Categories
Fortinet Exam Dumps
fortinet nse4_fgt-6.4 dumps (pdf + vce)
fortinet nse4_fgt-6.2 dumps (pdf + vce)
fortinet nse5_faz-6.4 dumps (pdf + vce)
fortinet nse5_faz-6.2 dumps (pdf + vce)
fortinet nse5_fct-6.2 dumps (pdf + vce)
fortinet nse5_fmg-6.4 dumps (pdf + vce)
fortinet nse5_fmg-6.2 dumps (pdf + vce)
fortinet nse6_fml-6.2 dumps (pdf + vce)
fortinet nse6_fnc-8.5 dumps (pdf + vce)
fortinet nse7_efw-6.4 dumps (pdf + vce)
fortinet nse7_efw-6.2 dumps (pdf + vce)
fortinet nse7_sac-6.2 dumps (pdf + vce)
fortinet nse7_sdw-6.4 dumps (pdf + vce)
fortinet nse8_811 dumps (pdf + vce)
Tags
Do not worry about your Cisco 642-812 exam,Flydumps now has published the new veriosn Cisco 642-812 exam dumps with more new added questions and answers,also you can free download Cisco 642-812 vce test software and pdf dumps on Flydumps.com.
QUESTION 75
Refer to the exhibit and the partial configuration of switch SW_A and SW_B. STP is configured on all switches in the network. SW_B receives this error message on the console port:
00:06:34:
%CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half
duplex),
with SW_A FastEthernet0/4 (half duplex) ,
with TBA05071417(Cat6K-B) 0/4 (half duplex).
What would be the possible outcome of the problem?
A.
The root port on switch SW_A will automatically transition to full-duplex mode.
B.
The root port on switch SW_B will fallback to full-duplex mode.
C.
The interfaces between switches SW_A and SW_B will transition to a blocking state.
D.
Interface Fa 0/6 on switch SW_B will transition to a forwarding state and create a bridging loop.
Correct Answer: D Section: Examen B Explanation
Explanation/Reference:
QUESTION 76
Which two statements are true about BPDU port-guard and BPDU filtering? (Choose two.)
A. BPDU port-guard can be enabled globally, whereas BPDU filtering must be enabled on a per-interface basis.
B. When globally enabled, BPDU port-guard and BPDU filtering apply only to PortFast enabled ports.
C. When globally enabled, BPDU port-guard and BPDU filtering apply only to trunking-enabled ports.
D. When a BPDU is received on a BPDU port-guard enabled port, the interface goes into the err-disabled state.
E. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the err-disabled state.
F. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the STP blocking state.
Correct Answer: BD Section: Examen B Explanation
Explanation/Reference:
QUESTION 77
Refer to the exhibit. Switch 15 is configured as the root switch for VLAN 10 but not for VLAN 20. If t STP configuration is correct, what will be true about Switch 15?
A. All ports will be in forwarding mode.
B. All ports in VLAN 10 will be in forwarding mode.
C. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode.
D. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode.
Correct Answer: B Section: Examen B Explanation
Explanation/Reference:
QUESTION 78
Refer to the exhibit. Which statement is true?
A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
C. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be dropped.
Correct Answer: D Section: Examen B Explanation
Explanation/Reference:
QUESTION 79
Refer to the exhibit. Switch P1S1 is not applying VLAN updates from switch P2S1. What are three reasons why this is not occurring? (Choose three.)
A. Switch P2S1 is in server mode.
B. Switch P1S1 is in transparent mode.
C. The MD5 digests do not match.
D. The passwords do not match.
E. The VTP domains are different.
F. VTP trap generation is disabled on both switches.
Correct Answer: BDE Section: Examen B Explanation
Explanation/Reference:
QUESTION 80
Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude about interfaces Fa0/13 and Fa0/14?
A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1
B. that interfaces Fa0/13 and Fa0/14 are down
C. that interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. that interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch
E. that interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch
Correct Answer: C Section: Examen B Explanation
Explanation/Reference:
QUESTION 81
What must be the same to make multiple switches part of the same Multiple Spanning Tree (MST)?
A. VLAN instance mapping and revision number
B. VLAN instance mapping and member list
C. VLAN instance mapping, revision number, and member list
D. VLAN instance mapping, revision number, member list, and timers
Correct Answer: A Section: Examen B Explanation
QUESTION 82
Refer to the exhibit. What command was issued on the Layer 3 switch Sw1 between Exhibit # 1 and Exhibit # 2?
A. ip routing
B. no ip routing
C. router eigrp 1
D. no router eigrp 1
E. mls qos
F. no mls qos
Correct Answer: B Section: Examen B Explanation
Explanation/Reference:
QUESTION 83
Refer to the exhibit. On the basis of the information that is generated by the show commands, which two EtherChannel statements are true? (Choose two.)
A. Interfaces FastEthernet 0/1 and 0/2 have been configured with the channel-group 1 mode desirable command.
B. Interfaces FastEthernet 0/3 and 0/4 have been configured with the no switchport command.
C. Interface Port-Channels 1 and 2 have been assigned IP addresses with the ip address commands.
D. Port-Channels 1 and 2 are providing two 400 Mbps EtherChannels.
E. Port-Channels 1 and 2 are capable of combining up to 8 FastEthernet ports to provide full-duplex bandwidth of up to 16 Gbps between a switch and another switch or host.
