Refer to the exhibit.
AOS-Switches will enforce 802.1X authentication on edge ports. The company has two RADIUS servers, which are meant to provide redundancy and load sharing of requests. The exhibit shows the planned RADIUS settings to deploy to the switches.
What should customers understand about this plan?
- A . AOS switches do not support two RADIUS servers for redundancy, instead, a secondary authentication method is required.
- B . Dynamic authentication is only permitted on one of the RADIUS servers and must be removed from the other.
- C . Each RADIUS server must use a unique port number for the authentication and dynamic authorization port.
- D . Each AOS-Switch will send all RADIUS requests to the first server on the list unless that server becomes unreachable.
An administrator wants to ensure that an AOS-Switch forwards all traffic that it receives on interface 1 with high priority.
– Switches should also communicate the high priority to other switches across the traffic path.
– The switch has type of service disabled.
– The administrator plans to apply 802.1p priority 5 to interface 1.
What should the administrator check to ensure that the configuration will work properly?
- A . Interface 1 receives traffic with a tag.
- B . The AOS-Switch is configured to use eight queues.
- C . The forwarding path for the traffic uses VLAN tags.
- D . An 802.1p-to-DSCP map exists for priority 5.
Refer to the exhibit.
A network administrator sets up prioritization for an application that runs between Device 1 and Device 2.
However, the QoS for the application is not what the administrator expects.
How can the administrator check if the network infrastructure prioritizes traffic from Device 1 and Device 2?
- A . Run a packet capture on Device 2, run the application, and look in the packet capture for a high value DSCP in the IP header.
- B . Set up RMON alarms on the switches that trigger when a high number of packets are dropped. Then, run the application and check for the alarm.
- C . Clear interface statistics on the switches. Then, run the application and check the interface queue statistics for the switch-to-switch links.
- D . Run a packet capture on Device 1, run the application, and look in the packet capture for a high value DSCP in the IP header.
Refer to the exhibits.
Exhibit 1.
Exhibit 2.
The exhibits show the current operational state for routes on Switch-3. The company wants Switch-3 to prefer the link to Switch-1 over the link to Switch-2 for all intra-area, inter-area, and external traffic.
What can the network administrator do to achieve this goal?
- A . Set the OSPF cost on VLAN 108 higher than 1 on Switch-2 and Switch-3.
- B . Set the OSPF administrative distance on Switch-2 higher than 110.
- C . Set the OSPF area type to normal on all of the switches in Area 1.
- D . Set the cost in the OSPF Area 1 stub command higher than 1 on Switch-2.
An AOS-Switch implements tunneled node.
Which benefit does the PAPI enhanced security key provide?
- A . It validates the signature for firmware pushed to the switch dynamically.
- B . It encrypts traffic sent and received by tunneled-node endpoints.
- C . It authenticates control traffic between the switch and its Mobility Controller.
- D . It provides an extra layer of authentication for endpoints on tunneled-node ports.
Refer to the exhibit.
A network administrator needs to deploy AOS-Switches that implement port-based tunneled node. Their Aruba controller has IP address 10.1.10.5/24. The architect has assigned tunneled-node endpoints to VLAN 20.
What is one issue with the current configuration planned for VLAN 20 on the switch?
- A . VLAN 20 must have GRE enabled on it.
- B . VLAN 20 cannot have an IP address.
- C . VLAN 20 must have an IP address in the same subnet as the controller.
- D . VLAN 20 must not enable jumbo frames.
OSPF Area 1 has two ABRs. One ABR is configured with this range for Area 1: 10.10.0.0/16. The other ABR is not configured with a range for Area 1.
Which type of issue occurs due to this mismatch?
- A . The ABRs create a discontinuous area and disrupt intra-area routing between devices within Area 1.
- B . The ABR core would send Area 1 traffic destined to the other switch through an access switch.
- C . The ABRs lose adjacency entirely and cannot route traffic between each other at all.
- D . The ABRs lose adjacency in Area 1 and must route all traffic to each other through Area 0.
Refer to the exhibits. Exhibit 1.
Exhibit 2.
The company wants to minimize congestion on Link 1.
