1. Refer to the exhibit.

What are the possible port roles for ports A,

B, C, and D in this RSTP-enabled network?

CCNA 2 v7 SRWE Final Exam

Answers 13
o designated, alternate, root, root
o designated, root, alternate, root
o alternate, root, designated, root
o alternate, designated, root, root
Answers Explanation & Hints:
Because S1 is the root bridge, B is a designated port, and C and D root ports. RSTP suppor
discarding state, that can be port A in this scenario.

2. Refer to the exhibit. Which destination MAC address is used

when frames are sent from the workstation to the default
gateway?
 CCNA 2 v7 SRWE Final
Exam Answers 10
o MAC address of the virtual router
o MAC addresses of both the forwarding and standby routers
o MAC address of the standby router
o MAC address of the forwarding router
Answers Explanation & Hints:
The IP address of the virtual router acts as the default gateway for all the workstations. Th
returned by the Address Resolution Protocol to the workstation will be the MAC address of

3. What is a secure configuration option for remote access to a

network device?

o Configure SSH.
o Configure 802.1x.
o Configure an ACL and apply it to the VTY lines.
o Configure Telnet.
4. After a host has generated an IPv6 address by using the DHCPv6
or SLAAC process, how does the host verify that the address is
unique and therefore usable?
 o The host checks the local neighbor cache for the learned address and if the address
is not cached, it it considered unique.
o The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-
learned address and if no neighbor advertisement is returned, the address is
considered unique.
o The host sends an ICMPv6 echo request message to the DHCPv6 or SLAAC-learned
address and if no reply is returned, the address is considered unique.
o The host sends an ARP broadcast to the local link and if no hosts send a reply, the
address is considered unique.
Answers Explanation & Hints:
Before a host can actually configure and use an IPv6 address learned through SLAAC or DH
other host is already using that address. To verify that the address is indeed unique, the ho
solicitation to the address. If no neighbor advertisement is returned, the host considers the
configures it on the interface.

5. Refer to the exhibit. Host A has sent a packet to host B. What

will be the source MAC and IP addresses on the packet when it
arrives at host B?

CCNA 2 v7 SRWE Final Exam Answers 02

o Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.10
o Source MAC: 00E0.FE91.7799
Source IP: 10.1.1.1
o Source MAC: 00E0.FE10.17A3
Source IP: 10.1.1.10
o Source MAC: 00E0.FE10.17A3
Source IP: 192.168.1.1
o Source MAC: 00E0.FE91.7799
Source IP: 192.168.1.1
Explanation:
As a packet traverses the network, the Layer 2 addresses will change at every hop as the p
encapsulated, but the Layer 3 addresses will remain the same.
6. After attaching four PCs to the switch ports, configuring the
SSID and setting authentication properties for a small office
network, a technician successfully tests the connectivity of all
PCs that are connected to the switch and WLAN. A firewall is
then configured on the device prior to connecting it to the
Internet. What type of network device includes all of the
described features?

o standalone wireless access point

o firewall appliance
o switch
o wireless router
7. Which wireless encryption method is the most secure?

o WPA2 with AES

o WPA2 with TKIP
o WEP
o WPA
8. Match the description to the correct VLAN type. (Not all options
are used.)
 CCNA 2 v7
SRWE Final Exam Answers 003
Answers Explanation & Hints:
A data VLAN is configured to carry user-generated traffic. A default VLAN is the VLAN where all switch
boot up of a switch loading the default configuration. A native VLAN is assigned to an 802.1Q trunk p
placed on it. A management VLAN is any VLAN that is configured to access the management capabili
address and subnet mask are assigned to it, allowing the switch to be managed via HTTP, Telnet, SSH
9. Refer to the exhibit. A network administrator has connected two
switches together using EtherChannel technology. If STP is
running, what will be the end result?

CCNA 2 v7 SRWE Final Exam Answers 000

o The switches will load balance and utilize both EtherChannels to forward packets.
o Both port channels will shutdown.
o The resulting loop will create a broadcast storm.
o STP will block one of the redundant links.
Answers Explanation & Hints:
Cisco switches support two protocols for negotiating a channel between two switches: LAC
proprietary. In the topology shown, the switches are connected to each other using redund
on switch devices. STP will block redundant links to prevent loops.

10. What are three techniques for mitigating VLAN attacks?

(Choose three.)

o Enable BPDU guard.

o Set the native VLAN to an unused VLAN.
o Use private VLANs.
o Disable DTP.
o Enable Source Guard.
o Enable trunking manually.
Answers Explanation & Hints:
Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manu
and by setting the native VLAN of trunk links to VLANs not in use.

11. An administrator is trying to remove configurations from a

switch. After using the command erase startup-config and
reloading the switch, the administrator finds that VLANs 10 and
 100 still exist on the switch. Why were these VLANs not
removed?

o These VLANs cannot be deleted unless the switch is in VTP client mode.
o These VLANs can only be removed from the switch by using the no vlan 10 and no
vlan 100 commands.
o These VLANs are default VLANs that cannot be removed.
o Because these VLANs are stored in a file that is called vlan.dat that is located in
flash memory, this file must be manually deleted.
Answers Explanation & Hints:
Standard range VLANs (1-1005) are stored in a file that is called vlan.dat that is located in
configuration and reloading a switch does not automatically remove these VLANs. The vlan
from flash memory and then the switch must be reloaded.

12. Refer to the exhibit. Which static route would an IT technician

enter to create a backup route to the 172.16.1.0 network that is
only used if the primary RIP learned route fails?

CCNA 2 v7
SRWE Final Exam Answers 20
o ip route 172.16.1.0 255.255.255.0 s0/0/0
o ip route 172.16.1.0 255.255.255.0 s0/0/0 91
o ip route 172.16.1.0 255.255.255.0 s0/0/0 111
o ip route 172.16.1.0 255.255.255.0 s0/0/0 121
Answers Explanation & Hints:
A backup static route is called a floating static route. A floating static route has an adminis
administrative distance of another static route or dynamic route.
13. Refer to the exhibit. In addition to static routes directing
traffic to networks 10.10.0.0/16 and 10.20.0.0/16, Router HQ is
also configured with the following command: ip route 0.0.0.0
0.0.0.0 serial 0/1/1 What is the purpose of this command?