F. Switch SW1 has been configured with a Layer 3 EtherChannel.
Correct Answer: AD Section: Examen B Explanation
Explanation/Reference:
QUESTION 84
Refer to the exhibit. The Gateway Load Balancing Protocol has been configured on routers R1 and R2, and hosts A and B have been configured as shown. Which statement can be derived from the exhibit?
A. The GLBP weighted load balancing mode has been configured.
B. The GLBP host-dependent, load-balancing mode has been configured.
C. The GLBP round-robin, load-balancing mode has been configured.
D. The host A default gateway has been configured as 10.88.1.1/24.
E. The host A default gateway has been configured as 10.88.1.4/24.
F. The host A default gateway has been configured as 10.88.1.10/24.
Correct Answer: F Section: Examen B Explanation
Explanation/Reference:
QUESTION 85
Refer to the exhibit. LACP has been configured on Switch1 as shown. Which is the correct command set to configure LACP on Switch2?
A. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode auto
B. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2
Switch2(config-if)# channel-group 5 mode passive
C. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode desirable
D. Switch2# configure terminal Switch2(config)# interface range gigabitethernet3/1 -2 Switch2(config-if)# channel-group 5 mode on
Correct Answer: B Section: Examen B Explanation
Explanation/Reference:
QUESTION 86
Refer to the exhibit. Which interface or interfaces on switch SW_A can have the port security feature enabled?
A. Port 0/1
B. Ports 0/1 and 0/2
C. Ports 0/1, 0/2 and 0/3
D. Ports 0/1, 0/2, 0/3 and the trunk port 0/22
E. The trunk port 0/22 and the EtherChannel ports
F. Ports 0/1, 0/2, 0/3, the trunk port 0/22 and the EtherChannel ports
Correct Answer: C Section: Examen B Explanation
Explanation/Reference:
QUESTION 87
Refer to the exhibit. What will happen when one more user is connected to interface FastEthernet 5/1?
A. All secure addresses will age out and be removed from the secure address list. This will cause the security violation counter to increment.
B. The first address learned on the port will be removed from the secure address list and be replaced with the new address.
C. The interface will be placed into the error-disabled state immediately, and an SNMP trap notification will be sent.
D. The packets with the new source addresses will be dropped until a sufficient number of secure MAC addresses are removed from the secure address list.
Correct Answer: C Section: Examen B Explanation
Explanation/Reference:
QUESTION 88
Refer to the exhibit. The command switchport mode access is issued on interface FastEthernet0/13 on switch CAT1. What will be the result?
A. The command will be rejected by the switch.
B. Interfaces FastEthernet0/13 and FastEthernet0/14 will no longer be bundled.
C. Dynamic Trunking Protocol will be turned off on interfaces FastEthernet0/13 and FastEthernet0/14.
D. Interfaces FastEthernet0/13 and FastEthernet0/14 will only allow traffic from the native VLAN.
E. Interfaces FastEthernet0/13 and FastEthernet0/14 will continue to pass traffic for VLANs 88,100,360.
Correct Answer: B Section: Examen B Explanation
Explanation/Reference:
QUESTION 89
Refer to the exhibit. STP has been implemented in the network. Switch SW_A is the root switch for the default VLAN. To reduce the broadcast domain, the network administrator decides to split users on the network into VLAN 2 and VLAN 10. The administrator issues the command spanning-tree vlan 2 root primary on switch SW_A. What will happen as a result of this change?
A. All ports of the root switch SW_A will remain in forwarding mode throughout the reconvergence of the spanning tree domain.
B. Switch SW_A will change its spanning tree priority to become root for VLAN 2 only.
C. Switch SW_A will remain root for the default VLAN and will become root for VLAN 2.
D. No other switch in the network will be able to become root as long as switch SW_A is up and running.
Correct Answer: C Section: Examen B Explanation
Explanation/Reference:
QUESTION 90
Which three interface commands will configure the switch port to support a connected Cisco phone and to trust the CoS values received on the port if CDP discovers that a Cisco phone is attached? (Choose three.)
A. mls qos trust override cos
B. mls qos trust cos
C. mls qos trust device cisco-phone
D. switchport priority extend cos_value
E. switchport voice vlan vlan-id
Correct Answer: BCE Section: Examen B Explanation
Explanation/Reference:
QUESTION 91
Refer to the exhibit. What will happen to traffic within VLAN 14 with a source address of 172.16.10.5?
A. The traffic will be forwarded to the TCAM for further processing.
B. The traffic will be forwarded to the router processor for further processing.
C. The traffic will be dropped.
D. The traffic will be forwarded without further processing.
Correct Answer: C Section: Examen B Explanation
QUESTION 92
What is the main purpose of Multiple Spanning Tree Protocol (MSTP)?
A. to provide protection for STP when a link is unidirectional and BPDUs are being sent but not received
B. to provide faster convergence when topology changes occur in a switched network
C. to reduce the total number of spanning tree instances necessary for a particular topology
D. to enhance Spanning Tree troubleshooting on multilayer switches
Correct Answer: C Section: Examen B Explanation
QUESTION 93
Which protocol allows for the automatic selection and simultaneous use of multiple available gateways as well as automatic failover between those gateways?
A. IRDP
B. HSRP
C. GLBP
D. VRRP
Correct Answer: C Section: Examen B Explanation
Explanation/Reference:
QUESTION 94
Refer to the exhibit. HSRP has been configured and Link A is the primary route to router R4. When Link A fails, router R2 (Link B) becomes the active router.
