CCNA FAQ: Layer 2 Switching
Q1. Which of the following statements is not true with regard to layer 2 switching?
A. Layer 2 switches and bridges are faster than routers because they don’t take up time looking at the Data Link layer header information.
B. Layer 2 switches and bridges look at the frame’s hardware addresses before deciding to either forward, flood, or drop the frame.
C. Switches create private, dedicated collision domains and provide independent bandwidth on each port.
D. Switches use application-specific integrated circuits (ASICs) to build and maintain their MAC filter tables.
Q2. Type the command that generated the last entry in the MAC address table shown.
Type the command only, without the prompt.
Q3. In the diagram shown, what will the switch do if a frame with a destination MAC
address of 000a.f467.63b1 is received on Fa0/4? (Choose all that apply.)
A. Drop the frame.
B. Send the frame out of Fa0/3.
C. Send the frame out of Fa0/4.
D. Send the frame out of Fa0/5.
E. Send the frame out of Fa0/6.
Q4. Write the command that generated the following output.
Q5. In the work area draw the functions of a switch from the list on the left to the right.
Address learning
Packet forwarding
Layer three security
Forward/filter decisions
Loop avoidance
Target 1
Target 2
Target 3
Q6. What statement(s) is/are true about the output shown below? (Choose all that apply.)
A. The port light for F0/3 will be amber in color.
B. The F0/3 port is forwarding frames.
C. This problem will resolve itself in a few minutes.
D. This port requires the shutdown command to function.
Q7. Write the command that would limit the number of MAC addresses allowed on a port to 2. Write only the command and not the prompt.
Q8. Which of the following commands in the configuration, is a prerequisite for the other
commands to function?
S3#config t
S(config)#int fa0/3
S3(config-if#switchport port-security
S3(config-if#switchport port-security maximum 3
S3(config-if#switchport port-security violation restrict
S3(config-if#Switchport mode-security aging time 10
A. switchport mode-security aging time 10
B. switchport port-security
C. switchport port-security maximum 3
D. switchport port-security violation restrict
Q9. Which if the following is not an issue addressed by STP?
A. Broadcast storms
B. Gateway redundancy
C. A device receiving multiple copies of the same frame
D. Constant updating of the MAC filter table
Q10. What issue that arises when redundancy exists between switches is shown in the figure?
A. Broadcast storm
B. Routing loop
C. Port violation
D. Loss of gateway
Q11. Which two of the following switch port violation modes will alert you via SNMP that a violation has occurred on a port?
A. Restrict
B. Protect
C. Shutdown
D. Err-disable
Q12. _______________ is the loop avoidance mechanism used by switches.
Q13. Write the command that must be present on any switch that you need to manage from a different subnet.
Q14. On which interface have you configured an IP address for a switch?
A. int fa0/0
B. int vty 0 15
C. int vlan 1
D. int s/0/0
Q15. Which Cisco IOS command is used to verify the port security configuration of a switch port?
A. show interfaces port-security
B. show port-security interface
C. show ip interface
D. show interfaces switchport
Q16. Write the command that will save a dynamically learned MAC address in the runningconfiguration of a Cisco switch?
Q17. Which of the following methods will ensure that only one specific host can connect to port F0/3 on a switch? (Choose two. Each correct answer is a separate solution.)
A. Configure port security on F0/3 to accept traffic other than that of the MAC address of the host.
B. Configure the MAC address of the host as a static entry associated with port F0/3.
C. Configure an inbound access control list on port F0/3 limiting traffic to the IP address of the host.
D. Configure port security on F0/3 to accept traffic only from the MAC address of the host.
Q18. What will be the effect of executing the following command on port F0/1? switch(config-if)# switchport port-security mac-address 00C0.35F0.8301
A. The command configures an inbound access control list on port F0/1, limiting traffic to the IP address of the host.
B. The command expressly prohibits the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.
C. The command encrypts all traffic on the port from the MAC address of 00c0.35F0.8301.
D. The command statically defines the MAC address of 00c0.35F0.8301 as an allowed host on the switch port.
Q19. The conference room has a switch port available for use by the presenter during classes, and each presenter uses the same PC attached to the port. You would like to prevent other PCs from using that port. You have completely removed the former configuration in order to start anew. Which of the following steps is not required to prevent any other PCs from using that port?
A. Enable port security.
B. Assign the MAC address of the PC to the port.
C. Make the port an access port.
D. Make the port a trunk port.
Q20. Write the command required to disable the port if a security violation occurs. Write only the command and not the prompt.