CCNA 2 v7 SRWE Final Exam Answers 05

o Packets from the 10.10.0.0/16 network will be forwarded to network 10.20.0.0/16,
and packets from the 10.20.0.0/16 network will be forwarded to network
10.10.0.0/16.
o Packets that are received from the Internet will be forwarded to one of the LANs
connected to R1 or R2.
o Packets with a destination network that is not 10.10.0.0/16 or is not 10.20.0.0/16 or
is not a directly connected network will be forwarded to the Internet.
o Packets that are destined for networks that are not in the routing table of HQ will
be dropped.
14. Refer to the exhibit. A network administrator is configuring
inter-VLAN routing on a network. For now, only one VLAN is
being used, but more will be added soon. What is the missing
parameter that is shown as the highlighted question mark in the
graphic?
 CCNA 2 v7 SRWE Final Exam Answers
04
o It identifies the number of hosts that are allowed on the interface.
o It identifies the type of encapsulation that is used.
o It identifies the subinterface.
o It identifies the native VLAN number.
o It identifies the VLAN number.
Answers Explanation & Hints:
The completed command would be encapsulation dot1q 7 . The encapsulation dot1q part o
and identifies the type of trunking to use. The 7 identifies the VLAN number.

15. Match the link state to the interface and protocol status. (Not
all options are used.)
 CCNA 2 v7 SRWE Final Exam Answers 002
Explanation:
The login and password cisco commands are used with Telnet switch configuration, not SSH configur

16. Refer to the exhibit. How is a frame sent from PCA forwarded
to PCC if the MAC address table on switch SW1 is empty?
 CCNA 2 v7 SRWE Final Exam Answers 07
o SW1 forwards the frame directly to SW2. SW2 floods the frame to all ports
connected to SW2, excluding the port through which the frame entered the switch.
o SW1 floods the frame on all ports on the switch, excluding the interconnected port
to switch SW2 and the port through which the frame entered the switch.
o SW1 drops the frame because it does not know the destination MAC address.
o SW1 floods the frame on all ports on SW1, excluding the port through which the
frame entered the switch.
Answers Explanation & Hints:
When a switch powers on, the MAC address table is empty. The switch builds the MAC add
MAC address of incoming frames. The switch forwards based on the destination MAC addre
switch has no entries in the MAC address table or if the destination MAC address is not in t
forward the frame out all ports except the port that brought the frame into the switch.

17. Match the DHCP message types to the order of the DHCPv4
process. (Not all options are used.)
 CCNA 2 SRWE v7 Modules 7 – 9 – Available and Reliable Networks Exam Answers 007
Answers Explanation & Hints:
The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the DHCPv4 se
DHCPDISCOVER message, it reserves an available IPv4 address to lease to the client and sends the u
to the requesting client. When the client receives the DHCPOFFER from the server, it sends back a DH
the DHCPREQUEST message the server replies with a unicast DHCPACK message. DHCPREPLY and DH
are DHCPv6 messages.

18. A network administrator is configuring a WLAN. Why would

the administrator disable the broadcast feature for the SSID?

o to reduce the risk of interference by external devices such as microwave ovens

o to reduce the risk of unauthorized APs being added to the network
o to provide privacy and integrity to wireless traffic by using encryption
o to eliminate outsiders scanning for available SSIDs in the area
19. Compared with dynamic routes, what are two advantages of
using static routes on a router? (Choose two.)

o They automatically switch the path to the destination network when the topology
changes.
o They improve the efficiency of discovering neighboring networks.
o They use fewer router resources.
o They improve network security.
 o They take less time to converge when the network topology changes.
20. Refer to the exhibit. Which route was configured as a static
route to a specific network using the next-hop address?

CCNA 2 v7 SRWE Final Exam Answers 17

o S 0.0.0.0/0 [1/0] via 10.16.2.2
o S 10.17.2.0/24 is directly connected, Serial 0/0/0
o C 10.16.2.0/24 is directly connected, Serial0/0/0
o S 10.17.2.0/24 [1/0] via 10.16.2.2
Explanation:
The C in a routing table indicates an interface that is up and has an IP address assigned. Th
a route was installed using the ip route command. Two of the routing table entries shown a
destination (the 10.17.2.0 network). The entry that has the S denoting a static route and [1
hop address. The other entry (S 10.17.2.0/24 is directly connected, Serial 0/0/0) is a static
interface. The entry with the 0.0.0.0 route is a default static route which is used to send pa
that is not specifically listed in the routing table.

21. Refer to the exhibit. What is the metric to forward a data

packet with the IPv6 destination address
2001:DB8:ACAD:E:240:BFF:FED4:9DD2?
 CCNA 2 v7 SRWE Final Exam Answers
03
o 90
o 128
o 2170112
o 2681856
o 2682112
o 3193856
Explanation:
The IPv6 destination address 2001:DB8:ACAD:E:240:BFF:FED4:9DD2 belongs to the networ
routing table, the route to forward the packet has Serial 0/0/1 as an exit interface and 268

22. A static route has been configured on a router. However, the

destination network no longer exists. What should an
administrator do to remove the static route from the routing
table?

o Remove the route using the no ip route command.

o Change the administrative distance for that route.
o Nothing. The static route will go away on its own.
o Change the routing metric for that route.
23. Which two statements are characteristics of routed ports on a
multilayer switch? (Choose two.)
 o In a switched network, they are mostly configured between switches at the core
and distribution layers.
o They are used for point-to-multipoint links.
o They are not associated with a particular VLAN.
o They support subinterfaces, like interfaces on the Cisco IOS routers.
o The interface vlan <vlan number> command has to be entered to create a VLAN
on routed ports.
24. Refer to the exhibit. After attempting to enter the
configuration that is shown in router RTA, an administrator
receives an error and users on VLAN 20 report that they are
unable to reach users on VLAN 30. What is causing the problem?

CCNA 2 v7 SRWE Final

Exam Answers 01
o The no shutdown command should have been issued on Fa0/0.20 and Fa0/0.30.
o There is no address on Fa0/0 to use as a default gateway.
o Dot1q does not support subinterfaces.
o RTA is using the same subnet for VLAN 20 and VLAN 30.
25. Refer to the exhibit. Which trunk link will not forward any
traffic after the root bridge election process is complete?
 CCNA 2 v7 SRWE Final
Exam Answers 14
o Trunk1
o Trunk2
o Trunk3
o Trunk4
26. A network administrator is preparing the implementation of
Rapid PVST+ on a production network. How are the Rapid PVST+
link types determined on the switch interfaces?

o Link types can only be determined if PortFast has been configured.

o Link types can only be configured on access ports configured with a single VLAN.
o Link types are determined automatically.
o Link types must be configured with specific port configuration commands.
Explanation:
When Rapid PVST+ is being implemented, link types are automatically determined but can
can be either point-to-point, shared, or edge.
27. Which two types of spanning tree protocols can cause
suboptimal traffic flows because they assume only one
spanning-tree instance for the entire bridged network? (Choose
two.)