Which router will assume the active role when Link A becomes operational again?”
A. The primary router R1 will reassume the active role when it comes back online.
B. The standby router R2 will remain active and will forward the active role to router R1 only in the event of its own failure.
C. The standby router R2 will remain active and will forward the active role to router R1 only in the event of Link B failure.
D. The third member of the HSRP group, router R3, will take over the active role only in event of router R2 failure.
Correct Answer: A Section: Examen B Explanation
Explanation/Reference: QUESTION 95
Which two statements are true about the Hot Standby Router Protocol (HSRP)? (Choose two.)
A. Load sharing with HSRP is achieved by creating multiple subinterfaces on the HSRP routers.
B. Load sharing with HSRP is achieved by creating HSRP groups on the HSRP routers.
C. Routers configured for HSRP must belong to only one group per HSRP interface.
D. Routers configured for HSRP can belong to multiple groups and multiple VLANs.
E. All routers configured for HSRP load balancing must be configured with the same priority.
Correct Answer: BD Section: Examen B Explanation
Explanation/Reference:
QUESTION 96
Refer to the exhibit. How will interface FastEthernnet0/1 respond when an 802.1x-enabled client connects to the port?
A. The switch port will enable 802.1x port-based authentication and begin relaying authentication messages between the client and the authentication server.
B. The switch port will disable 802.1x port-based authentication and cause the port to transition to the authorized state without any further authentication exchange.
C. The switch will cause the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate.
D. The switch will uniquely authorize the client by using the client MAC address.
Correct Answer: B Section: Examen B Explanation
Explanation/Reference:
QUESTION 97
Which statement is true about 802.1x port-based authentication?
A. Hosts are required to have a 802.1x authentication client or utilize PPPoE.
B. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
C. RADIUS is the only supported authentication server type.
D. TACACS+ is the only supported authentication server type.
E. If a host initiates the authentication process and does not receive a response, it assumes it is not authorized.
Correct Answer: C Section: Examen B Explanation Explanation/Reference:
QUESTION 98
Refer to the exhibit. Which statement is true about the voice traffic coming to the switch access port that is connected to the IP phone?
A. The voice VLAN must be configured as a native VLAN on the switch.
B. The traffic on the voice VLAN must be tagged with 802.1p encapsulation in order to coexist on the same LAN segment with a PC.
C. A PC connected to a switch port via an IP phone must support a trunking encapsulation.
D. A PC connected to a switch port via an IP phone is unaware of the presence of the phone.
E. To improve the quality of the voice traffic, no other devices should be attached to the IP phone.
Correct Answer: D Section: Examen B Explanation
Explanation/Reference:
QUESTION 99
Refer to the exhibit. Which two statements are true about the output from the show standby vlan 50 command? (Choose two.)
A. The command standby 1 preempt was added to Catalyst_A.
B. Catalyst_A is load sharing traffic in VLAN 50.
C. Hosts using the default gateway address of 192.168.1.2 will have their traffic sent to Catalyst_A.
D. Hosts using the default gateway address of 192.168.1.1 will have their traffic sent to 192.168.1.11 even after Catalyst_A becomes available again.
Correct Answer: AB Section: Examen B Explanation
Explanation/Reference:
QUESTION 100
Refer to the exhibit. On the basis of the output of the show spanning-tree inconsistentports command, which statement about interfaces FastEthernet 0/1 and FastEthernet 0/2 is true?
A. They have been configured with the spanning-tree bpdufilter disable command.
B. They have been configured with the spanning-tree bpdufilter enable command.
C. They have been configured with the spanning-tree bpduguard disable command.
D. They have been configured with the spanning-tree bpduguard enable command.
E. They have been configured with the spanning-tree guard loop command.
F. They have been configured with the spanning-tree guard root command.
Correct Answer: F Section: Examen B Explanation
Explanation/Reference: Exam C QUESTION 1
Refer to the exhibit. Based on the output of the show spanning-tree command, which statement is true?
A. Switch SW1 has been configured with the spanning-tree vlan 1 root primary global configuration command.
B. Switch SW1 has been configured with the spanning-tree vlan 1 root secondary global configuration command.
C. Switch SW1 has been configured with the spanning-tree vlan 1 priority 24577 global configuration command.
D. Switch SW1 has been configured with the spanning-tree vlan 1 hello-time 2 global configuration command.
E. The root bridge has been configured with the spanning-tree vlan 1 root secondary global configuration command.
Correct Answer: B Section: Examen C Explanation
Explanation/Reference:
QUESTION 2
Which three statements about the Multiple Spanning Tree (MST) protocol (IEEE 802.1s) are true? (Choose three.)
A. An MST region is a group of MST switches that appear as a single virtual bridge to adjacent CST and MST regions.
B. All switches in an MST region, except distribution layer switches, should have their priority lowered from the default value 32768.
C. All switches in the same MST region must have the same VLAN-to-instance mapping, but different configuration revision numbers.
D. Enabling MST with the spanning-tree mode mst global configuration command also enables RSTP.
E. To verify the MST configuration, the show pending command can be used in MST configuration mode.
F. When RSTP and MSTP are configured, UplinkFast and BackboneFast must also be enabled.
Correct Answer: ADE Section: Examen C
Explanation
Explanation/Reference:
QUESTION 3
Refer to the exhibit. On the basis of the information provided in the exhibit, which two sets of procedures are best practices for Layer 2 and 3 failover alignment? (Choose two.)
