New 21 HIKO Questions with Verification.

Thursday, February 23, 2017 9:57 AM

New Question 1
Which two statements about default FHRP behavior are true? (Choose two)
A. A backup GLBP active virtual gateway can become active only of the current active virtual gateway fails
B. Preemption is enabled by default
C. Unless specifically configured, the priority of an HSRP route is 200
D. A standby HSRP route becomes active if it has a higher priority than the priority of the current active router
E. A VRRP backup virtual router becomes the master router if its priority is higher than the priority of the current master router.

Correct Answer: A, E
Explanation:
By default, the GLBP gateway preemptive scheme is disabled. A backup virtual gateway can become the AVG only if the current AVG fails,
regardless of the priorities assigned to the virtual gateways. You can enable the GLBP preemptive scheme using the glbp preempt command.
Preemption allows a backup virtual gateway to become the AVG, if the backup virtual gateway is assigned a higher priority than the current
AVG.
From <http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html>

Backup router(s) are only supposed to send multicast packets during an election process. One exception to this rule is when a physical router is
configured with a higher priority than the current master, which means that on connection to the network it will preempt the master status. This
allows a system administrator to force a physical router to the master state immediately after booting, for example when that particular router is
more powerful than others within the virtual router. The backup router with the highest priority becomes the master router by raising
its priority above that of the current master. It will then take responsibility for routing packets sent to the virtual gateway's MAC address.
In cases where backup routers all have the same priority, the backup router with the highest IP address becomes the master router.
From <https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol>

D is also wrong because

This statement is wrong because in HSRP unlike VRRP you have to assign priority along with preempt values on backup router.
You can check the INE Video on HSRP, first 13 minutes will clarify this point.
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9234-hsrpguidetoc.html

New Question 2
Which statement about HSRP, GLBP, and VRRP is true?
A. VRRP group members communicate using multicast address 224.0.0.102
B. MAC address 0000.0c07.ac0c indicates that default gateway redundancy is provided through GLBP
C. HSRP group members communicate using multicast address 224.0.0.18
D. GLBP uses UDP port 3222 (Source and destination) for hello messages

Correct Answer: D
Explanation:
GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address 224.0.0.102, User
Datagram Protocol (UDP) port 3222 (source and destination).
From <http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html>

New Question 3
Refer to the exhibit.

Collected & Created this Doc by:

Waleed M Naeem
Click Here to Join our Whatsapp Switch Group
Click here to access complete study material

If you like my work, then connect with me on

Which statement about the current configuration on port Gigabit Ethernet2/0/1 is true?
linkedin and write few words of
A. It is an access port configured for a phone and a PC recommendation to me :)

B. It is a trunk port and the native VLAN is VLAN1

View My Linkedin Profile
C. It is a trunk port and the native VLAN is VLAN 700
D. It is an access port in Vlan 700

Correct Answer: B
Explanation:
A. in picture its mentioned as a trunk port 3rd command
B. All other statements are not matching with the exhibit so we assume its correct based on the default values.
C. there is no native vlan command in the exhibit
D. There is no switch mode access command in the exhibit

New Question 4
An enterprise network has port security stick enabled on all access ports. A network administrator moves a PC from one office deck to
another. After the PC is moved, the network administrator clears the port secuirty on the new network switch port connecting to the
PC, but the port keeps going back into err-disabled ode. Which two factors are possible causes of the issue? (Choose two)
A. Port security sticky exists on the new network switch port
B. Port security sticky is disabled on the new network switch port.
C. Port security must be disabled on all access ports
D. Port security is still enabled on the older network
E. Port Security sticky is still enabled on the older network switch port

Correct Answer: A, E
Explanation:
To delete a sticky secure MAC addresses from the address table, use the no switchport port-security sticky mac-
address mac_address command. To delete all the sticky addresses on an interface or a VLAN, use the no switchport port-security
sticky interface interface-id command.
To clear dynamically learned port security MAC in the CAM table, use the clear port-security dynamic command. The address keyword
enables you to clear a secure MAC addresses. The interface keyword enables you to clear all secure addresses on an interface.
From <http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/20ewa/configuration/guide/conf/port_sec.html>