o STP
o Rapid PVST+
 o MSTP
o PVST+
o RSTP
28. What action takes place when the source MAC address of a
frame entering a switch appears in the MAC address table
associated with a different port?

o The switch purges the entire MAC address table.

o The switch replaces the old entry and uses the more current port.
o The switch updates the refresh timer for the entry.
o The switch forwards the frame out of the specified port.
29. A network administrator configures the port security feature
on a switch. The security policy specifies that each access port
should allow up to two MAC addresses. When the maximum
number of MAC addresses is reached, a frame with the unknown
source MAC address is dropped and a notification is sent to the
syslog server. Which security violation mode should be
configured for each access port?

o warning
o restrict
o shutdown
o protect
30. Which network attack is mitigated by enabling BPDU guard?

o rogue switches on a network

o rogue DHCP servers on a network
o MAC address spoofing
o CAM table overflow attacks
Explanation:
There are several recommended STP stability mechanisms to help mitigate STP manipulati

 PortFast – used to immediately bring an interface configured as an access or tru

a blocking state. Applied to all end-user ports.
 BPDU guard – immediately error-disables a port that receives a BPDU. Applied to
BPDUs may be part of an unauthorized attempt to add a switch to the network.
 Root guard – prevents a switch from becoming the root switch. Applied to all por
be located.
 Loop guard – detects unidirectional links to prevent alternate or root ports from
to all ports that are or can become nondesignated.
31. A network administrator uses the spanning-tree portfast
bpduguard default global configuration command to enable
BPDU guard on a switch. However, BPDU guard is not activated
on all access ports. What is the cause of the issue?
 o PortFast is not configured on all access ports.
o Access ports belong to different VLANs.
o BPDU guard needs to be activated in the interface configuration command mode.
o Access ports configured with root guard cannot be configured with BPDU guard.
32. A new Layer 3 switch is connected to a router and is being
configured for interVLAN routing. What are three of the five
steps required for the configuration? (Choose three.) *

o creating SVI interfaces

o creating VLANs
o installing a static route
o adjusting the route metric
o implementing a routing protocol
o modifying the default VLAN
o assigning ports to VLANs
33. A company is deploying a wireless network in the distribution
facility in a Boston suburb. The warehouse is quite large and it
requires multiple access points to be used. Because some of the
company devices still operate at 2.4GHz, the network
administrator decides to deploy the 802.11g standard. Which
channel assignments on the multiple access points will make
sure that the wireless channels are not overlapping?

o channels 1, 6, and 11
o channels 2, 6, and 10
o channels 1, 5, and 9
o channels 1, 7, and 13
34. What method of wireless authentication is dependent on a
RADIUS authentication server?

o WEP
o WPA2 Enterprise
o WPA Personal
o WPA2 Personal
35. An administrator notices that large numbers of packets are
being dropped on one of the branch routers. What should be
done or checked?

o Create extra static routes to the same location with an AD of 1.

o Check the routing table for a missing static route.
o Create static routes to all internal networks and a default route to the internet.
o Check the statistics on the default route for oversaturation.
36. Match the step number to the sequence of stages that occur
during the HSRP failover process. (Not all options are used.)

CCNA 2 SRWE v7 Modules 7 – 9 – Available and Reliable Networks Exam Answers 005
Answers Explanation & Hints:
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow for trans
IPv4 device.

37. In which situation would a technician use the show interfaces

switch command?

o to determine if remote access is enabled

o when an end device can reach local devices, but not remote devices
o to determine the MAC address of a directly attached network device on a particular
interface
o when packets are being dropped from a particular directly attached host
Explanation:
The show interfaces command is useful to detect media errors, to see if packets are being
determine if any runts, giants, CRCs, interface resets, or other errors have occurred. Proble
network would likely be caused by a misconfigured default gateway or other routing issue,
address-table command shows the MAC address of a directly attached device.

38. Refer to the exhibit. If the IP addresses of the default

gateway router and the DNS server are correct, what is the
configuration problem?
 CCNA 2
v7 SRWE Final Exam Answers 08
o The default-router and dns-server commands need to be configured with subnet
masks.
o The DNS server and the default gateway router should be in the same subnet.
o The IP address of the DNS server is not contained in the excluded address list.
o The IP address of the default gateway router is not contained in the excluded
address list.
Explanation:
In this configuration, the excluded address list should include the address that is assigned
the command should be ip dhcp excluded-address 192.168.10.1 192.168.10.9.

39. Refer to the exhibit. A network administrator has added a

new subnet to the network and needs hosts on that subnet to
receive IPv4 addresses from the DHCPv4 server.

What two commands will allow hosts on the new subnet to

receive addresses from the DHCP4 server? (Choose two.)
 CCNA 2 v7
SRWE Final Exam Answers 19
o R2(config-if)# ip helper-address 10.2.0.250
o R1(config)# interface G0/1
o R1(config-if)# ip helper-address 10.2.0.250
o R1(config)# interface G0/0
o R1(config-if)# ip helper-address 10.1.0.254
o R2(config)# interface G0/0
40. Refer to the exhibit. R1 has been configured as shown.
However, PC1 is not able to receive an IPv4 address. What is the
problem?
 CCNA 2 v7 SRWE Final Exam Answers 09
o R1 is not configured as a DHCPv4 server.
o A DHCP server must be installed on the same LAN as the host that is receiving the
IP address.
o The ip helper-address command was applied on the wrong interface.
o The ip address dhcp command was not issued on the interface Gi0/1.
Explanation:
The ip helper-address command has to be applied on interface Gi0/0. This command must
LAN that contains the DHCPv4 client PC1 and must be directed to the correct DHCPv4 serv

41. What network attack seeks to create a DoS for clients by

preventing them from being able to obtain a DHCP lease?

o CAM table attack

o IP address spoofing
o DHCP spoofing
o DHCP starvation
Explanation:
DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DH
the attacker uses a tool that sends many DHCPDISCOVER messages in order to lease the e
thus denying them to legitimate hosts.

42. A cybersecurity analyst is using the macof tool to evaluate

configurations of switches deployed in the backbone network of
an organization. Which type of LAN attack is the analyst
targeting during this evaluation?
 o VLAN double-tagging
o MAC address table overflow
o VLAN hopping
o DHCP spoofing
43. Which information does a switch use to populate the MAC
address table?

o the source MAC address and the incoming port

o the destination MAC address and the incoming port
o the source MAC address and the outgoing port
o the source and destination MAC addresses and the outgoing port
o the source and destination MAC addresses and the incoming port
o the destination MAC address and the outgoing port
Explanation:
To maintain the MAC address table, the switch uses the source MAC address of the incomin
packets enter. The destination address is used to select the outgoing port.