Which spanning tree implementation meets this goal?
- A . Instance 1 = VLANs 4-5 Instance 2 = VLANs 6-7
Switch 2 instance 1 priority = 0
Switch 2 instance 2 priority = 1
Switch 3 instance 1 priority = 1 Switch 3 instance 2 priority = 0 - B . Instance 1 = VLANs 4,6 Instance 2 = VLANs 5,7
Switch 2 instance 1 priority = 0 Switch 2 instance 2 priority = 1
Switch 3 instance 1 priority = 1 Switch 3 instance 2 priority = 0 - C . Instance 1 = VLANs 4,6 Instance 2 = VLANs 5,7
Switch 2 instance 1 priority = 0 Switch 2 instance 2 priority = 1
Switch 3 instance 1 priority = 0 Switch 3 instance 2 priority = 1 - D . Instance 1 = VLANs 4-5 Instance 2 = VLANs 6-7
Switch 2 instance 1 priority = 0 Switch 2 instance 2 priority = 1
Switch 3 instance 1 priority = 0 Switch 3 instance 2 priority = 1
Refer to the exhibit.
The network administrator enables DHCP snooping globally and on VLAN 2. An additional step is mandatory for DHCP snooping to operate correctly and for clients to receive DHCP settings.
What is the additional mandatory step?
- A . Define trk1 as a trusted DHCP port.
- B . Define an authorized DHCP server.
- C . Enable ARP protection.
- D . Define edge ports as untrusted DHCP ports.
Refer to the exhibit.
A network administrator configures connection rate filtering on interface 1 with the throttle action. Device 1 crosses the threshold and triggers the action.
What does the switch do?
- A . It temporarily drops all IP traffic from Device 1 only.
- B . It temporarily drops all IP traffic on interface 1.
- C . It drops all IP traffic from Device 1 until the host is manually unblocked.
- D . It drops all IP traffic on interface 1 until the interface is manually unblocked.
What must an OSPF router do to ensure nonstop routing should a standby member take over as commander when the original VSF commander fails?
- A . It must run the shortest path first algorithm.
- B . It must participate in a new election for the Designated Router.
- C . It must initiate a graceful restart.
- D . It must re-establish adjacency with its Designated Router.
Two AOS-Switches are directly interconnected. The network administrator wants to prevent broadcast storms and other Layer 2 issues that could occur if there is physical damage to a cable.
Which technology should the administrator implement on the connected switch interfaces?
- A . MAC Lockdown
- B . Bidirectional Forwarding Detection (BFD)
- C . Spanning Tree Root Guard
- D . Unidirectional Link Detection (UDLD)
Refer to the exhibit.
The routing switches shown in the exhibit run OSPF on the links between each other. The commander in the Switch-1 VSF fabric goes down. Traffic is disrupted for several seconds.
What should a network administrator do to support a faster failover in a similar situation?
- A . Configure echo mode BFD on the VLAN that connects Switch-1 and Switch-2.
- B . Add VRRP on the VLAN between Switch-1 and Switch-2.
- C . Configure graceful restart, or nonstop OSPF, on Switch-1 and Switch-2, with a proper timer.
- D . Create a redundant virtual link between Switch-1 and Switch-2.
Which benefit is provided by MD5 authentication for BGP?
- A . It validates that BGP messages arrive from an authorized device.
- B . It verifies that received BGP routes have valid next hop IP addresses.
- C . It enables users to authenticate to a server across BGP AS boundaries.
- D . It protects BGP routing information from eavesdroppers.
Refer to the exhibits. Exhibit 1.
Exhibit 2.
The VoIP phone connects, authenticates successfully, and is dynamically assigned to tagged VLAN 6. The endpoint connected to the phone does not authenticate but starts to send untagged traffic.
How does the switch handle this traffic?
- A . It forwards the traffic in VLAN 5.
- B . It relays the traffic to the RADIUS server for authentication.
- C . It forwards the traffic in VLAN 6.
- D . It drops the traffic.
An AOS-Switch needs to be configured to support tunneled node in role-based mode. The Mobility Controller administrators tell the switch administrators that the AOS-Switch will integrate with a cluster of Mobility Controllers. The cluster virtual IP address is 10.1.1.10.