A. Configure the D-SW1 switch as the active HSRP router and the STP root for all VLANs. Configure the D-SW2 switch as the standby HSRP router and backup STP root for all VLANs.
B. Configure the D-SW2 switch as the active HSRP router and the STP root for all VLANs. Configure the D-SW1 switch as the standby HSRP router and backup STP root for all VLANs.
C. Configure the D-SW1 switch as the active HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the active HSRP router and the STP root for VLANs 12 and 120.
D. Configure the D-SW1 switch as the standby HSRP router and the backup STP root for VLANs 12 and
120. Configure the D-SW2 switch as the standby HSRP router and the backup STP root for VLANs 11 and 110.
E. Configure the D-SW1 switch as the standby HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the standby HSRP router and the STP root for VLANs 12 and 120.
F. Configure the D-SW1 switch as the active HSRP router and the backup STP root for VLANs 11 and
110.
Configure the D-SW2 switch as the active HSRP router and the backup STP root for VLANs 12 and
120.
Correct Answer: CD Section: Examen C Explanation
Explanation/Reference:
QUESTION 4
Refer to the exhibit. Which statement is true about a voice VLAN?
A. Physically the voice network and the data network are separate.
B. The voice traffic will normally be on a different IP subnet than will the data traffic.
C. End user intervention is necessary to place the phone into the proper VLAN.
D. The same security policy should be implemented for both voice and data traffic.
E. The data VLAN must be configured as the native VLAN.
Correct Answer: B Section: Examen C Explanation
QUESTION 5
Which three statements are true about the voice VLAN feature on a Catalyst 2950 switch? (Choose three.)
A. The CoS value is trusted for 802.1p or 802.1q tagged traffic.
B. The voice VLAN feature is disabled by default.
C. The IP phone accepts the priority of all tagged and untagged traffic and sets the CoS value to 4.
D. When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of the port.
E. PortFast is is automatically disabled when a voice VLAN is configured.
F. The default CoS value for incoming traffic is set to 0.
Correct Answer: BDF Section: Examen C Explanation
Explanation/Reference:
QUESTION 6
In what three ways is QoS applied in the campus network? (Choose three.)
A. No traffic marking occurs at the core layer. Layer 2/3 QoS tags are trusted from distribution layer switches and used to prioritize and queue the traffic as it traverses the core.
B. IP precedence, DSCP, QoS group, IP address, and ingress interface are Layer 2 characteristics that are set by the access layer as it passes traffic to the distribution layer. The distribution layer, once it has made a switching decision to the core layer, strips these off.
C. MAC address, Multiprotocol Label Switching (MPLS), the ATM cell loss priority (CLP) bit, the Frame Relay discard eligible (DE) bit, and ingress interface are established by the voice submodule (distribution layer) as traffic passes to the core layer.
D. The distribution layer inspects a frame to see if it has exceeded a predefined rate of traffic within a certain time frame, which is typically a fixed number internal to the switch. If a frame is determined to be in excess of the predefined rate limit, the CoS value can be marked up in a way that results in the packet being dropped.
E. The access layer is the initial point at which traffic enters the network. Traffic is marked (or remarked) at Layers 2 and 3 by the access switch as it enters the network, or is “trusted” that it is entering the network with the appropriate tag.
F. Traffic inbound from the access layer to the distribution layer can be trusted or reset depending upon the ability of the access layer switches. Priority access into the core is provided based on Layer 3 QoS tags.
Correct Answer: AEF Section: Examen C Explanation
Explanation/Reference:
QUESTION 7
Which two Aironet enterprise solution statements are true? (Choose two.)
A. A Cisco Aironet AP handles the transmission of beacon frames and also handles responses to probe-request frames from clients.
B. A Cisco Aironet solution includes intelligent Cisco Aironet access points (APs) and Cisco Catalyst switches.
C. In the Cisco Aironet solution, each AP is locally configured by the use of either a web interface or the command line interface.
D. The Cisco Aironet AP handles real-time portions of the LWAPP protocol, l and the WLAN controller handles those items which are not time sensitive.
E. Virtual MAC architecture allows the splitting of the 802.11 protocol between the Cisco Aironet AP and a LAN switch.
Correct Answer: AD Section: Examen C Explanation
Explanation/Reference:
QUESTION 8
Which statement is correct about RSTP port roles?
A. The designated port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one designated port on every switch. The designated port assumes the forwarding state in a stable active topology. All switches connected to a given segment listen to all BPDUs and determine the switch that will be the root switch for a particular segment.
B. The disabled port is an additional switch port on the designated switch with a redundant link to the segment for which the switch is designated. A disabled port has a higher port ID than the disabled port on the designated switch. The disabled port assumes the discarding state in a stable active topology.
C. The backup port is a switch port that offers an alternate path toward the root bridge. The backup port assumes a discarding state in a stable, active topology. The backup port will be present on nondesignated switches and will make a transition to a designated port if the current designated path fails.
D. The root port is the switch port on every nonroot bridge that is the chosen path to the root bridge. There can be only one root port on every switch. The root port assumes the forwarding state in a stable active topology.
Correct Answer: D Section: Examen C Explanation
Explanation/Reference: QUESTION 9
Which two Lightweight Access Point Protocol (LWAPP) statements are true? (Choose two.)