44. Which statement describes a result after multiple Cisco LAN

switches are interconnected?

o There is one broadcast domain and one collision domain per switch.
o The broadcast domain expands to all switches.
o One collision domain exists per switch.
o Frame collisions increase on the segments connecting the switches.
Explanation:
In Cisco LAN switches, the microsegmentation makes it possible for each port to represent
switch port represents a separate collision domain. This fact will not change when multiple
However, LAN switches do not filter broadcast frames. A broadcast frame is flooded to all p
one big broadcast domain.

45. Match the forwarding characteristic to its type. (Not all

options are used.)
 CCNA 2 v7 SRWE Final Exam Answers 005
46. Which method of IPv6 prefix assignment relies on the prefix
contained in RA messages?

o EUI-64
o stateful DHCPv6
o static
o SLAAC
47. On a Cisco 3504 WLC Summary page ( Advanced >
Summary ), which tab allows a network administrator to
configure a particular WLAN with a WPA2 policy?
 o MANAGEMENT
o WLANs
o SECURITY
o WIRELESS
48. A network administrator of a small advertising company is
configuring WLAN security by using the WPA2 PSK method.
Which credential do office users need in order to connect their
laptops to the WLAN?

o a key that matches the key on the AP

o a username and password configured on the AP
o a user passphrase
o the company username and password through Active Directory service
49. What two default wireless router settings can affect network
security? (Choose two.)

CCNA 2 v7 SRWE Final Exam Answers 15

o The SSID is broadcast.
o MAC address filtering is enabled.
o WEP encryption is enabled.
o The wireless channel is automatically selected.
o A well-known administrator password is set.
Explanation:
Default settings on wireless routers often include broadcasting the SSID and using a well-k
Both of these pose a security risk to wireless networks. WEP encryption and MAC address fi
automatic selection of the wireless channel poses no security risks.

50. Refer to the exhibit. Based on the exhibited configuration and

output, why is VLAN 99 missing?
 CC
NA 2 v7 SRWE Final Exam Answers 21
o because there is a cabling problem on VLAN 99
o because VLAN 1 is up and there can only be one management VLAN on the switch
o because VLAN 99 has not yet been created
o because VLAN 99 is not a valid management VLAN
51. Which three pairs of trunking modes will establish a
functional trunk link between two Cisco switches? (Choose
three.)

o access – trunk
o dynamic auto – dynamic auto
o dynamic desirable – dynamic desirable
o dynamic desirable – dynamic auto
o dynamic desirable – trunk
o access – dynamic auto
52. Which three steps should be taken before moving a Cisco
switch to a new VTP management domain? (Choose three.)

o Reset the VTP counters to allow the switch to synchronize with the other switches
in the domain.
o Download the VTP database from the VTP server in the new domain.
o Select the correct VTP mode and version.
o Reboot the switch.
 o Configure the VTP server in the domain to recognize the BID of the new switch.
o Configure the switch with the name of the new management domain.
Explanation:
When adding a new switch to a VTP domain, it is critical to configure the switch with a new
mode, VTP version number, and password. A switch with a higher revision number can pro
valid VLANs thus preventing connectivity for multiple devices on the valid VLANs.

53. Select the three PAgP channel establishment modes. (Choose

three.)

o active
o passive
o desirable
o on
o auto
o blocking
54. Refer to the exhibit. Which static route command can be
entered on R1 to forward traffic to the LAN connected to R2?

CCN
A 2 v7 SRWE Final Exam Answers 11
o ipv6 route 2001:db8:12:10::/64 S0/0/0 fe80::2
o ipv6 route 2001:db8:12:10::/64 S0/0/1 fe80::2
o ipv6 route 2001:db8:12:10::/64 S0/0/1 2001:db8:12:10::1
o ipv6 route 2001:db8:12:10::/64 S0/0/0
55. Refer to the exhibit. R1 was configured with the static route
command ip route 209.165.200.224 255.255.255.224 S0/0/0 and
consequently users on network 172.16.0.0/16 are unable to
reach resources on the Internet. How should this static route be
changed to allow user traffic from the LAN to reach the Internet?
 CCNA 2 v7
SRWE Final Exam Answers 18
o Add the next-hop neighbor address of 209.165.200.226.
o Change the destination network and mask to 0.0.0.0 0.0.0.0.
o Change the exit interface to S0/0/1.
o Add an administrative distance of 254.
Explanation:
The static route on R1 has been incorrectly configured with the wrong destination network
network and mask is 0.0.0.0 0.0.0.0.

56. Refer to the exhibit. Currently router R1 uses an EIGRP route

learned from Branch2 to reach the 10.10.0.0/16 network. Which
floating static route would create a backup route to the
10.10.0.0/16 network in the event that the link between R1 and
Branch2 goes down?
 CCNA 2 v7
SRWE Final Exam Answers 16
o ip route 10.10.0.0 255.255.0.0 Serial 0/0/0 100
o ip route 10.10.0.0 255.255.0.0 209.165.200.226 100
o ip route 10.10.0.0 255.255.0.0 209.165.200.225 100
o ip route 10.10.0.0 255.255.0.0 209.165.200.225 50
Explanation:
A floating static route needs to have an administrative distance that is greater than the ad
route in the routing table. Router R1 is using an EIGRP route which has an administrative d
10.10.0.0/16 network. To be a backup route the floating static route must have an adminis
and have a next hop address corresponding to the serial interface IP address of Branch1.

57. Refer to the exhibit. A network engineer is configuring IPv6

routing on the network. Which command issued on router HQ
will configure a default route to the Internet to forward packets
to an IPv6 destination network that is not listed in the routing
table?
 CCNA 2 v7 SRWE Final Exam Answers 06
o ipv6 route ::/0 serial 0/1/1
o ipv6 route ::1/0 serial 0/1/1
o ipv6 route ::/0 serial 0/0/0
o ip route 0.0.0.0 0.0.0.0 serial 0/1/1
58. What protocol or technology uses a standby router to assume
packet-forwarding responsibility if the active router fails?

o HSRP
o EtherChannel
o VTP
o DTP
59. What is the effect of entering the ip arp inspection vlan 10
configuration command on a switch?

o It enables DHCP snooping globally on a switch.

o It specifies the maximum number of L2 addresses allowed on a port.
o It enables DAI on specific switch interfaces previously configured with DHCP
snooping.
o It globally enables BPDU guard on all PortFast-enabled ports.
60. Refer to the exhibit. A network administrator is reviewing the
configuration of switch S1. Which protocol has been
 implemented to group multiple physical ports into one logical
link?