How should switch administrator integrate the AOS-Switch with the cluster?
- A . Double-check the settings with the Mobility Controller administrators because the planned configuration is incomplete with the switch settings.
- B . Configure the virtual IP address as the tunneled-node-server address, tunneled node will work, but the clustering features will not provide redundancy.
- C . Configure the virtual IP address as the tunneled-node-server address. The switch will automatically learn controller IP addresses to which to tunnel various traffic.
- D . Configure the virtual IP address for the primary tunneled-node-server and an actual controller IP address for the backup tunneled-node-server in order to receive redundancy.
Refer to the exhibit.
A company wants to change Area 1 shown in the exhibit from a stub area to a totally stub area.
What will be one effect of this planned change?
- A . Routing devices within Area 0 will temporarily lose adjacency with each other.
- B . Switch-1 and Switch-2 will adjust the cost with which they advertise area 1 traffic in the backbone.
- C . Some traffic from Area 1 to other areas will no longer follow the lowest cost path.
- D . Endpoints within Area 1 will no longer be able to reach endpoints in other areas.
An AOS-Switch runs IGMP on A VLAN.
What is a requirement for the switch to be a potential IGMP querier on that VLAN?
- A . The switch must run PIM-SM or PIM-DM on that VLAN.
- B . The switch must have an IP address on that VLAN.
- C . The switch must have IGMP fast leave disabled globally.
- D . The switch must have at least one IGMP group configured on it manually.
B
Explanation:
Reference: https://support.hpe.com/hpsc/doc/public/display?docId=c05207062
Refer to the exhibit.
Switch-1 runs BGP.
What should the network administrator do to permit Switch-1 to establish a neighbor relationship with Router-1?
- A . Configure 192.168.1.2 as a neighbor manually within the BGP context.
- B . Specify 192.168.1.0/30 with the network command in the BGP context.
- C . Enable BGP on VLAN 100.
- D . Set the BGP AS number to 46501.
Refer to the exhibit.
An AOS-Switch has an extended ACL that is applied to several physical interfaces.
– New interfaces have been brought online.
– The ACL has been applied to them as well.
A network administrator sees the output in the exhibit and is concerned that the switch will reach the limit for rules.
What can the administrator do to address this concern?
- A . Resequence the ACL with less space in between the entries.
- B . Enable ACL grouping, and apply ACLs as shared ACLs.
- C . Reconfigure the ACL as a standard ACL, and then reapply it.
- D . Remove static ACLs, and have the RADIUS server send dynamic ACLs.
Refer to the exhibit.
A company requires distribution layer switches that can provide Layer 2 and Layer 3 redundancy. The exhibit shows the proposal for these switches.
Which change to the proposal will help meet the company’s requirements?
- A . The proposed switches should be replaced with switches such as the Aruba 2930M to support the backplane stacking technology.
- B . VRRP should be implemented instead of backplane stacking to support the Layer 3 redundancy requirements.
- C . Link aggregations should be established without LACP to support the Layer 2 redundancy requirements and backplane stacking limitations.
- D . The proposed switches should be replaced with switches that support VSF to support the required distance between stack members.
Network administrators need to track when traffic matches deny entry in an ACL applied to a port. They want the alert to be sent to a syslog server that is already set up to send logs.
What should administrators do to enable alerts?
- A . Specify the log option for the ACL entry, and enable ACL debugging.
- B . Set the debug destination to session, and enable ACL debugging.
- C . Enable ACL debugging, and enable SNMP port security traps.
- D . Specify the log option for the ACL entry, and enable SNMP port security traps.
Refer to the exhibits.
Exhibit 1
Exhibit 2
In the exhibits, VLAN 20 under a device name indicates that the device is configured with that VLAN. The exhibits also indicate whether VLAN 20 is statically configured on each link, either as an untagged or a tagged VLAN. If the link has no label, VLAN 20 is not statically configured on that link.
A network administrator needs to deploy AOS-Switches that use port-based tunneled node. The plan calls for tunneled-node endpoints to be assigned to VLAN 20 and for the Aruba Mobility Controller to handle the tunneled-node traffic at Layer 2.