A. Control traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.
B. Control traffic is encapsulated in TCP packets with a source port of 1024 and a destination port of 12223.
C. Data traffic is encapsulated in UDP packets with a source port of 1024 and a destination port of 12223.
D. Data traffic is encapsulated in TCP packets with a source port of 1024 and destination port of 12223.
E. Layer 3 LWAPP is a UDP / IP frame that requires a Cisco Aironet AP to obtain an IP address using DHCP.
F. LWAPP is a proprietary protocol, and because of its very high overhead it is not widely adopted .
Correct Answer: AE Section: Examen C Explanation
Explanation/Reference:
QUESTION 10
What multicast address is used by GLBP?
A. 224.0.0.1
B. 224.0.0.10
C. 224.0.0.100
D. 224.0.0.101
E. 224.0.0.102
Correct Answer: E Section: Examen C Explanation
QUESTION 11
Refer to the exhibit. Which three statements accurately describe this GLBP topology? (Choose three.)
A. Router A is responsible for answering ARP requests sent to the virtual IP address.
B. If Router A becomes unavailable, Router B will forward packets sent to the virtual MAC address of Router A.
C. If another router were added to this GLBP group, there would be two backup AVGs.
D. Router B is in GLBP listen state.
E. Router A alternately responds to ARP requests with different virtual MAC addresses.
F. Router B will transition from blocking state to forwarding state when it becomes the AVG.
Correct Answer: ABE Section: Examen C Explanation
Explanation/Reference:
QUESTION 12
Refer to the exhibit. Which Virtual Router Redundancy Protocol (VRRP) statement is true about the roles of the master virtual router and the backup virtual router?
A. Router A is the master virtual router, and Router B is the backup virtual router. When Router A fails, Router B will become the master virtual router. When Router A recovers, Router B will maintain the role of master virtual router.
B. Router A is the master virtual router, and Router B is the backup virtual router. When Router A fails, Router B will become the master virtual router. When Router A recovers, it will regain the master virtual router role.
C. Router B is the master virtual router, and Router A is the backup virtual router. When Router B fails, Router A will become the master virtual router. When Router B recovers, Router A will maintain the role of master virtual router.
D. Router B is the master virtual router, and Router A is the backup virtual router. When Router B fails, Router A will become the master virtual router. When Router B recovers, it will regain the master virtual router role.
Correct Answer: B Section: Examen C Explanation
Explanation/Reference:
QUESTION 13
Refer to the exhibit. When a profile is configured in the Aironet Desktop Utility, which security option permits the configuration of host-based Extensible Authentication Protocol (EAP)?
A. WPA/WPA2/CCKM
B. WPA/WPA2 Passphrase
C. 802.1x
D. Pre-Shared Key (Static WEP)
Correct Answer: C Section: Examen C Explanation
Explanation/Reference:
QUESTION 14
Refer to the exhibit. The service provider wants to ensure that switch S1 is the root switch for its own network and the network of the customer. On which interfaces should root guard be configured to ensure that this happens?
A. interfaces 1 and 2
B. interfaces 1, 2, 3, and 4
C. interfaces 1, 3, 5, and 6
D. interfaces 5 and 6
E. interfaces 5, 6, 7, and 8
F. interfaces 11 and 12
Correct Answer: D Section: Examen C Explanation
Explanation/Reference:
QUESTION 15
In each option, a Layer 2 security attack is specified. Which statement correctly matches the correct mitigation technique with the specified Layer 2 switch attack?
A. Configure DHCP spoofing to mitigate ARP address spoofing attacks.
B. Configure DHCP spoofing to mitigate DHCP spoofing attacks.
C. Configure PVLANs to mitigate MAC address flooding attacks.
D. Configure port security to mitigate MAC address flooding attacks.
E. Enable root guard to mitigate ARP address spoofing attacks.
F. Configure dynamic ARP inspection (DAI) to mitigate IP address spoofing on DHCP untrusted ports.
Correct Answer: D Section: Examen C Explanation
Explanation/Reference:
QUESTION 16
Refer to the exhibit. The command spanning-tree bpdufilter enable is configured on interface Fa0/1 on switch S6. The link between switch S5 and S6 fails. Will Host A be able to reach Host B?
A. Fifty percent of the traffic will successfully reach Host B, and fifty percent will dead-end at switch S3 because of a partial spanning-tree loop.
B. No. Traffic will pass from switch S6 to S2 and dead-end at S2.
C. No. Traffic will loop back and forth between switch S6 and Host A.
D. No. Traffic will loop back and forth between switches S2 and S3.
E. Yes. Traffic will pass from switch S6 to S2 to S1.
Correct Answer: E Section: Examen C Explanation
Explanation/Reference:
QUESTION 17
Refer to the exhibit. Port security has been configured on the switch port Fa0/5. What would happen if another device is connected to the port after the maximum number of devices has been reached, even if one or more of the original MAC addresses are inactive?
A. The port will permit the new MAC address because one or more of the original MAC addresses are inactive.
B. The port will permit the new MAC address because one or more of the original MAC addresses will age out.
C. Although one or more of the original MAC addresses are inactive, the port will not permit the new MAC address.
D. Because the new MAC address is not configured on the port, the port will not permit the new MAC address.
Correct Answer: C Section: Examen C Explanation
Explanation/Reference:
QUESTION 18
What are three required steps to configure DHCP snooping on a switch? (Choose three.)