New Question 5
An engineer has run the show EtherChannel summary command and the output is displayed. which statement about the stasuses of
the EtherChannel is true?
A. The EtherChannel is operational and configured for PAgP
B. The EtherChannel is down because of a mismatched EtherChannel protocol
C. The EtherChannel is down and configured for LACP
D. The EtherChannel is operational and is using no EtherChannel protocol

Correct Answer: D
Explanation:
Note:- we don't have the exhibit. But if the exhibit is some thing similar to the below image then correct answer will be D

If port-channel showing as SU means etherchannel is up

and operational
& if the Protocol is not showing any thing _ only then it
means channel-group 1 mode on command was executed
which is equivalent to no protocol.
For more info:-
https://learningnetwork.cisco.com/thread/10163

IF exhibit showing (SU) & Protocol as PagP then correct answer will be A
IF exhibit showing (SD) & Ports as (I) means there is a mismatched on either side correct answer will be B
IF exhibit showing (SD) & Protocol as LACP then correct answer will be C
New Question 6
Which statement is true about RSTP topology changes?
A. Any change in the state of the port generates a TC BDPU
B. Only nonedge ports moving to the forwarding state generate a TC BDPU
C. If either an edge port or a nonedge port move to a block state, then a TC BDPU is generated
D. Only edge ports moving to the blocking state generate a TC BPDU E. Any loss of connectivity generates a TC BDPU
Correct Answer: B
Explanation:
Topology Change Detection
In RSTP, only non-edge ports that move to the forwarding state cause a topology change. This means that a loss of connectivity is not
considered as a topology change any more, contrary to 802.1D (that is, a port that moves to blocking no longer generates a TC). When a RSTP
bridge detects a topology change, these occur:
It starts the TC While timer with a value equal to twice the hello-time for all its non-edge designated ports and its root port, if necessary.
It flushes the MAC addresses associated with all these ports.
From <http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html>

New Question 7

When is Cisco Catalyst switch that is configured in VTP server mode is first booted, which two VLAN ranges are loaded on the
switch?(Choose two)
A. all VLANs are in the VLAN database
B.VLANs greater than 1005 in the startup-config file
C. The first 1005 VLANs in the VLAN database file D. The first 1005 VLANs in the startup-config file
E. VLANs greater than 1005 in the VLAN database file

Correct Answer: B,C

Explanation:
If the startup VTP mode is server mode, or the startup VTP mode or domain names do not match the VLAN database, VTP mode and VLAN
configuration for the first 1005 VLANs are selected by VLAN database information, such as the vlan.dat file. VLANs greater than 1005 are
configured from the switch configuration file.
From <http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2940-series-switches/109304-manage-vlandat.html>

New Question 8

Which two options are advantages of deploying VTPv3? (Choose two)

A. It stores the VTP domain password securely as a SHA- 1 hash
B. It adds an FCS field at the end of each VTP ftame the consistenccy checking
C. It supports the propagation of private VLANs
D. It supports the use of AES to encrypt VTP messaging
E. It can be configured to allow only one VTP server to make changes to the VTP domain

Correct Answer: C, E

New Question 9

What action should a network admin take to enable VTP pruning on an entire management domain?

A. Enable VTP pruning on any client switch in the domain.

B. Enable VTP pruning on every switch in the domain.
C. Enable VTP pruning on any switch in the management domain.
D. Enable VTP pruning on a VTP server in the management domain.
Correct Answer: D
Explanation:
You can only enable VTP pruning on a switch in VTP server mode.
From <http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html>
Enabling VTP pruning on a VTP server enables pruning for the entire management domain. Making VLANs pruning-eligible or pruning-
ineligible affects pruning eligibility for those VLANs on that trunk only (not on all switches in the VTP domain).
From <http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swvtp.html>
New Question 10

Refer to the exhibit.