Which exhibit shows the correct plan for VLAN 20 in the wired infrastructure?
- A . A
- B . B
- C . C
- D . D
Refer to the exhibits.
Exhibit 1
Exhibit 2 Switch-1 has a power issue that causes it to fail. When Switch-1 comes back up, endpoints lose connectivity for a few minutes.
The network administrator decides to enter this command on Switch-1:
Switch-1 (config)# vlan 10 vrrp vrid 10 preempt-delay-time 120
Exhibit 2 shows the VRRP configuration just after the change.
What is the effect of this change?
- A . Switch-1 and Switch-2 both become Master in their own VRRP virtual router due to the delay timer mismatch. The mismatch must be fixed.
- B . Switch-1 now waits to take over as Master if it fails and recovers. This should prevent the connectivity issue from occurring again.
- C . Switch-1 experiences an internal error in the VRRP process. This error causes Switch-2 to take over as Master for VLAN 2.
- D . Switch-1 continues to act as it did before the preempt delay time was set. Administrators must plan additional changes to fix the issue.
Refer to the exhibits.
Exhibit 1
Exhibit 2
Exhibit 1 shows a portion of the BGP routing table when the BGP solution was first deployed. Exhibit 2
shows the same portion at the current time.
What can explain the current state?
- A . Due to changes in the private network, Switch-1 can no longer reach 192.168.2.1.
- B . Switch-1 can no longer reach ISP 1 at 192.168.1.1.
- C . Due to changes at ISP 1, Switch-1 now selects a different best route.
- D . An administrator has applied a route map on Switch-1 that filters advertised routes.
Which switches can be deployed in a mesh topology for backplane stacking?
- A . Aruba 2920 switches
- B . Aruba 2930F switches
- C . Aruba 2930M switches
- D . Aruba 3810 switches
D
Explanation:
Reference: https://www.hpe.com/us/en/product-catalog/networking/networking-switches/pip.aruba-3810switch-series.1008605435.html
A network administrator needs to create a QoS policy on an AOS-Switch.
What is one component that the administrator must create before the policy?
- A . an extended IPv4 ACL
- B . a traffic behavior
- C . an extended MAC ACL
- D . a traffic class
Refer to the exhibits.
Exhibit 1
Exhibit 2
Switch-1 and Switch-2 are configured to provide VRRP in VLAN 2. The default gateway for VLAN 2 is set to the VRRP virtual IP. Client-1 in VLAN 2 cannot ping its default gateway.
Based on the exhibits, what can administrators determine?
- A . The VRRP preempt delay time has not yet expired, and administrators should try to ping the gateway again in several minutes.
- B . Switch-1 and Switch-2 have the same virtual router ID. The conflict interferes with connectivity.
- C . Preempt mode is enabled on both Switch-1 and Switch-2, so the Master role continues to alternate between them, and the pings go astray.
- D . This is the expected behavior, and Switch-1 should still be able to route traffic for Client-1.
A network administrator needs to create a backplane stack with four AOS-Switches. The administrator wants to choose which switch becomes the commander.
Which procedure meets those needs?
- A . Boot all of the switches at the same time and then connect the backplane stacking links. Then, access the desired commander, and make sure it has member ID 1.
- B . Configure backplane switches settings on each switch while disconnected. Make sure the desired commander has priority value 1. Then, connect the switches.
- C . Boot up the desired commander first and make sure stacking is enabled on it. Then, connect the stacking links and boot the other switches.
- D . Configure backplane switching settings on each switch while disconnected. Make sure the desired commander has member ID 1. Then, connect the switches.
A company deploys AOS-Switches at sites with inexperienced IT staff. The main office network administrators want to monitor thresholds to generate alerts on branch switches.
What should be set up for this purpose?
- A . an SNMP trap
- B . an RMON alarm
- C . an auto-config server
- D . an sFlow instance
A network administrator configures DHCP snooping on VLAN 2.
How does the switch handle DHCP traffic that arrives in this VLAN on an untrusted interface?
- A . It accepts packets from a DHCP server, but drops client packets.