A. Configure DHCP snooping globally.
B. Configure DHCP snooping on an interface.
C. Configure DHCP snooping on a VLAN or range of VLANs.
D. Configure the switch as a DHCP server.
E. Configure all interfaces as DHCP snooping trusted interfaces.
F. Configure the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCP request messages.
Correct Answer: ABC Section: Examen C Explanation
Explanation/Reference:
QUESTION 19
Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. The servers do need, however, to communicate with a database server located in the inside network. What configuration will isolate the servers from each other?
A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
B. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
D. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN community ports.
Correct Answer: A Section: Examen C Explanation
Explanation/Reference:
QUESTION 20
Which three statements are true about the dynamic ARP inspection (DAI) feature? (Choose three.)
A. DAI can be performed on ingress ports only.
B. DAI can be performed on both ingress and egress ports.
C. DAI is supported on access and trunk ports only.
D. DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.
E. DAI should be configured on all access switch ports as untrusted and on all switch ports connected to other switches as trusted.
F. DAI should be enabled on the root switch for particular VLANs only in order to secure the ARP caches of hosts in the domain.
Correct Answer: ADE Section: Examen C Explanation
Explanation/Reference:
QUESTION 21
Which two statements are true about voice packets in a LAN? (Choose two.)
A. Voice traffic data flow involves large volumes of large packets.
B. Because a packet loss involves a small amount of data, voice traffic is less affected by packet losses than traditional data traffic is.
C. Voice carrier stream utilizes Real-Time Transport Protocol (RTP) to carry the audio/media portion of VoIP communication.
D. Voice packets are very sensitive to delay and jitter.
E. Voice packets are encapsulated in TCP segments to allow for proper sequencing during delivery.
Correct Answer: CD Section: Examen C Explanation
Explanation/Reference:
QUESTION 22
What does the global command udld enable accomplish?
A. globally enables all ports on the device for Unidirectional Link Detection (UDLD)
B. enables all fiber-optic LAN ports for Unidirectional Link Detection (UDLD)
C. overrides the default UDLD setting for all ports
D. enables all copper media LAN ports for Unidirectional Link Detection (UDLD)
Correct Answer: B Section: Examen C Explanation
QUESTION 23
What does the command udld reset accomplish?
A. allows an UDLD port to automatically reset when it has been shutdown
B. resets all UDLD enabled ports that have been shutdown
C. removes all UDLD configurations from interfaces that were globally enabled
D. removes all UDLD configurations from interfaces that were enabled per-port
Correct Answer: B Section: Examen C Explanation
QUESTION 24
Which two statements are true about voice VLANs? (Choose two.)
A. Voice VLANs are only used when connecting an IP phone and a host to distinct switch ports.
B. Access ports that are configured with voice VLANs will always trust the CoS that is received from IP phones.
C. Access ports that are configured with voice VLANs may or may not override the CoS value that is received from an IP phone.
D. Voice VLANs are configured using the switchport voice vlan vlan-ID interface configuration command.
E. Voice VLANs provide a trunking interface between an IP phone and an access port on a switch to allow traffic from multiple devices that are connected to the port.
F. Enabling Voice VLAN on a switch port will automatically configure the port to trust the incoming CoS markings.
Correct Answer: CD Section: Examen C Explanation
Explanation/Reference:
QUESTION 25
Which two statements about voice VLANs are correct? (Choose two.)
A. Voice VLANs eliminate the need for QoS configuration.
B. Voice VLANs are used on trunk links to eliminate the need for QoS CoS markings.
C. Voice VLANs are mainly used to reduce the number of access switch ports that are used in the network.
D. Voice VLANs can be configured to forward existing CoS priorities or override them.
E. Voice VLANs are mainly used between access layer switches and distribution layer switches.
F. Voice VLANs can be configured on Layer 2 ports only.
Correct Answer: DF Section: Examen C Explanation
Explanation/Reference:
QUESTION 26
Which two statements are true about network voice traffic? (Choose two.)
A. Voice traffic is affected more by link speed than FTP traffic is.
B. Voice traffic is affected more by packet delays than FTP traffic is.
C. Voice streams involve larger packet sizes than most TCP network traffic involves.
D. Voice traffic is more sensitive to packet loss than TCP network traffic is.
E. Voice traffic requires QOS mechanisms only in heavily loaded network segments.
Correct Answer: BD Section: Examen C Explanation
QUESTION 27
Refer to the exhibit. Which statement is true about the display of the command show pagp 1 neighbor command?
A. STP packets are sent out the Gi0/1 interface only.
B. STP packets are sent out both the Gi0/1 and Gi0/2 interfaces.
C. CDP packets are sent out the Gi0/1 interface only.
D. CDP packets are sent out the Gi0/2 interface only.
Correct Answer: A Section: Examen C Explanation
Explanation/Reference:
QUESTION 28
Which two statements are true about the configuration of voice VLANs? (Choose two.)
A. Static secure MAC addresses can be configured in conjunction with voice VLANs.
B. PortFast is automatically enabled when voice VLANs are configured.
C. PortFast must be manually configured when voice VLANs are configured.
D. Voice VLANs are typically configured on uplink ports.
E. Voice VLANs are typically configured on access ports.
Correct Answer: BE Section: Examen C Explanation
Explanation/Reference:
QUESTION 29
On an Aironet card, LED 0 and LED 1 are blinking alternately. What does this indicate?