CCNA 2 v7 SRWE Final Exam Answers 12

o DTP
o LACP
o PAgP
o STP
61. Successful inter-VLAN routing has been operating on a
network with multiple VLANs across multiple switches for some
time. When an inter-switch trunk link fails and Spanning Tree
Protocol brings up a backup trunk link, it is reported that hosts
on two VLANs can access some, but not all the network
resources that could be accessed previously. Hosts on all other
VLANS do not have this problem. What is the most likely cause
of this problem?

o The allowed VLANs on the backup link were not configured correctly.
o The protected edge port function on the backup trunk interfaces has been disabled.
o Dynamic Trunking Protocol on the link has failed.
o Inter-VLAN routing also failed when the trunk link failed.
62. Refer to the exhibit. An administrator is attempting to install
an IPv6 static route on router R1 to reach the network attached
to router R2. After the static route command is entered,
connectivity to the network is still failing. What error has been
made in the static route configuration?
 C
CNA 2 v7 SRWE Final Exam Answers 23
o The interface is incorrect.
o The next hop address is incorrect.
o The network prefix is incorrect.
o The destination network is incorrect.
Answers Explanation & Hints:
In this example the interface in the static route is incorrect. The interface should be the ex

63. What protocol or technology uses source IP to destination IP

as a load-balancing mechanism?

o EtherChannel
o VTP
o STP
o DTP
64. Refer to the exhibit. Router R1 has an OSPF neighbor
relationship with the ISP router over the 192.168.0.32 network.
The 192.168.0.36 network link should serve as a backup when
the OSPF link goes down. The floating static route command ip
route 0.0.0.0 0.0.0.0 S0/0/1 100 was issued on R1 and now traffic
is using the backup link even when the OSPF link is up and
functioning. Which change should be made to the static route
command so that traffic will only use the OSPF link when it is
up?
 CCNA 2 v7 SRWE
Final Exam Answers 24
o Change the administrative distance to 120.
o Change the administrative distance to 1.
o Add the next hop neighbor address of 192.168.0.36.
o Change the destination network to 192.168.0.34.
Answers Explanation & Hints:
The problem with the current floating static route is that the administrative distance is set
distance will need to be higher than that of OSPF, which is 110, so that the router will only

65. Which type of static route is configured with a greater

administrative distance to provide a backup route to a route
learned from a dynamic routing protocol?

o standard static route

o default static route
o floating static route
o summary static route
Explanation:
There are four basic types of static routes. Floating static routes are backup routes that are
primary route is lost. A summary static route aggregates several routes into one, reducing
static routes are manually entered routes into the routing table. Default static routes creat

66. Which option shows a correctly configured IPv4 default static

route?

o ip route 0.0.0.0 0.0.0.0 S0/0/0

o ip route 0.0.0.0 255.0.0.0 S0/0/0
o ip route 0.0.0.0 255.255.255.0 S0/0/0
o ip route 0.0.0.0 255.255.255.255 S0/0/0
Explanation:
 The static route ip route 0.0.0.0 0.0.0.0 S0/0/0 is considered a default static route and will

67. Which command will start the process to bundle two physical
interfaces to create an EtherChannel group via LACP?

o channel-group 2 mode auto

o channel-group 1 mode desirable
o interface port-channel 2
o interface range GigabitEthernet 0/4 – 5
Answers Explanation & Hints:
To specify the interfaces in an EtherChannel group, use the interface range interface globa
range of interfaces used. The interface range GigabitEthernet 0/4 – 5 command is the corre
interfaces for the EtherChannel group.

68. What would be the primary reason an attacker would launch a

MAC address overflow attack?

o so that the attacker can execute arbitrary code on the switch

o so that the switch stops forwarding traffic
o so that the attacker can see frames that are destined for other hosts
o so that legitimate hosts cannot obtain a MAC address
69. What is a method to launch a VLAN hopping attack?

o introducing a rogue switch and enabling trunking

o flooding the switch with MAC addresses
o sending spoofed IP addresses from the attacking host
o sending spoofed native VLAN information
70. Refer to the exhibit. All the displayed switches are Cisco 2960
switches with the same default priority and operating at the
same bandwidth. Which three ports will be STP designated
ports? (Choose three.)
 CCNA 2 v7 SRWE Final Exam Answers
25
o fa0/21
o fa0/10
o fa0/13
o fa0/9
o fa0/20
o fa0/11
71. What is the common term given to SNMP log messages that
are generated by network devices and sent to the SNMP server?

o traps
o auditing
o acknowledgments
o warnings
72. A technician is troubleshooting a slow WLAN and decides to
use the split-the-traffic approach. Which two parameters would
have to be configured to do this? (Choose two.)

o Configure the 2.4 GHz band for basic internet traffic that is not time sensitive.
o Configure the security mode to WPA Personal TKIP/AES for both networks.
o Configure the security mode to WPA Personal TKIP/AES for one network and WPA2
Personal AES for the other network
o Configure a common SSID for both split networks.
o Configure the 5 GHz band for streaming multimedia and time sensitive traffic.
73. A company security policy requires that all MAC addressing
be dynamically learned and added to both the MAC address
table and the running configuration on each switch. Which port
security configuration will accomplish this?

o auto secure MAC addresses

o dynamic secure MAC addresses
 o static secure MAC addresses
o sticky secure MAC addresses
Answers Explanation & Hints:
With sticky secure MAC addressing, the MAC addresses can be either dynamically learned
stored in the address table and added to the running configuration file. In contrast, dynam
for dynamically learned MAC addressing that is stored only in the address table.

