| Question 1 | SPAN is supported on which of the following source interfaces? |
| A1: | Answer C is correct. The source ports that you can capture traffic from include Layer 2, Layer 3, and EtherChannels. Answers A and B are incorrect because both are supported. D is incorrect because you can't capture traffic from a specific interface in a channel only the entire channel. |
| Question 2 | Enter the switch command to display the slot the NAM is installed in: ___________. |
| A2: | show module. Use the show module command to display the cards installed in the Catalyst switch. |
| Question 3 | You want to restrict Telnet access to the switch based on source addresses. What command would you use to activate your restrictions on your VTYs? A. password B. access-group C. vacl-filter D. access-class
|
| A3: | Answer D is correct. Use the access-class command to activate a standard ACL on your VTYs in order to restrict Telnet access to the switch. The password command only assigns a password to a line, making answer A incorrect. The access-group command activates an ACL on a Layer 3 interface, making answer B incorrect. Answer C is a nonexistent command. |
| Question 4 | Enter the switch command to enable AAA: __________. |
| A4: | aaa new-model. AAA is disabled by default enable it with the aaa new-model command. |
| Question 5 | With port security, up to _________ addresses off a port can be secured. |
| A5: | Answer D is correct. Up to 132 MAC addresses can be secured for a port enabled with port security, making answers A, B, and C incorrect. |
| Question 6 | The IEEE ______ standard defines user authentication for switch port access using EAPOL for communication. A. 802.1D B. 802.1X C. 802.11 D. 802.3Z
|
| A6: | Answer B is correct. 802.1X defines per-user authentication to gain access to a switched network. It requires the use of RADIUS. Answer A specifies STP, making it incorrect. Answer C specifies wireless, making it incorrect. Answer D specifies Gigabit Ethernet, making it incorrect. |
| Question 7 | Which is not an ACL type supported by Layer 3 switches? A. Private ACL B. Router ACL C. VLAN ACL D. QoS ACL
|
| A7: | Answer A is correct. There is no such thing as a private ACL. Answers B, C, and D are supported by Layer 3 switches, making them incorrect answers. |
| Question 8 | Which PVLAN port type is supported only in a secondary PVLAN? A. Restricted B. Promiscuous C. Secured D. Community
|
| A8: | Answer D is correct. Community and isolated ports are associated with secondary PVLANs. Answers A and C are incorrect because they are not PVLAN port types. Answer B is incorrect because promiscuous ports are in primary PVLANs. |
| Question 9 | You have an isolated port in a primary PVLAN. What other ports can it talk to? A. Promiscuous B. Isolated C. Community D. None of these
|
| A9: | Answer D is correct. Isolated ports can be in only secondary PVLANs, not primary PVLANs. Therefore, answers A, B, and C are incorrect. |
| Question 10 | Which command enables port security on a switch? |
| A10: | Answer B is correct. Use the switchport port-security command to enable port security on an interface. Answers A, C, and D are nonexistent commands. |