A. The Aironet card is in power save mode.
B. The Aironet card is looking for a network association.
C. The Aironet card is joined to a network, but there is no network activity.
D. The Aironet card is joined to a network, and there is network activity.
Correct Answer: B Section: Examen C Explanation
QUESTION 30
With route processor redundancy (RPR+), the redundant supervisor engine is fully initialized and configured, which shortens the switchover time if the active supervisor engine fails. Which three statements are true about the RPR + operations when the redundant supervisor engine switched over the failed primary supervisor engine? (Choose three.)
A. The Forwarding Information Base (FIB) tables are maintained during the switchover. As a result, routed traffic continues without any interruption when the failover occurs.
B. The Forwarding Information Base (FIB) tables are cleared on a switchover. As a result, routed traffic is interrupted until route tables reconverge.
C. Static IP routes are maintained across a switchover because they are configured from entries in the configuration file.
D. Static IP routes are cleared across a switchover and recreated from entries in the configuration file on the redundant supervisor engine.
E. Information about dynamic routing states, maintained on the active supervisor engine, is synchronized to the redundant supervisor engine and is transferred during the switchover.
F. Information about dynamic routing states, maintained on the active supervisor engine, is not synchronized to the redundant supervisor engine and is lost on switchover.
Correct Answer: BCF Section: Examen C Explanation
Explanation/Reference:
QUESTION 31
Place the DTP mode with its correct description.
A.
Correct Answer: A Section: Examen C Explanation
Explanation/Reference:
QUESTION 32
Drag and drop question. Drag the items to the proper locations.
A.
Correct Answer: A Section: Examen C Explanation Explanation/Reference:
QUESTION 33
This is a drag and drop question which is about the correct sequence of steps that a wireless client takes during the process of association with an access point (AP). Drag the items to the proper locations.
A.
Correct Answer: A Section: Examen C Explanation
Explanation/Reference: QUESTION 34
Place the DTP mode with its correct description
A.
Correct Answer: A Section: Examen C Explanation
Explanation/Reference:
QUESTION 35
LAB 1:
A.
Correct Answer: A Section: Examen C Explanation
Explanation/Reference:
QUESTION 36
LAB 2: Case 1
A.
Correct Answer: A Section: Examen C Explanation
Explanation/Reference:
QUESTION 37
A.
Correct Answer: A Section: Examen C Explanation
Explanation/Reference:
QUESTION 38
How does VTP pruning enhance network bandwidth?
A. by restricting unicast traffic to across VTP domains
B. by reducing unnecessary flooding of traffic to inactive VLANs
C. by limiting the spreading of VLAN information
D. by disabling periodic VTP updates
Correct Answer: B Section: Examen C Explanation
QUESTION 39
The network operations center has received a call stating that users in VLAN 107 are unable to access resources through Router 1. From the information contained in the graphic, what is the cause of this problem?
A. VLAN 107 does not exist on switch A.
B. VTP is pruning VLAN 107
C. VLAN 107 is not configured on the trunk
D. spanning tree is not enabled on VLAN 107
Correct Answer: B Section: Examen C Explanation
Explanation/Reference:
QUESTION 40
Which two table types are CEF components?(Choose two.)
A. forwarding information base
B. adjacency tables
C. neighbor tables
D. caching tables E. route tables
Correct Answer: AB Section: Examen C Explanation
QUESTION 41
Which Cisco IOS command assigns a Catalyst switch port to VLAN 10?
A. switchport mode vlan 10
B. switchport trunk native 10
C. switchport access vlan 10
D. switchport mode access vlan 10
Correct Answer: C Section: Examen C Explanation
QUESTION 42
Which statement is true regarding the configuration of ISL trunks?
A. All Catalyst switches support ISL trunking.
B. A Catalyst switch will report giants if one side is configured for ISL while the other side is not.
C. ISL trunking requires that native VLANs match.
D. A Catalyst switch cannot have ISL and IEEE 802.1q trunks enabled.
Correct Answer: B Section: Examen C Explanation
QUESTION 43
Which three statements are true regarding the above diagram? (Choose three.)
A. A trunk link will be formed.
B. Only VLANs 1-1001 will travel across the trunk link.
C. The native VLAN for Switch B is vlan 1.
D. DTP is not running on Switch A.
E. DTP packets are sent from Switch B.
Correct Answer: ACE Section: Examen C Explanation
QUESTION 44
Which three statements about STP timers are true? (Choose three.)
A. STP timers values (hello, forward delay, max age) are included in each BPDU.
B. A switch is not concerned about its local configuration of the STP timers values. It will only consider the value of the STP timers contained in the BPDU it is receiving.
C. To successfully exchange BPDUs between two switches, their STP timers value (hello, forward delay, max age) must be the same.
D. If any STP timer value (hello, forward delay, max age) needs to be changed, it should at least be changed on the root bridge and backup root bridge.
E. On a switched network with a small network diameter, the STP hello timer can be tuned to a lower value to decrease the load on the switch CPU.
F. The root bridge passes the timer information in BPDUs to all routers in the Layer 3 configuration.
Correct Answer: ABD Section: Examen C Explanation
Explanation/Reference:
QUESTION 45
The lack of which two prevents VTP information from propagating between switches? (Choose two.)