74. What is the IPv6 prefix that is used for link-local addresses?

o FE80::/10
o FF01::/8
o FC00::/7
o 2001::/3
75. What action takes place when a frame entering a switch has a
unicast destination MAC address that is not in the MAC address
table?

o The switch resets the refresh timer on all MAC address table entries.
o The switch updates the refresh timer for the entry.
o The switch replaces the old entry and uses the more current port.
o The switch will forward the frame out all ports except the incoming port.
76. A new switch is to be added to an existing network in a
remote office. The network administrator does not want the
technicians in the remote office to be able to add new VLANs to
the switch, but the switch should receive VLAN updates from the
VTP domain. Which two steps must be performed to configure
VTP on the new switch to meet these conditions? (Choose two.)

o Configure the existing VTP domain name on the new switch.

o Configure all ports of both switches to access mode.
o Enable VTP pruning.
o Configure an IP address on the new switch.
o Configure the new switch as a VTP client.
77. Refer to the exhibit. Which three hosts will receive ARP
requests from host A, assuming that port Fa0/4 on both switches
is configured to carry traffic for multiple VLANs? (Choose three.)
 CCNA 2 v7
SRWE Final Exam Answers 27
o host F
o host B
o host D
o host G
o host C
o host E
Explanation:
ARP requests are sent out as broadcasts. That means the ARP request is sent only through
will only hear ARP requests from hosts on VLAN 1. VLAN 2 hosts will only hear ARP request

78. A technician is configuring a router for a small company with

multiple WLANs and doesn’t need the complexity of a dynamic
routing protocol. What should be done or checked?

o Check the configuration on the floating static route and adjust the AD.
o Create a floating static route to that network.
o Verify that there is not a default route in any of the edge router routing tables.
o Create static routes to all internal networks and a default route to the internet.
79. Which two functions are performed by a WLC when using split
media access control (MAC)? (Choose two.)

o packet acknowledgments and retransmissions

o frame translation to other protocols
o association and re-association of roaming clients
o beacons and probe responses
 o frame queuing and packet prioritization
80. Refer to the exhibit. A network administrator configured
routers R1 and R2 as part of HSRP group 1. After the routers
have been reloaded, a user on Host1 complained of lack of
connectivity to the Internet The network administrator issued
the show standby brief command on both routers to verify the
HSRP operations. In addition, the administrator observed the
ARP table on Host1. Which entry should be seen in the ARP table
on Host1 in order to gain connectivity to the Internet?

CCNA 2
v7 SRWE Final Exam Answers 28
o the IP address and the MAC address of R1
o the virtual IP address of the HSRP group 1 and the MAC address of R1
o the virtual IP address of the HSRP group 1 and the MAC address of R2
o the virtual IP address and the virtual MAC address for the HSRP group 1
Explanation:
Hosts will send an ARP request to the default gateway which is the virtual IP address. ARP
contain the virtual MAC address. The host ARP tables will contain a mapping of the virtual
81. A network administrator is configuring a new Cisco switch for
remote management access. Which three items must be
configured on the switch for the task? (Choose three.)

o IP address
o default gateway
o default VLAN
o vty lines
o VTP domain
o loopback address
Explanation:
To enable the remote management access, the Cisco switch must be configured with an IP
addition, vty lines must configured to enable either Telnet or SSH connections. A loopback
domain configurations are not necessary for the purpose of remote switch management.

82. Refer to the exhibit. What can be concluded about the

configuration shown on R1?

CCNA 2 v7 SRWE Final Exam

Answers 26
o R1 is configured as a DHCPv4 relay agent.
o R1 will send a message to a local DHCPv4 client to contact a DHCPv4 server at
10.10.10.8.
o R1 will broadcast DHCPv4 requests on behalf of local DHCPv4 clients.
o R1 is operating as a DHCPv4 server.
83. What action does a DHCPv4 client take if it receives more
than one DHCPOFFER from multiple DHCP servers?

o It sends a DHCPREQUEST that identifies which lease offer the client is accepting.
o It sends a DHCPNAK and begins the DHCP process over again.
o It accepts both DHCPOFFER messages and sends a DHCPACK.
o It discards both offers and sends a new DHCPDISCOVER.
84. What protocol should be disabled to help mitigate VLAN
attacks?

o STP
o CDP
o DTP
o ARP
85. Why is DHCP snooping required when using the Dynamic ARP
Inspection feature?

o It uses the MAC address table to verify the default gateway IP address.
o It redirects ARP requests to the DHCP server for verification.
o It relies on the settings of trusted and untrusted ports set by DHCP snooping.
o It uses the MAC-address-to-IP-address binding database to validate an ARP packet.
Explanation:
DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and buil
tuples (MAC address, IP address, VLAN interface).

When DAI is enabled, the switch drops ARP packet if the sender MAC address and sender IP
the DHCP snooping bindings database. However, it can be overcome through static mappin
when hosts configure static IP addresses, DHCP snooping cannot be run, or other switches
ARP inspection. A static mapping associates an IP address to a MAC address on a VLAN.

86. To obtain an overview of the spanning tree status of a

switched network, a network engineer issues the show
spanning-tree command on a switch. Which two items of
information will this command display? (Choose two.)

o The role of the ports in all VLANs.

o The root bridge BID.
o The number of broadcasts received on each root port.
o The IP address of the management VLAN interface.
o The status of native VLAN ports.
87. A WLAN engineer deploys a WLC and five wireless APs using
the CAPWAP protocol with the DTLS feature to secure the
control plane of the network devices. While testing the wireless
network, the WLAN engineer notices that data traffic is being
exchanged between the WLC and the APs in plain-text and is not
being encrypted. What is the most likely reason for this?

o DTLS only provides data security through authentication and does not provide
encryption for data moving between a wireless LAN controller (WLC) and an access
point (AP).
 o Data encryption requires a DTLS license to be installed on each access point (AP)
prior to being enabled on the wireless LAN controller (WLC).
o Although DTLS is enabled by default to secure the CAPWAP control channel, it is
disabled by default for the data channel.
o DTLS is a protocol that only provides security between the access point (AP) and
the wireless client.
Explanation:
DTLS is a protocol which provides security between the AP and the WLC. It allows them to
prevents eavesdropping or tampering.
DTLS is enabled by default to secure the CAPWAP control channel but is disabled by defaul
management and control traffic exchanged between an AP and WLC is encrypted and secu
plane privacy and prevent Man-In-the-Middle (MITM) attacks.

88. Refer to the exhibit. The network administrator configures

both switches as displayed. However, host C is unable to ping
host D and host E is unable to ping host F. What action should
the administrator take to enable this communication?

