CCNA2 Chapter 2 Exam (v5.03) 2016

Last Updated on April 3, 2018 by Admin

CCNA2 Chapter 2 Exam Answer 2016 v5.03

1. Which interface is the default location that would contain the IP address used to manage a 24-port Ethernet switch?

   • VLAN 1
   • Fa0/0
   • Fa0/1
   • interface connected to the default gateway
   • VLAN 99

2. A production switch is reloaded and finishes with a Switch> prompt. What two facts can be determined? (Choose two.)

   • POST occurred normally.
   • The boot process was interrupted.
   • There is not enough RAM or flash on this router.
   • A full version of the Cisco IOS was located and loaded.
   • The switch did not locate the Cisco IOS in flash, so it defaulted to ROM.

3. Which two statements are true about using full-duplex Fast Ethernet? (Choose two.)

   • Performance is improved with bidirectional data flow.
   • Latency is reduced because the NIC processes frames faster.
   • Nodes operate in full-duplex with unidirectional data flow.
   • Performance is improved because the NIC is able to detect collisions.
   • Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.

 

4. Which statement describes the port speed LED on the Cisco Catalyst 2960 switch?

   • If the LED is green, the port is operating at 100 Mb/s.
   • If the LED is off, the port is not operating.
   • If the LED is blinking green, the port is operating at 10 Mb/s.
   • If the LED is amber, the port is operating at 1000 Mb/s.

5. What is a function of the switch boot loader?

   • to speed up the boot process
   • to provide security for the vulnerable state when the switch is booting
   • to control how much RAM is available to the switch during the boot process
   • to provide an environment to operate in when the switch operating system cannot be found

6. In which situation would a technician use the show interfaces switch command?

   • to determine if remote access is enabled
   • when packets are being dropped from a particular directly attached host
   • when an end device can reach local devices, but not remote devices
   • to determine the MAC address of a directly attached network device on a particular interface

7. Refer to the exhibit. A network technician is troubleshooting connectivity issues in an Ethernet network with the command show interfaces fastEthernet 0/0. What conclusion can be drawn based on the partial output in the exhibit?

   

   CCNA2 Chapter 2 v5.03 004

   • All hosts on this network communicate in full-duplex mode.
   • Some workstations might use an incorrect cabling type to connect to the network.
   • There are collisions in the network that cause frames to occur that are less than 64 bytes in length.
   • A malfunctioning NIC can cause frames to be transmitted that are longer than the allowed maximum length.

8. Refer to the exhibit. The network administrator wants to configure Switch1 to allow SSH connections and prohibit Telnet connections. How should the network administrator change the displayed configuration to satisfy the requirement?

   

   CCNA2 Chapter 2 v5.03 001

   • Use SSH version 1.
   • Reconfigure the RSA key.
   • Configure SSH on a different line.
   • Modify the transport input command.

 

9. What is one difference between using Telnet or SSH to connect to a network device for management purposes?

   • Telnet uses UDP as the transport protocol whereas SSH uses TCP.
   • Telnet does not provide authentication whereas SSH provides authentication.
   • Telnet supports a host GUI whereas SSH only supports a host CLI.
   • Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.

10. In which type of attack does a malicious node request all available IP addresses in the address pool of a DHCP server in order to prevent legitimate hosts from obtaining network access?

    • CAM table overflow
    • MAC address flooding
    • DHCP starvation
    • DHCP spoofing

11. Which method would mitigate a MAC address flooding attack?

    • increasing the size of the CAM table
    • configuring port security
    • using ACLs to filter broadcast traffic on the switch
    • increasing the speed of switch ports

12. Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.)

    • port security
    • extended ACL
    • DHCP snooping
    • DHCP server failover
    • strong password on DHCP servers

13. Which two basic functions are performed by network security tools? (Choose two.)

    • revealing the type of information an attacker is able to gather from monitoring network traffic
    • educating employees about social engineering attacks
    • simulating attacks against the production network to determine any existing vulnerabilities
    • writing a security policy document for protecting networks
    • controlling physical access to user devices

 

14. An administrator wants to use a network security auditing tool on a switch to verify which ports are not protected against a MAC flooding attack. For the audit to be successful, what important factor must the administrator consider?

    • if the CAM table is empty before the audit is started
    • if all the switch ports are operational at the same speed
    • if the number of valid MAC addresses and spoofed MAC addresses is the same
    • the aging-out period of the MAC address table

15. Which action will bring an error-disabled switch port back to an operational state?

    • Remove and reconfigure port security on the interface.
    • Issue the switchport mode access command on the interface.
    • Clear the MAC address table on the switch.
    • Issue the shutdown and then no shutdown interface commands.

16. Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator has the following goals?

    

    CCNA2 Chapter 2 v5.03 002

    • SWA(config-if)# switchport port-security
      SWA(config-if)# switchport port-security mac-address sticky
    • SWA(config-if)# switchport port-security mac-address sticky
      SWA(config-if)# switchport port-security maximum 2
    • SWA(config-if)# switchport port-security
      SWA(config-if)# switchport port-security maximum 2
      SWA(config-if)# switchport port-security mac-address sticky
    • SWA(config-if)# switchport port-security
      SWA(config-if)# switchport port-security maximum 2
      SWA(config-if)# switchport port-security mac-address sticky
      SWA(config-if)# switchport port-security violation restrict

17. Which two statements are true regarding switch port security? (Choose two.)

    • The three configurable violation modes all log violations via SNMP.
    • Dynamically learned secure MAC addresses are lost when the switch reboots.
    • The three configurable violation modes all require user intervention to re-enable ports.
    • After entering the sticky parameter, only MAC addresses subsequently learned are converted to secure MAC addresses.
    • If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.

 

18. A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

    • restrict
    • protect
    • warning
    • shutdown

19. Refer to the exhibit. What can be determined about port security from the information that is shown?

    

    CCNA2 Chapter 2 v5.03 003

    • The port has been shut down.
    • The port has two attached devices.
    • The port violation mode is the default for any port that has port security enabled.
    • The port has the maximum number of MAC addresses that is supported by a Layer 2 switch port which is configured for port security.

20. Match the step to each switch boot sequence description. (Not all options are used.)

    • Question
      

      CCNA2 Chapter 2 v5.03 Question 001

    • Answer
      

      CCNA2 Chapter 2 v5.03 Answer 001

21. Match the link state to the interface and protocol status. (Not all options are used.)

    • Question
      

      CCNA2 Chapter 2 v5.03 Question 002

    • Answer
      

      CCNA2 Chapter 2 v5.03 Answer 002

22. Identify the steps needed to configure a switch for SSH. The answer order does not matter. (Not all options are used.)

    • Question
      

      CCNA2 Chapter 2 v5.03 Question 003

    • Answer
      

      CCNA2 Chapter 2 v5.03 Answer 003

23. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

    Fill in the blank.

    Do not use abbreviations.What is the missing command on S1?

    • ip address 192.168.99.2 255.255.255.0

24. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.

    Which event will take place if there is a port security violation on switch S1 interface Fa0/1?

    • A notification is sent.
    • A syslog message is logged.
    • Packets with unknown source addresses will be dropped.
    • The interface will go into error-disabled state.