Test your basic knowledge |

CCNP Switch Deck

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. can root guard and bdpu guard be used together?
Half because transmitting and receiving stations use the same frequency
Only for the offending VLAN on the port
It's a router that maintains routes (static or dynamic) - and populates the FIB
No

2. What must the other end be set to if PAgP desirable or LACP active mode is selected?
Port with alternative path to root less desirable than root
By default weight is 100. Can be made dynamic per interface
Either desirable or auto mode
Low cost - high density ports - multiple scalable uplinks - vlans - traffic and protocol filtering and QoS

3. RSTP BPDU structure
Checks the destination MAC in the header against the target MAC in the ARP reply
1- inferior BDPU on blocked-considered alternative - 2-inferior on root-all blocked ports considered alternate - 3-if inferior arrives on root and no blocked ports - assumes loss of connectivity to root
With portfast
Some unused bits are used to allow a port to identify its role and state. Also the BDPUs state that they are V2 BDPUs

4. Can ARP replies be checked
Trusted ports
Any ports associated with an isolated vlan can reach the primary - but not any other secondary. Hosts withn an isolated vlan can't reach each other
Only when a nonedge port transitions to forwarding
Yes

5. What does MSTP do?
Normal and aggressive
They shorten their bridge table aging times from default (300sec) to the fowarding delay (15 sec)
1 to 64
Used when there are 1 or more VLANs mapped to a single STP instance

6. Where should STP timers be configured and why?
Controls where candidate root bridges can be connected and found on a network
The switch adds its MAC to the option 82 field so that the DHCP reply echoes back the switch's own information
By brining up a tunnel between them to carry 802.11 related messages and client data.
On root - because the root bridge propagates timers with config BDPU

7. How should UDLD be configured?
When the size of a cell is intentionally reduced
Isl - dot1q - negotiate (default)
The configureable UDLD interval must be less than max age plus two intervals of forward delay
Once the CCM gives them the parameters - they use RTP

8. How does HSRP election work?
Yes
Only a single host connects . If one BDPU is received - it is no longer an edge port
Based on priority (0-255). Default is 100. Highest IP is tie breaker
All non-edge ports are discarding. After the root bridge is identified - the port with superior BDPU becomes root

9. What routing protocols support NSF?
The MST instance (MSTI) runs alongside the IST and represents an STP instance
Two distribution switches that aggregate one or more access switches
BGP - EIGRP - OSPF - and IS-IS.
Configure non-silent submode

10. WPA encryption
If three are missed in a row - the neighbor is considered down and the data for that neighbor is aged
Each network device handles packets individually with no advance reservations
The port will operate under 802.1D rules. If they are received on the same port - it will run 802.1D until the migration delay expires
Interim solution - uses same hardware as WEP - but uses TKIP encryption

11. EAP encryption
Dynamic WEP keys that change periodically
Dynamic arp inspection
The time that a port spends in both listening and learning states . Default 15 seconds
By brining up a tunnel between them to carry 802.11 related messages and client data.

12. What is DSCP codepoint AF21(18)?
An instance of RSTP running for each VLAN on the switch. Changing from PVST to RPVST+ is disruptive
Immediate (class 2)
By name - config revision - and instance to vlan mapping table
4

13. What are spoofed addresses?
Yes
Source IP and MAC must match those addresses learned by DHCP snooping or a static entry
They disguise the origin of an attack
1500B

14. What are the 2 types of secondary VLAN?
Isolated and community
Hashing algorithm
Arp for local subnet - if on different subnet - will arp for dgw
All user ports that have portfast enabled

15. What pins does FE use?
Switchpotrt nonegotiate
One that can be detected on a switch interface (ie. Up/down)
1/2 and 3/6
Virtual Router Redundancy Protocol - pretty much the same as HSRP

16. How often are CAM table entries aged?
During the time that the FIB entry is in CEF glean waiting for ARP entries - subsequent packet to that host are dropped to keep input queues from filling
Matching SSID - compatible data rate - authentication credentials
300 sec
FE - GE - and aggregated FE/GE Etherchannels