- B . It drops all DHCP traffic and logs a security event.
- C . It accepts both client and server packets as long as they match the DHCP binding table.
- D . It accepts client packets, but drops packets from a DHCP server.
Refer to the exhibit.
A network administrator wants to add the protections of root guard to the network.
Based on the spanning tree topology, on which ports should the network administrator implement root guard?
- A . 3-24
- B . 1 and 2
- C . A1 and A2
- D . 2 and A3
The implementation plan for AOS-Switches calls for them to implement port-based tunneled node. The Aruba Mobility Controllers that will support the AOS-Switches run software 8.1. The controllers will also support APs, are managed by Mobility Master, and use clustering.
Which issue with this plan needs to be addressed?
- A . The controllers cannot support tunneled node with AOS-Switches when they are managed by the Mobility Master.
- B . The switches cannot connect to controllers that also support APs.
- C . The controllers must have their software updated before they can support the switches.
- D . The switches must use role-based tunneled node to work with clustering controllers.
What is one difference between BPDU protection and root guard?
- A . BPDU protection works with RPVST+, RSTP, and MSTP. Root guard works with RSTP or MSTP, but not RPVST+.
- B . BPDU protection blocks a port if it receives any BPDU, but root guard blocks a port only if the BPDU indicates a better root path.
- C . BPDU protection is typically implemented on edge ports, but root guard is typically implemented on uplinks with the root port role.
- D . BPDU protection drops BPDUs received on a port, but does not block the port. Root guard blocks the port if it receives a BPDU.
B
Explanation:
Reference: http://ericleahy.com/index.php/bpdu-guard-bpdu-filter-root-guard-loop-guard-udld/
Refer to the exhibit.
The exhibit shows configurations for interface 5 and VLAN 20. Note that DHCP snooping and ARP protection are also enabled.
A network administrator finds that interface 5 on an AOS-Switch is disabled. The administrator re-enables the interface, but it shuts down again.
What should the administrator investigate?
- A . a device that sends too much unicast traffic
- B . rogue DHCP server
- C . a loop on the interface
- D . a device that sends unauthorized ARP messages
Refer to the exhibit.
Switch-1 and Switch-2 connect on interface A23. The switches experience a connectivity issue. The network administrator sees that both switches show this interface as up. The administrator sees the output shown in the exhibit on Switch-1.
What is a typical issue that could cause this output?
- A . asymmetric routing introduced by a routing protocol
- B . an issue with VLAN mismatch
- C . mismatched subnet mask on the VLAN for the link
- D . a jumbo frame mismatch
What is a reason to implement PIM-DM as opposed to PIM-SM?
- A . to control exactly which multicast groups are routed through the network
- B . to permit a higher density of RP routers in the network core
- C . to conserve bandwidth over WAN links
- D . to use on high-bandwidth routed connections
An AOS-Switch enforces 802.1X. It receives an Access-Accept with this HPE VSA from its Radius server:
Attribute Name and ID = HPE-User-Role (25) Value = contractor
The switch then rejects the client.
What is one requirement for the switch to accept the message and authorize the client?
- A . The initial user role must be set to the factory default permit any role.
- B . User role authorization must be enabled globally on the switch.
- C . An aaa authentication local user group must have the contractor name.
- D . The RADIUS server settings must permit dynamic authorization.
Network administrators need to configure a BGP neighbor on an AOS-Switch.
What defines the neighbor as an iBGP neighbor?
- A . It has BGP synchronization enabled.
- B . It has an AS number in the range of 64512 to 64535.
- C . Its update source is set to a private company IP address.
- D . Its remote-AS is the same as the AOS-Switch BGP AS.
Refer to the exhibits.
Exhibit 1
Exhibit 2
Exhibit 1 shows the topology for the network. The network administrator sees the log entries shown in Exhibit 2.
Which type of failure is indicated?
- A . A link between Switch-1 and Switch-2 went down. BFD detected the lost connectivity and behaved as expected.
- B . Graceful restart helper was not enabled on Switch-2, so BFD was unable to operate correctly, and the session was taken down.
- C . A hardware issue caused a unidirectional link; BFD detected the issue at Layer 2 and prevented a broadcast storm.