CCNA 2 v7 SRWE Final Exam Answers 29

o Associate hosts A and B with VLAN 10 instead of VLAN 1.
o Configure either trunk port in the dynamic desirable mode.
o Add the switchport nonegotiate command to the configuration of SW2.
o Include a router in the topology.
o Remove the native VLAN from the trunk.
89. What action takes place when the source MAC address of a
frame entering a switch is not in the MAC address table?

o The switch replaces the old entry and uses the more current port.
o The switch adds a MAC address table entry for the destination MAC address and the
egress port.
o The switch updates the refresh timer for the entry.
o The switch adds the MAC address and incoming port number to the table.
90. A technician is configuring a wireless network for a small
business using a SOHO wireless router. Which two
authentication methods are used, if the router is configured with
WPA2? (Choose two.) **

o AES
o TKIP
o personal
o WEP
o enterprise
91. A network administrator is adding a new WLAN on a Cisco
3500 series WLC. Which tab should the administrator use to
create a new VLAN interface to be used for the new WLAN?

o WLANs
o CONTROLLER
o WIRELESS
o MANAGEMENT
92. Refer to the exhibit. Which two conclusions can be drawn
from the output? (Choose two.)
 CCNA 2
v7 SRWE Final Exam Answers 30
o The port channel ID is 2.
o The bundle is fully operational.
o The port channel is a Layer 3 channel.
o The load-balancing method used is source port to destination port.
o The EtherChannel is down.
93. Which three statements accurately describe duplex and speed
settings on Cisco 2960 switches? (Choose three.)

o By default, the speed is set to 100 Mb/s and the duplex mode is set to
autonegotiation.
o An autonegotiation failure can result in connectivity issues.
o The duplex and speed settings of each switch port can be manually configured.
o When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex
mode.
o By default, the autonegotiation feature is disabled.
o Enabling autonegotiation on a hub will prevent mismatched port speeds when
connecting the hub to the switch.
94. Refer to the exhibit. A Layer 3 switch routes for three VLANs
and connects to a router for Internet connectivity. Which two
configurations would be applied to the switch? (Choose two.)
 CCNA 2 v7 SRWE Final Exam Answers 31
o (config)# interface fastethernet0/4
(config-if)# switchport mode trunk
o (config)# interface vlan 1
(config-if)# ip address 192.168.1.2 255.255.255.0
(config-if)# no shutdown
o (config)# ip routing
o (config)# interface gigabitethernet 1/1
(config-if)# no switchport
(config-if)# ip address 192.168.1.2 255.255.255.252
o (config)# interface gigabitethernet1/1
(config-if)# switchport mode trunk
95. Refer to the exhibit. Consider that the main power has just
been restored. PC3 issues a broadcast IPv4 DHCP request. To
which port will SW1 forward this request?
 CCNA 2 v7 SRWE Final Exam
Answers 32
o to Fa0/1 only
o to Fa0/1, Fa0/2, and Fa0/4 only
o to Fa0/1, Fa0/2, Fa0/3, and Fa0/4
o to Fa0/1, Fa0/2, and Fa0/3 only
o to Fa0/1 and Fa0/2 only
96. Which statement is correct about how a Layer 2 switch
determines how to forward frames?

o Only frames with a broadcast destination address are forwarded out all active
switch ports.
o Frame forwarding decisions are based on MAC address and port mappings in the
CAM table.
o Cut-through frame forwarding ensures that invalid frames are always dropped.
o Unicast frames are always forwarded regardless of the destination MAC address.
Explanation:
Cut-through frame forwarding reads up to only the first 22 bytes of a frame, which exclude
thus invalid frames may be forwarded. In addition to broadcast frames, frames with a dest
the CAM are also flooded out all active ports. Unicast frames are not always forwarded. Re
MAC address that is associated with the switch port on which it is received are not forward
on the network segment connected to that port.
97. Employees are unable to connect to servers on one of the
internal networks. What should be done or checked?

o Use the “show ip interface brief” command to see if an interface is down.

o Verify that there is not a default route in any of the edge router routing tables.
o Check the statistics on the default route for oversaturation.
o Create static routes to all internal networks and a default route to the internet.
98. What protocol or technology requires switches to be in server
mode or client mode?

o VTP
o EtherChannel
o HSRP
o DTP
99. What is the effect of entering the shutdown configuration
command on a switch?

o It disables an unused port.

o It enables portfast on a specific switch interface.
o It disables DTP on a non-trunking interface.
o It enables BPDU guard on a specific port.
100. What else is required when configuring an IPv6 static route
using a next-hop link-local address? **

o network number and subnet mask on the interface of the neighbor router
o ip address of the neighbor router
o interface number and type
o administrative distance
101. A junior technician was adding a route to a LAN router. A
traceroute to a device on the new network revealed a wrong
path and unreachable status. What should be done or checked?

o Verify that there is not a default route in any of the edge router routing tables.
o Create a floating static route to that network.
o Check the configuration on the floating static route and adjust the AD.
o Check the configuration of the exit interface on the new static route.
102. A network engineer is troubleshooting a newly deployed
wireless network that is using the latest 802.11 standards.
When users access high bandwidth services such as streaming
video, the wireless network performance is poor. To improve
performance the network engineer decides to configure a 5 Ghz
frequency band SSID and train users to use that SSID for
 streaming media services. Why might this solution improve the
wireless network performance for that type of service?

o The 5 GHz band has more channels and is less crowded than the 2.4 GHz band,
which makes it more suited to streaming multimedia.
o The only users that can switch to the 5 GHz band will be those with the latest
wireless NICs, which will reduce usage.
o Requiring the users to switch to the 5 GHz band for streaming media is
inconvenient and will result in fewer users accessing these services.
o The 5 GHz band has a greater range and is therefore likely to be interference-free.
Answers Explanation & Hints:
Wireless range is determined by the access point antenna and output power, not the frequ
scenario it is stated that all users have wireless NICs that comply with the latest standard,
band. Although some users may find it inconvenient to switch to the 5 Ghz band to access
number of channels, not just fewer users, that will improve network performance.

103. On what switch ports should BPDU guard be enabled to

enhance STP stability?

o only ports that are elected as designated ports

o only ports that attach to a neighboring switch
o all PortFast-enabled ports
o all trunk ports that are not root ports
104. How will a router handle static routing differently if Cisco
Express Forwarding is disabled?

o Serial point-to-point interfaces will require fully specified static routes to avoid
routing inconsistencies.
o It will not perform recursive lookups.
o Static routes that use an exit interface will be unnecessary.
o Ethernet multiaccess interfaces will require fully specified static routes to avoid
routing inconsistencies.
105. What protocol or technology allows data to transmit over
redundant switch links?

o STP
o VTP
o EtherChannel
o DTP
106. A PC has sent an RS message to an IPv6 router attached to
the same network. Which two pieces of information will the
router send to the client? (Choose two.)

o prefix
 o domain name
o subnet mask in dotted decimal notation
o administrative distance
o DNS server IP address
o prefix length
Answers Explanation & Hints:
Router is part of the IPv6 all-routers group and received the RS message. It generates an R
prefix and prefix length (e.g., 2001:db8:acad:1::/64)

107. Which two VTP modes allow for the creation, modification,
and deletion of VLANs on the local switch? (Choose two.)

o distribution
o master
o server
o client
o transparent
o slave
108. Refer to the exhibit. What will router R1 do with a packet that
has a destination IPv6 address of 2001:db8:cafe:5::1?