A. VLAN 1
B. a trunk port
C. VTP priority
D. a root VTP server
Correct Answer: AB Section: Examen C Explanation
QUESTION 46
Refer to the exhibit. An administrator is verifying that a CEF FIB entry exists to destination network
192.168.150.0. Given the output generated by the show ip cef and show adjacency detail commands, which three statements are true? (Choose three.)
A. There is a valid CEF entry for the destination network 192.168.150.0.
B. The “valid cached adjacency” entry indicates that CEF will put all packets going to such an adjacency to the next best switching mode.
C. The counters (0 packets, 0 bytes) indicate a problem with the 192.168.199.3 next hop IP address.
D. There is an adjacency for the 192.168.199.3 next hop IP address.
E. The number 003071506800 is the MAC address of the 192.168.199.3 next hop IP address. F. The number 003071506800 is the MAC address of the source IP address.
Correct Answer: ADE Section: Examen C Explanation
Explanation/Reference:
Cisco 642-651 tests containing questions that cover all sides of tested subjects that help our members to be prepared and keep high level of professionalism.The main purpose of Cisco 642-651 exam is to provide high quality test that can secure and verify knowledge,give overview of question types and complexity that can be represented on real exam certification
Written by Ralph K. Merritt
We are here to help you study for Cisco certification exams. We know that the Cisco series (CCNP, CCDE, CCIE, CCNA, DevNet, Special and other certification exams are becoming more and more popular, and many people need them. In this era full of challenges and opportunities, we are committed to providing candidates with the most comprehensive and comprehensive Accurate exam preparation resources help them successfully pass the exam and realize their career dreams. The Exampass blog we established is based on the Pass4itsure Cisco exam dump platform and is dedicated to collecting the latest exam resources and conducting detailed classification. We know that the most troublesome thing for candidates during the preparation process is often the massive amount of learning materials and information screening. Therefore, we have prepared the most valuable preparation materials for candidates to help them prepare more efficiently. With our rich experience and deep accumulation in Cisco certification, we provide you with the latest PDF information and the latest exam questions. These materials not only include the key points and difficulties of the exam, but are also equipped with detailed analysis and question-answering techniques, allowing candidates to deeply understand the exam content and master how to answer questions. Our ultimate goal is to help you study for various Cisco certification exams, so that you can avoid detours in the preparation process and get twice the result with half the effort. We believe that through our efforts and professional guidance, you will be able to easily cope with exam challenges, achieve excellent results, and achieve both personal and professional improvement. In your future career, you will be more competitive and have broader development space because of your Cisco certification.
Recent Posts
- Cisco CCNA 200-301 Exam Latest Questions And Perspectives
- Most Accurate And Most Likely Cisco 400-007 Questions Sharing
- New CCNP ENCOR 350-401 Exam Questions And Experience Sharing
- Latest CCNP and CCIE Collaboration Certification 350-801 Exam Questions Online
- Prepare For The 350-601 Exam New Insights And The Latest Exam Questions To Share
2023 Pass4itsure Cisco dumps
Cisco CCDA Dumps
- 200-901 dumps (PDF+VCE)
Cisco CCDE Dumps
- 400-007 dumps (PDF+VCE)
Cisco CCDP Dumps
- 300-910 Dumps (PDF+VCE)
- 300-915 Dumps (PDF+VCE)
- 300-920 Dumps (PDF+VCE)
- 350-901 Dumps (PDF+VCE)
Cisco CCIT Dumps
- 100-490 Dumps (PDF+VCE)
Cisco CCNA Dumps
- 200-301 Dumps (PDF+VCE)
Cisco CCNP Dumps
- 350-401 Dumps (PDF+VCE)
- 300-410 Dumps (PDF+VCE)
- 300-415 Dumps (PDF+VCE)
- 300-420 Dumps (PDF+VCE)
- 300-425 Dumps (PDF+VCE)
- 300-430 Dumps (PDF+VCE)
- 300-435 Dumps (PDF+VCE)
- 350-501 Dumps (PDF+VCE)
- 300-510 Dumps (PDF+VCE)
- 300-515 Dumps (PDF+VCE)
- 300-535 Dumps (PDF+VCE)
- 350-601 Dumps (PDF+VCE)
- 300-610 Dumps (PDF+VCE)
- 300-615 Dumps (PDF+VCE)
- 300-620 Dumps (PDF+VCE)
- 300-625 Dumps (PDF+VCE)
- 300-630 Dumps (PDF+VCE)
- 300-635 Dumps (PDF+VCE)
- 350-701 Dumps (PDF+VCE)
- 300-710 Dumps (PDF+VCE)
- 300-715 Dumps (PDF+VCE)
- 300-720 Dumps (PDF+VCE)
- 300-725 Dumps (PDF+VCE)
- 300-730 Dumps (PDF+VCE)
- 300-735 Dumps (PDF+VCE)
- 350-801 Dumps (PDF+VCE)
- 300-810 Dumps (PDF+VCE)
- 300-815 Dumps (PDF+VCE)
- 300-820 Dumps (PDF+VCE)
- 300-825 Dumps (PDF+VCE)
- 300-835 Dumps (PDF+VCE)
Cisco CCT Dumps
- 010-151 Dumps (PDF+VCE)
Cisco CyberOps Associate dumps
- 200-201 Dumps (PDF+VCE)
Cisco CyberOps Professional dumps
- 300-215 Dumps (PDF+VCE)
- 350-201 Dumps (PDF+VCE)