17. What can cause a wireless client to switch between Aps?
Missed beacons - dropped packets (max retry) - weak signal (data rate switches down) - an AP periodicallytries to find a stronger signal
Causes switch to actively determine whether alternative paths exist to root bridge in case ther eis an indirect failure
3 seconds. Holdtime =3 hellos + 1
The port is forced to always authorize any connected client with no authentication necessary (default)

18. How are GLBP timers used?
Each peer sends and receives hellos. Def hello is 3 sec - def hold is 10 sec
1500B
Used to switch packets destined for the null interface
Up to 4 can be used in a group. Called active virtual forwarders (AVF)

19. Which fiber is the receive?
They should be an unconditional Etherchannel because the WLC can't negotiate a channel.
Root
On the left as you face the connector
1500B

20. What does the rewrite engine do?
Yes
The station must wait until the frame in progress has completed - then wait a random amount of time before transmitting
Globally
It updates the L2 headers with the proper src and dst MAC - L3 TTL - L3 checksum - and L2 checksum information

21. What is the PVLAN host mode?
Connects to a host on an isolated or community vlan. Communicates only with promiscuous port or ports on same community vlan
Embeds the tag within the frame
Prevents the dhcp binding DB from being checked.
If a proposal is received - the recipient isolates - all nonedge ports blocked until proposal sent causing neighbors to synch - which propagates out in waves

22. WPA2 encryption
Using a mobility exchange message
Needs hardware upgrade over WEP - uses AES encryption
FE and GE
An AP's coverage area

23. How are multiple VLANs mapped to multiple SSIDs?
They should be an unconditional Etherchannel because the WLC can't negotiate a channel.
Per VLAN
By using a trunk link
Will trunk if asked

24. if the switchport is part of an etherchannel - Where is the network assigned
On (all ports channel) - auto (channels when asked) - and desirable(actively asks to form a channel)
From the DHCP snooping database or from static entries
To the virtual port-channel interface
The redundant SUP is booted and sup and route engine is init'd. No L2 or L3 functions are started. Allows switchports to retain state

25. What is DSCP codepoint AF41(34)?
Edge - root - and point to point
An AP's coverage area
By encapsulating each frame in a header and trailer
Flash override (class 4)

26. Of what significance are private VLANs
Round robin - weighted - or host-dependent
The frame tag contains a 3 but portion tagged from 0 (low) to 7 (high)
A TCN BDPU is sent out of the switch's root port. The switch will continue sending TCN's every hello interval until ack'd by upstream neighbor. The root bridge will send a Config BDPU to all switches
Local only

27. How does the VRRP master router handle the VIP?
Two distribution switches that aggregate one or more access switches
Should be used on access switches - can't be used on root - keeps enabled switch from becoming root by raising priority of switch and all ports - making them undesirable
The point at which a switch decides to trust incoming Qos. Usually at boundary with ISP
The master router can share the VIP

28. How is the HSRP MAC address configured?
Configuration and TCN
0000.0c07.acxx where xx is the group number as a 2-digit hex value
All ARP packets that arrive on untrusted ports are inspected.
1 -2 -5.5 and 11 Mbps - Channels 1/6/11 - 2.4Ghz

29. What is a cell?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

30. What is the 80/20 rule?
80% of the user traffic should stay in the VLAN
An instance of RSTP running for each VLAN on the switch. Changing from PVST to RPVST+ is disruptive
Create 2 hsrp groups - each with the active router being different switches - then have clients point to each
4

31. How does dot1q do trunking?
Embeds the tag within the frame
Access
To a VLAN and not to a VLAN interface (SVI)
MAC addresses are learned from the source MAC of incoming frames. If the destination address is unknown - the frame is flooded out all except the receiving port.