CyberOps Associate (Version 1.0) – CyberOps Associate 1.0 Practice Final Exam Answers 02
o forward the packet out GigabitEthernet0/0
o forward the packet out Serial0/0/0
 o forward the packet out GigabitEthernet0/1
o drop the packet
Answers Explanation & Hints:
The route ::/0 is the compressed form of the 0000:0000:0000:0000:0000:0000:0000:0000/
used if a more specific route is not found in the routing table.

109. What is a drawback of the local database method of securing

device access that can be solved by using AAA with centralized
servers?

o There is no ability to provide accountability.

o It is very susceptible to brute-force attacks because there is no username.
o The passwords can only be stored in plain text in the running configuration.
o User accounts must be configured locally on each device, which is an unscalable
authentication solution.
Answers Explanation & Hints:
The local database method of securing device access utilizes usernames and passwords th
router. This allows administrators to keep track of who logged in to the device and when. T
encrypted in the configuration. However, the account information must be configured on e
should have access, making this solution very difficult to scale.

110. Which three Wi-Fi standards operate in the 2.4GHz range of

frequencies? (Choose three.)

o 802.11ac
o 802.11a
o 802.11n
o 802.11b
o 802.11g
111. Which command will create a static route on R2 in order to
reach PC B?
 CCNA 2 v7 SRWE
Final Exam Answers 34
o R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.2.254
o R2(config)# ip route 172.16.2.0 255.255.255.0 172.16.3.1
o R2(config)# ip route 172.16.2.1 255.255.255.0 172.16.3.1
o R2(config)# ip route 172.16.3.0 255.255.255.0 172.16.2.254
Answers Explanation & Hints:
The correct syntax is:
router(config)# ip route destination-network destination-mask {next-hop-ip-address | exit-
If the local exit interface instead of the next-hop IP address is used then the route will be d
route instead of a static route in the routing table. Because the network to be reached is 1
address is 172.16.3.1, the command is R2(config)# ip route 172.16.2.0 255.255.255.0 172

112. What is the effect of entering the switchport mode access

configuration command on a switch?

o It disables DTP on a non-trunking interface.

o It disables an unused port.
o It manually enables a trunk link.
o It enables BPDU guard on a specific port.
113. Refer to the exhibit. Which statement shown in the output
allows router R1 to respond to stateless DHCPv6 requests?
 CCNA 2 v7 SRWE Final
Exam Answers 35
o ipv6 nd other-config-flag
o ipv6 dhcp server LAN1
o prefix-delegation 2001:DB8:8::/48 00030001000E84244E70
o ipv6 unicast-routing
o dns-server 2001:DB8:8::8
Answers Explanation & Hints:
The interface command ipv6 nd other-config-flag allows RA messages to be sent on this in
information is available from a stateless DHCPv6 server.

114. Refer to the exhibit. The network administrator is configuring

the port security feature on switch SWC. The administrator
issued the command show port-security interface fa 0/2 to verify
the configuration. What can be concluded from the output that
is shown? (Choose three.)

CCNA 2 v7 SRWE Final Exam Answers

36
o The port is configured as a trunk link.
 o This port is currently up.
o The switch port mode for this interface is access mode.
o Three security violations have been detected on this interface.
o There is no device currently connected to this port.
o Security violations will cause this port to shut down immediately.
115. What are two reasons a network administrator would
segment a network with a Layer 2 switch? (Choose two.)

o to isolate ARP request messages from the rest of the network

o to create more broadcast domains
o to enhance user bandwidth
o to eliminate virtual circuits
o to create fewer collision domains
o to isolate traffic between segments
Answers Explanation & Hints:
A switch has the ability of creating temporary point-to-point connections between the direc
receiving network devices. The two devices have full-bandwidth full-duplex connectivity du

116. What action takes place when a frame entering a switch has a
unicast destination MAC address appearing in the MAC address
table?

o The switch resets the refresh timer on all MAC address table entries.
o The switch forwards the frame out of the specified port.
o The switch updates the refresh timer for the entry.
o The switch will forward the frame out all ports except the incoming port.
117. A network administrator is using the router-on-a-stick model
to configure a switch and a router for inter-VLAN routing. What
configuration should be made on the switch port that connects
to the router?

o Configure the port as a trunk port and assign it to VLAN1.

o Configure it as a trunk port and allow only untagged traffic.
o Configure the port as an 802.1q trunk port.
o Configure the port as an access port and a member of VLAN1.
Answers Explanation & Hints:
The port on the switch that connects to the router interface should be configured as a trun
port, it does not belong to any particular VLAN and will forward traffic from various VLANs.

118. What is the effect of entering the switchport port-security

configuration command on a switch?

o It enables port security globally on the switch.

o It dynamically learns the L2 address and copies it to the running configuration.
 o It restricts the number of discovery messages, per second, to be received on the
interface.
o It enables port security on an interface.
119. Users on a LAN are unable to get to a company web server
but are able to get elsewhere. What should be done or checked?

o Ensure that the old default route has been removed from the company edge
routers.
o Verify that the static route to the server is present in the routing table.
o Create a floating static route to that network.
o Check the configuration on the floating static route and adjust the AD.
120. Refer to the exhibit. A network administrator is configuring
the router R1 for IPv6 address assignment. Based on the partial
configuration, which IPv6 global unicast address assignment
scheme does the administrator intend to implement?

CCNA 2 v7 SRWE Final Exam Answers 37

o manual configuration
o stateful
o stateless
o SLAAC
121. Match the step to each switch boot sequence description.
(Not all options are used.)
CCNA 2 v7 SRWE Final Exam Answers 006
Answers Explanation & Hints:
The steps are:
1. execute POST
2. load the boot loader from ROM
 3. CPU register initializations
4. flash file system initialization
5. load the IOS
6. transfer switch control to the IOS

122. What protocol or technology disables redundant paths to

eliminate Layer 2 loops?

o EtherChannel
o DTP
o STP
o VTP
123. During the AAA process, when will authorization be
implemented?

o immediately after the determination of which resources a user can access

o immediately after an AAA client sends authentication information to a centralized
server
o immediately after AAA accounting and auditing receives detailed reports
o immediately after successful authentication against an AAA data source
Answers Explanation & Hints:
AAA authorization is implemented immediately after the user is authenticated against a sp

124. Which two protocols are used to provide server-based AAA

authentication? (Choose two.)

o TACACS+
o RADIUS
o SNMP
o 802.1x
o SSH