- D . BFD was set up incorrectly on Switch-2, so it caused Switch-2 to lose adjacency with Switch-1 rather than repair the session.
A company has AOS-switches, Aruba ClearPass, and Aruba AirWave. A network administrator needs to find the source of a performance issue that often occurs at the start of the day and early in the afternoon.
Which action is likely to give the administrator the most useful information for the investigation?
- A . Access the Network Device view on ClearPass.
- B . Use the configuration audit tool on AirWave.
- C . View the current running config on each switch.
- D . View usage patterns on the switches on AirWave.
Refer to the exhibits.
Exhibit 1
Exhibit 2
Network administrators are alerted to high interface utilization on a switch by a management solution. They examine the utilization on the uplink interfaces several times an hour during problem times. The exhibit shows output typical of times of congestion. The administrators want to allocate bandwidth fairly and reduce congestion on the uplinks.
What could help meet these requirements?
- A . a per-queue rate limit on interfaces 1 and 2
- B . an outbound rate limit on each edge port
- C . a broadcast rate limit on each edge port
- D . an outbound rate limit on interfaces 1 and 2
Refer to the exhibit.
Every switch in the exhibit will route traffic. The company requires a topology in which failover for switch-to switch links is exclusively handled by the routing protocol and occurs as quickly as possible.
Which topology should the administrator use?
- A . A
- B . B
- C . C
- D . D
Refer to the exhibit.
Switch-1 is an AOS-switch that is operating at factory default settings for QoS and has type of service disabled. It receives a frame with 802.1p value 5 on trk1, on VLAN 2.
How does the switch treat the frame when it forwards it on TRK2?
- A . It forwards it with higher than normal priority and 802.1p 0.
- B . It forwards it with normal priority and 802.1p 0.
- C . It forwards it with normal priority and 802.1p 5
- D . It forwards it with higher than normal priority and 802.1p 5.
The security policy for a company requires that switches use SNMPv3 and accept all read-only SNMPv2c messages. The network administrator enables SNMPv3.
Which additional action should the network administrator take to comply with this policy?
- A . Disabled SNMPv3 inform timeouts.
- B . Enable SNMPv3 only operation.
- C . Enable SNMPv3 restricted mode.
- D . Disable SNMPv1/v2c.
Refer to the exhibits.
The network administrator enters the commands shown in Exhibit 2, and Switch-1 and Switch-2 exchange keepalive messages.
What is the expected behavior if Switch-1 later fails to receive keepalive messages from Switch-2?
- A . Switch-1 disables interface 1 for 10 seconds, and then re-enables it. The same process repeats twice. If the issue persists, the switch disables the interface permanently.
- B . After two consecutive missed keep-alive packets, Switch-1 disables interface 1, and the interface stays disabled until the issue is fixed.
- C . After two consecutive missed keep-alive packets, Switch-1 sends SNMP traps, and Link 1 stays up until the issue is fixed.
- D . Switch-1 disables interface 1 for 10 seconds and then re-enables it. The interface continues to be re-enabled and disabled every 10 seconds until the issue is fixed.
Two AOS-Switches connect on VLAN 10 in OSPF Area 1, which is defined as a stub area on both.
Which mismatch can cause OSPF routers to lose adjacency?
- A . The administrator adds the backbone area to just one of the routers.
- B . The administrator enables graceful restart, or nonstop switching, on just one of the routers.
- C . The administrator enables jumbo frames on VLAN 10 on just one of the routers.
- D . The administrator adds the no-summary option to Area 1 on just one of the routers.
A network administrator applies port security to a port with the send-alarm action.
What does the switch do if it detects traffic from an unauthorized MAC address on the port?
- A . It disables the port, but sends no SNMP trap.
- B . It forwards the traffic, and it logs an event.
- C . It blocks the traffic, but sends no SNMP trap.
- D . It blocks the traffic, and it sends an SNMP trap.
Which technologies can prevent split brain in a VSF fabric that includes Aruba 2930F switches?