Which two statements about SW1 are true? (Choose two)

A. Interface Gi5/1 is using a Cisco proprietary trunking protocol
B. On interface Gi5/1, all untagged traffic is tagged with VLAN 113
C. The device is configured with the defailt MST region
D. Interface Gi5/1 is using an industry standard trunking protocol
E. Interface Gi6/2 is the root port for VLAN 30
F. On interface Gi6/2, all untagged traffic is tagged with VLAN 600

Correct Answer: D, F
Explanation:

New Question 11

Refer to the exhibit.

Which two commands ensure that DSW1 becomes root bridge for VLAN 10 and 20? (Choose two)
A. spanning-tree mstp1 priority 0
B. spanning-tree mst 1 root primary
C. spanning-tree mst vlan 10,20 priority root
 D. spanning-tree mst 1 prioirty 4096
E. spanning-tree mst 1 prioirty 1
F spanning-tree mst vlan 10,20 root primary

Correct Answer: B, D
Explanation:
Di st ribution1( config) #spanni ng-tree mst configur ation
Di st ribution1( config- mst )#name regi on1
Di st ribution1( config- mst )#r evi si on 10
Di st ribution1( config- mst )#i nst ance 1 vl an 10, 30, 100
Di st ribution1( config- mst )#i nst ance 2 vl an 20, 40, 200
Di st ribution1( config- mst )#exi t
Di st ribution1( config) #spanni ng-tree mst 0- 1 root pri mar y
Di st ribution1( config) #spanni ng-tree mst 2 root secondar y
From <http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/72844-MST.html>

witch(config)#spanning-tree Configures a switch priority as follows:

mstinstance-id prioritypriority-value For instance-id, you can specify a single instance, a range of instances separated by a hyphen, or a
series of instances separated by a comma. The range is from 1 to 4094.
For priority, the range is from 0 to 61440 in increments of 4096; the default is 32768. A lower
number indicates that the switch will most likely be chosen as the root bridge.
Priority values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960,
45056, 49152, 53248, 57344, and 61440. The system rejects all other values.
From <http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/MST.html >

New Question 12

In a switch stack where is the the SDM template stored?

A. All switches in stack
B. Master switch
C. Flash memory
D. Another

Correct Answer: B
Explanation:
In a Catalyst 3750-X-only or a mixed hardware switch stack, all stack members must use the same SDM desktop template that is stored on the
stack master. When a new switch is added to a stack, the SDM configuration that is stored on the stack master overrides the t emplate
configured on an individual switch
From <http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12 -2_53_se/configuration/guide/3750xscg/swsdm.html>

New Question 13

If StormControl is enabled on a port and the traffic reaches the configured level, which two actions can be configured to occ ur?
(Choose two.)
A. Trap
B. notify admin
C. redirect traffic
D. log
E. shut down

Correct Answer: A, E
Explanation:
ShutdownWhen a traffic storm occurs, traffic storm control puts the port into the error-disabled state. To reenable ports, use the error-
disable detection and recovery feature or the shutdown and no shutdown commands.
TrapWhen a traffic storm occurs, traffic storm control generates an SNMP trap.
From <http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/storm.html>
New Question 14

Refer to the exhibit

Switch(config)#snamp-server enable traps mac-notification

Switch(config)#mac address-table notification threshold
Switch(config)#mac address-table notification threshold limit 60
Switch(config)#mac address-table notification mac-move

Which two statements correctly indicate when an SNMP trap is set to the switch? (Choose two)
A. When a new workstation connects to port F0/1
B. When 61 MAC address are in the switch
C. When 61 percent of the Address table capacity is used
D. When the switch loses power and reboots
E. When the phone previously on Fa0/2 is now connect to Fa0/5

Correct Answer: C, E

New Question 15

Which statement is true about RSTP topology changes?

