D Root guard
Ans. D
25. To which VLAN is a dynamic access port assigned by default?
A. VLAN 1 is the default VLAN.
B. Per default, the port has to participate in a VLAN election to determine which VLAN a port is assigned.
C. All VLANs are permitted in a dynamic access port link.
D. None until the VLAN membership of the port is discovered.
Ans. Mmm not sure A or D? If anyone else knows?

@ Karim,
Sorry missed the first one

1.1.Which feature prevents a switch port from receiving and forwarding general traffic, so that it handles only a copy of specifically designated traffic?

A. BPDU guard
B Port Fast
C. SPAN
D.Loop guard

I also think it’s A

@Karin

Answer is B

Note You can use the spanning-tree portfast default global configuration command to globally enable the Port Fast feature on all nontrunking ports

For the below to work you require portfast to already be configured on port so A, D is wrong
A. spanning-tree portfast bpduguard default
D. spanning-tree portfast bpdufilter default

C is wrong because that is interface command

Another one i missed not correct was number 5

Which two statements about VRRP object tracking are true? (Choose two.)

A. VRRP supports only interface tracking.
B. A VRRP group can track only one object at a time.
C. The priority of a VRRP device can change in accordance with the up or down status of a VRRP object.
D. VRRP can track the status of interfaces and routes.
E. The VRRP interface priority must be manually configured by the administrator.

C & D

Which two statements about VRRP object tracking are true? (Choose two.)
A. VRRP supports only interface tracking.
B. A VRRP group can track only one object at a time.
C. The priority of a VRRP device can change in accordance with the up or down status of a VRRP object.
D. VRRP can track the status of interfaces and routes.
E. The VRRP interface priority must be manually configured by the administrator.

C and D are correct.
A is not correct. Object Tracking is not limited only to interfaces

@Bez, @Karim,

Which feature prevents a switch port from receiving and forwarding general traffic, so that it handles only a copy of specifically designated traffic?

A. BPDU guard
B. Port Fast
C. SPAN
D.Loop guard

its C.

“a copy of specifically designated traffic…”. thats SPAN right there :)

@Vin – I missed to include the no shutdown command but it should be included on both switch A and B under fa0/3 – 4 interface after you have completed all the configuration

@ Bez thank you for update

I am not sure about below, becoz as per spoto answer is B please double check.

22. Which feature can protect a Layer 2 port from spoofed IP addresses?
A. uRPF
B. IP source guard
C. DHCP snooping
D Port security

@Access

Thanks for your answer.

@Karim

26. Which two statements about HSRP, GLBP, and VRRP are true? (Choose two.)
A. HSRP supports up to 255 groups on the same switch or router.
B. VRRP has one master router, one standby router, and many listening routers.
C. HSRP is the preferred protocol to be used on multivendor environments.
D. GLBP allows for a maximum of four MAC addresses per group.

E. VRRP is a Cisco proprietary protocol.
Ans. A, D
27.A network engineer deployed a switch that operates the LAN base feature set and decides to use the SDM VLAN template. The SDM template is causing the CPU of the switch to spike during peak working hours. What is the root cause of this issue?
A. The VLAN receives additional frames from neighboring switches.
B. The SDM VLAN template causes the MAC address-table to overflow.
C. The VLAN template disables routing in hardware.
D. The switch needs to be rebooted before the SDM template takes effect.
Ans. C
28. How does the Spanning Tree Protocol determine path cost?
A Interface load
B Interface delay
C interface reliability
D interface bandwidth
E interface hop count
Ans. D
29. Which two differences between RADIUS and TACACS+ are true? (Choose two)

A. Only TACACS+ uses user privilege levels to determine which commands the user can execute.
B. Only RADIUS provides granular control over the CLI commands that a user can execute.
C. Only TACACS+ uses UDP.
D. Only TACACS+ can combine authentication and authorization functions.
E. Only RADIUS uses UDP.
Ans. A, E
30. Which two commands verify the DHCP snooping configuration on a device? (Choose two.)
A. show ip dhcp pool
B. show ip dhcp snooping
C. show running-config | include snooping
D. show ip dhcp relay
E. clear ip dhcp snooping binding
Ans. B, C

@ Bez

25. To which VLAN is a dynamic access port assigned by default?

A. VLAN 1 is the default VLAN.
B. Per default, the port has to participate in a VLAN election to determine which VLAN a port is assigned.
C. All VLANs are permitted in a dynamic access port link.
D. None until the VLAN membership of the port is discovered.

Ans. D is correct confirmed

@Proton, I did as you said, but the trunk on Switch B did not come up. Yet the trunk on Switch A did come up with the same exact commands.

Can anyone tell me if the “show int trunk” command works on SWB?

@ Karim

22. Which feature can protect a Layer 2 port from spoofed IP addresses?
A. uRPF
B. IP source guard
C. DHCP snooping
D Port security

I think it is C but maybe our fellow exam takers can help ?

Which feature can protect a Layer 2 port from spoofed IP addresses?

A. uRPF
B. IP source guard <<- CORRECT
C. DHCP snooping
D Port security

To which VLAN is a dynamic access port assigned by default?

A. VLAN 1 is the default VLAN.
B. Per default, the port has to participate in a VLAN election to determine which VLAN a port is assigned.
C. All VLANs are permitted in a dynamic access port link.
D. None until the VLAN membership of the port is discovered. <<-CORRECT

@Bez

where are these questions coming from? whats the source?
This site or another PDF materials?

@Bez great job it will help to all exam takers.
I will post some more missing questions that will cover all exam questions hopefully

hope some one confirm about below.

22. Which feature can protect a Layer 2 port from spoofed IP addresses?
A. uRPF
B. IP source guard
C. DHCP snooping
D Port security

Thank you Boxing

so the correct answer is

B. IP source guard

my exam is on friday. so no second chances

recently i’m mainly doing labs and some practice questions, and some more labs to test the answers of the practice questions where Im not sure of the correct answers.

If anyone wants me to lab anything specifically then let me know, coz i have a huge lab with real hardware

Definitely “B. IP source guard”.

IP Source Guard:
“This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host.”

http://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=7

How many active virtual gateways can each GLBP group support

Answer >> 1

Whats your email please BoxingSurfer?
I’ve got the exam the day after you…
I’ve removed the password from IP Helper VCE and added every question on here :)

@switchy

my email is boxing_surfer at hotmail dot com

SIM q came out on last Fri exam
-vtpv3 & hsrp
-Lacp with stp

I take the test on Wednesday and I am good with the labs but my buddy told me that he studied the 1056q dump and saw zero questions from it. I was wondering what i should study to try to get a leg up for Wednesday. i been looking at the questions posted here in the comments.