- A . ARP MAD or OOBM MAD
- B . VLAN MAD or ARP MAD
- C . OOBM MAD or LLDP MAD
- D . LLDP MAD or VLAN MAD
An AOS-Switch is configured to use captive portal and RADIUS to integrate with an Aruba ClearPass solution.
What should the administrator do to enable the switch to accept change of authorization (CoA) messages from ClearPass?
- A . Enable user-role authorization globally on the switch.
- B . Enable dynamic authorization in the RADIUS server settings.
- C . Enable tunneled node in role-based mode.
- D . Enable login privilege globally on the switch.
Refer to the exhibits.
Exhibit 1
Exhibit 2
A company does not require authentication for security, but AOS-Switches are set up to use local MAC authentication (LMA) to assign the correct VLAN and priority to IP phones. IP phones and computers belong to different VLANs. Each device is supposed to connect to a specific port, but sometimes users connect their devices to the wrong ports and cannot receive access without help from IT.
How can a network administrator configure the switches to eliminate this issue?
- A . Set the address limit to 2 on the switch ports that apply LMA.
- B . Create a user role that applies the user VLAN, and set this role as the initial role.
- C . Add the MAC addresses for computers to the myPhones MAC group.
- D . Apply LMA to all edge switch ports, and set the unauth VLAN to the user VLAN.
Refer to the exhibits.
Exhibit 2
The network administrator configures the commands shown in Exhibit 2.
Which mismatch will cause an issue?
- A . the mismatch between the key IDs specified in chain10 and chain11 on Switch-1
- B . the mismatch between the key-strings in the chains for VLAN 10 and VLAN 11 on Switch-1
- C . the mismatch between the chain names associated with VLAN 11 on Switch-1 and on Switch-3
- D . the mismatch between the key-strings associated with VLAN 10 on Switch-1 and on Switch-2
A company wants to implement 802.1X authentication to authenticate client devices on AOS-Switch ports. The company has a RADIUS server that uses PEAP MSCHAP-v2 for the authentication method.
What is one task administrators should complete before they implement the plan?
- A . Set up an isolated VLAN in the network for the 802.1X communications.
- B . Install personal certificates on client devices.
- C . Configure DHCP services on the AOS-Switches for pre-authenticated clients.
- D . Ensure client devices trust the RADIUS server certificate.
AOS-Switches authenticate guests to ClearPass with captive portal. An administrator notices that some guests are unable to reach the captive portal page.
What will resolve this issue?
- A . Permit DNS on the ClearPass Portal
- B . Permit DHCP on the ClearPass Portal.
- C . Permit HTTP or HTTPS on the ClearPass Portal.
- D . Permit Allow All MAC-Auth on the ClearPass Portal.
A customer wants to authenticate AOS-Switch managers to a RADIUS server. The CIO wants to assign different rights to different management users for granular control over their rights and privileges.
What must the network administrator enable on the AOS-Switches to ensure they comply with this plan?
- A . RADIUS-based command authorization
- B . a manager and operator password
- C . authentication login privileges
- D . SNMPv3 and SNMPv3 restricted access.
Refer to the exhibits.
Exhibit 1
Exhibit 2
Exhibit 2 shows IGMP groups on Switch-2, which runs IGMP but not PIM. Switch-1 and Switch-3 do not have IGMP or PIM enabled. Client 1 begins to forward multicasts to 239.1.1.1.
Which clients receive the multicasts?
- A . Client 3, but not any of the other clients
- B . Client 2, but not any of the other clients
- C . Client 3 and Client 4, but not Client 2
- D . Client 2, Client 3, and Client 4
Refer to the exhibit.
Several interfaces on an AOS-Switch enforce 802.1X to a Radius server at 10.254.202.202. The interface 802.1X settings are shown in the exhibit, and 802.1X is also enabled globally. The security team have added a requirement for port security on the interfaces as well.
Before administrators enable port security, which additional step must they complete to prevent issues?
- A . Set an 802.1X client limit on the interfaces.
- B . Manually add legitimate MAC addresses to the switch authorized MAC list.
- C . Enable DHCP snooping on VLAN 20.
- D . Enable eavesdropping protection on the interfaces.
What is the minimum requirement for a device to pass local MAC authentication (LMA) on an AOS-Switch?