A. Any change in the state of the port generates a TC BDPU
B. Only nonedge ports moving to the forwarding state generate a TC BDPU
C. If either an edge port or a nonedge port move to a block state, then a TC BDPU is generated
D. Only edge ports moving to the blocking state generate a TC BPDU
E. Any loss of connectivity generates a TC BDPU

Correct Answer: B

New Question 16

Refer to the exhibit. Based on the debug output, which three statements about HSRP are true? (Choose Three)

A. The final active router is the router with IP address 172.16.11.111

B. The router with IP address 172.16.11.111 has preempt configured
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address 172.16.11.111
D. The IP address 172.16.11.115 is the virtual HSRP IP address
E. The router with IP address 172.16.11.112 has nonpreempt configured
F. The router with IP address 172.16.11.112 is using default HSRP priority.

Correct Answer: A, B, D

New Question 17

Which two statements are true about recommended practices that are to be used in a local VLAN
solution design where layer 2 traffic is to be kept to a minimum? (Choose two)
A. Routing should occur at the access layer if voice VLANs is utilized. Otherwise, routing should occur at the distribution layer.
B. Routing may be performed at all layers but is most commonly done at the core and distribution layers
C. Routing should not be performed between VLANs located on separate switches.
D. Vlans should be local to a Switch
E. Vlans should ne localized to a single switch unless voice VLANs are being utilized.
Correct Answer: BD
New Question 18

What is the effect of configuring the following command on a switch?

Switch(config)# spanning-tree portfast bdpufilter default
A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for PortFast, the port transitions to the forwarding state.
D. The command enables BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.

Correct Answer: A
Explanation:
At the global level, you can enable BPDU filtering on Port Fast-enabled interfaces by using thespanning-tree portfast bpdufilter default global
configuration command. This command prevents interfaces that are in a Port Fast-operational state from sending or receiving BPDUs. The
interfaces still send a few BPDUs at link-up before the switch begins to filter outbound BPDUs. You should globally enable BPDU filtering
on a switch so that hosts connected to these interfaces do not receive BPDUs. If a BPDU is received on a Port Fast-enabled interface, the
interface loses its Port Fast-operational status, and BPDU filtering is disabled.
From <http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html>

New Question 19

To provide security, a service porvider configured various private VLANs in its backbone network infrastructure to prevent certain
VLAN communicating to each other. Which version of VTP supports the use of private VLANs?
A. version 1
B. version 3
C. VTP does not support private VLANs
D. version 2

Correct Answer: B
Explanation:
This question asking for which version not which mode. As we know Vtp transparent mode supports private vlans. But on VTPv3 its a
default feature to support private vlans. If there is a question asking which mode then we will select Transparent.

New Question 20

Refer to the exhibit (Do not have the exhibit)

An engineer is configuring an etherchannel between two switches, he notices the error message on Switch 2 (error message channel-
missconfiguring error), based on the output what is the problem:
A. the etherchannel on the switch 1 using incorrect member port
B. the etherchannel interface of switch 1 is not configured
C. the etherchannel protocol on switch 1 is not correct
D. the etherchannel interface of switch 2 is not configured

Correct Answer: C
Explanation:
Switch 2 is receiving the error msg. so most probably its coming from next switch.
If on one side etherchannel protocol is lacp and on the other side is pagp or uncompatible modes active/on etc then channel-missconfiguring
errror msg will be generated.

New Question 21 Collected & Created this Doc by:

What condition must match during etherchannel configuration.
Waleed M Naeem
A. Spanning tree port priority Click Here to Join our Whatsapp Switch Group
Click here to access complete study material
B. Spanning tree cost
C. Interface Description If you like my work, then connect with me on
linkedin and write few words of
D. Trunk mode recommendation to me :)
E. Trunk allow vlan
Correct Answer: D, E View My Linkedin Profile