Correct Answer: All switch and bridge ports are in either the forwarding or blocking state.
Explanation:
Convergence occurs when all ports on bridges and switches have transitioned to either the forwarding or blocking states. No data is forwarded until convergence is complete. Before data can be forwarded again, all devices must be updated.
2. You want to run the new 802.1w on your switches. Which of the following would enable this protocol?
802.1w is the also called Rapid Spanning Tree Protocol. It is not enabled by default on Cisco switches, but it is a better STP to run since it has all the fixes that the Cisco extensions provide with 802.1d.
3. You need to allow one host to be permitted to attach dynamically to each switch interface. Which two commands must you configure on your catalyst switch to meet this policy?
Switch(config-if)# ip access-group 10
Switch(config-if)# switchport port-security maximum 1
The
switchport port-security is an important command, and it's super easy with the CNA; however, from the CLI, you can set the maximum number of MAC addresses allowed into the port, and then set the penalty if this maximum has been passed.
4. Which of the following is a layer 2 protocol used to maintain a loop-free network?
Correct Answer: In an improperly implemented redundant topology
Explanation:
If the Spanning Tree Protocol is not running on your switches and you connect them together with redundant links, you will have broadcast storms and multiple frame copies.
6. Your switch has a port status LED that is alternating between green and amber. What could this indicate?
When you connect to a switch port, at first the link lights are orange/amber, and then they turn green, indicating normal operation. If the link light is blinking, you have a problem.
7. If you want to disable STP on a port connected to a server, which command would you use?
If you have a server or other devices connected into your switch that you're totally sure won't create a switching loop if STP is disabled, you can use something called
portfast on these ports. Using it means the port won't spend the usual 50 seconds to come up while STP is converging.
8. What does a switch do when a frame is received on an interface and the destination hardware address is unknown or not in the filter table?
Options
A. Forwards the switch to the first available link
B. Drops the frame
C. Floods the network with the frame looking for the device
D. Sends back a message to the originating station asking for a name resolution
Correct Answer: Floods the network with the frame looking for the device
Explanation:
Switches flood all frames that have an unknown destination address. If a device answers the frame, the switch will update the MAC address table to reflect the location of the device.
9. If you wanted to deny FTP access from network 200.200.10.0 to network 200.199.11.0 but allow everything else, which of the following command strings is valid?
Options
A. access-list 110 deny 200.200.10.0 to network 200.199.11.0 eq ftp access-list 111 permit ip any 0.0.0.0 255.255.255.255
B. access-list 1 deny ftp 200.200.10.0 200.199.11.0 any any
Correct Answer: access-list 198 deny tcp 200.200.10.0 0.0.0.255 200.199.11.0 0.0.0.255 eq ftp access-list 198 permit ip any 0.0.0.0 255.255.255.255
Explanation:
Extended IP access lists use numbers 100-199 and 2000-2699 and filter based on source and destination IP address, protocol number, and port number. The last option is correct because of the second line that specifies permit ip any any. (I used 0.0.0.0 255.255.255.255, which is the same as the any option.) The third option does not have this, so it would deny access but not allow everything else.
10. Which router command allows you to view the entire contents of all access lists?
The
show access-lists command will allow you to view the entire contents of all access lists, but it will not show you the interfaces to which the access lists are applied.