32. If you want IP source guard to detect spoofed MAC addresses - what must you do?
PAgP (Cisco proprietary) and LACP (standards-based)
Allows devices to interoperate with PVST and CST. Can use both dot1q and ISL
Turn on port security
Up to 4 can be used in a group. Called active virtual forwarders (AVF)

33. What does a LAP do if it loses communication with it's WLC?
Yes to both
Any ports associated with an isolated vlan can reach the primary - but not any other secondary. Hosts withn an isolated vlan can't reach each other
Reboots and searches for a new WLC
Switch(config-if)# standby xx where x= group number

34. What is dynamic auto?
4
Port that connects to another switch and becomes a designated port
FE - GE - and aggregated FE/GE Etherchannels
Will trunk if asked

35. What is topology-basec caching?
From the DHCP snooping database or from static entries
Untrusted
The topology is pre-populated by downloading the topology DB into the FIB and dynamically updated. Called Cisco Express Forwarding
Transmits keystrokes from phone and commands from CCM

36. What is an autonomous mode AP?
When each AP stands alone within the larger network.
Normal and aggressive
Only on ports that have same static VLANs or trunking. It also modifies parameters of the channel if one of the ports is modified
Traffic types and patterns - amount of L3 switching cap. At dist. Layer - # users at access layer - geography - size of spanning tree domains

37. How are VACLs applied
Cisco ILP and 802.3af
To a VLAN and not to a VLAN interface (SVI)
1- enable qos - 2-define qos parameters to be trusted - 3-make trust conditional - 4-instruct IP phone how to extnd boundary
The master router can share the VIP

38. What is DCF?
They shorten their bridge table aging times from default (300sec) to the fowarding delay (15 sec)
Switching Database Manager - configures and prunes TCAM partitions
Distributed coordinion function - the use of timers to prevent wireless collisions
1 IP subnet

39. How does DAI work?
1 IP subnet
All ARP packets that arrive on untrusted ports are inspected.
The redundant SUP is booted and sup and route engine is init'd. No L2 or L3 functions are started. Allows switchports to retain state
16 - of which up to 8 are active. The others are in standby

40. What is a drop adjacency?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

41. What are the PAgP negotiation modes
Half-duplex
On (all ports channel) - auto (channels when asked) - and desirable(actively asks to form a channel)
Feature Manager - after the ACL is created - the FM compiles the ACEs into the table
Src-ip - dst-ip - src-dst-ip - src-mac - dst-mac - src-dst-mac - src-port - dst-port - src-dst-port

42. How does HSRP do MD5 authentication?
By using a hash of a key string
Variation in delay
Completed dhcp bindings - mac addresses - IP addresses - etc.
Checks the sender's ip in all arp requests and checks the sender's IP against target IP in all replies

43. What are the 3 unlicensed frequencies?
The switch checks the MAC and IP reported in the reply against trusted values. If they don't match - it is dropped and logged
900 MHz - 2.4Ghz - and 5-6GHz
Enables portfast - sets the port to access and disables PAgP
Source IP and MAC must match those addresses learned by DHCP snooping or a static entry

44. What is an MST instance?
The MST instance (MSTI) runs alongside the IST and represents an STP instance
2 strand MMF with MT-RJ or SC connectors
Access or trunk
3 seconds. Holdtime =3 hellos + 1

45. How does UDLD work?
1 -2 -5.5 and 11 Mbps - Channels 1/6/11 - 2.4Ghz
Dynamic arp inspection
L2
Sends special layer 2 UDLD frames and expects an echo. Both ends must be configured for UDLD

46. What is a proxy arp?

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183

47. What is a PVLAN?
All user ports that have portfast enabled
On root - because the root bridge propagates timers with config BDPU
Prevents the dhcp binding DB from being checked.
A private VLAN can be logically associated with a special secondary vlan

48. How does IPT behave when the voice VLAN is in vlan-id mode?
Used when ACLs specify port ranges...used by TCAM
Real-time functions such as beacons and probes - encryption and interactions with the client at L2
Data goes over native vlan - voice goes over specified VLAN - voice QOS is 802.1p
Prevents the dhcp binding DB from being checked.

49. What is a root link query (RLQ)?
Backbonefast uses RLQ to determine if upstream switches have stable connections to root bridge
Cisco ILP and 802.3af
Makes use of the DHCP snooping database and static ip source binding entries. If enabled - switch will test addresses
If three are missed in a row - the neighbor is considered down and the data for that neighbor is aged

50. What is the DIFS?
The DCF interframe space- the random backoff time before a wireless set can transmit
FIB
Based on priority (0-255). Default is 100. Highest IP is tie breaker
The frame tag contains a 3 but portion tagged from 0 (low) to 7 (high)