- A . The device MAC address matches a default MAC group, which is enabled but not necessarily associated with a profile.
- B . The device MAC address matches a MAC group, address, OUI, or range that is associated with an LMA profile.
- C . The device MAC address matches a default MAC group that is associated with an LMA profile.
- D . The device MAC address matches a configured MAC group, address, OUI, or range, which is not necessarily associated with a profile.
Refer to the exhibit.
The network administrator wants to summarize routes as much as possible in between areas.
What is the correct range to specify for the router OSPF Area 2 command on Switch-2?
- A . 10.0.0.0/20
- B . 10.0.0.0/21
- C . 10.0.8.0/21
- D . 10.0.16.0/21
Refer to the exhibit.
Switch-2, Switch-5, and Switch-6 currently have many OSPF routes to Area 1 networks. The network administrator wants to replace these routes with a single aggregated route to 10.1.0.0/16 on each switch. Where should the administrator specify the 10.1.0.0/16 range?
- A . in the Switch-2 OSPF Area 2 configuration
- B . in the Switch-1 OSPF Area 0 configuration
- C . in the Switch-1 OSPF Area 1 configuration
- D . in the Switch-2, Switch-5, and Switch-6 OSPF global configuration
Refer to the exhibit.
An AOS-Switch has the ACL shown in the exhibit.
A network administrator then enters these commands:
Switch(config)# mac-access-list standard myACL
Switch(config-std-macl)# deny 007d.45cc.0000 0000.0000.ffff
How does this ACL treat these frames:
1 = 007d.45cc.ffff
2 = 007d.45cc.0000
- A . It denies both frames.
- B . It permits both frames.
- C . It denies frame 1 and permits frame 2.
- D . It permits frame 1 and denies frame 2.
Refer to the exhibits.
Exhibit 1
Exhibit 2
A network administrator wants to set up mirroring of traffic from port 1 on Switch-1 to port 1 on Switch-2. Exhibit-2 shows the commands that the administrator enters. The mirroring does not work correctly.
What must the administrator do to correct the error?
- A . Change the port ID on Switch 1 to 50001, so that it is unique from the port ID on Switch-2.
- B . Re-configure the mirror endpoint command on Switch-2 with the IP addresses reversed in order.
- C . Remove the commands, and re-enter them on Switch-1 first and then on Switch-2.
- D . Specify the mirror endpoint command on Switch-1 and the mirror 1 remote-ip command on Switch-2.
Refer to the exhibits.
Exhibit 1
Exhibit 2
Switch-1(config)# spanning-tree
Switch-1(config)# spanning-tree config-name “exam”
Switch-1(config)# spanning-tree instance 1 vlan 10-19
Switch-1(config)# spanning-tree instance 2 vlan 20-29
Switch-2(config)# spanning-tree
Switch-2(config)# spanning-tree config-name “exam”
Switch-2(config)# spanning-tree instance 1 vlan 10-19
Switch-2(config)# spanning-tree instance 2 vlan 20-29
Switch-2(config)# spanning-tree priority 0
Switch-2(config)# spanning-tree instance 1 priority 0
Switch-2(config)# spanning-tree instance 2 priority 1
Switch-3(config)# spanning-tree
Switch-3(config)# spanning-tree config-name “exam”
Switch-3(config)# spanning-tree instance 1 vlan 10-19
Switch-3(config)# spanning-tree instance 2 vlan 20-29
Switch-3(config)# spanning-tree priority 1
Switch-3(config)# spanning-tree instance 1 priority 1
Switch-3(config)# spanning-tree instance 2 priority 0
Switch-4(config)# spanning-tree
Switch-4(config)# spanning-tree config-name “exam”
Switch-4(config)# spanning-tree instance 1 vlan 10-19
Switch-4(config)# spanning-tree instance 2 vlan 20-29
The network administrator enters the commands shown in Exhibit 2.
What is the spanning tree status on A1 and A2?
- A . Both A1 and A2 forward traffic.
- B . A1 blocks traffic, and A2 forwards traffic.
- C . Both A1 and A2 block traffic.
- D . A1 forwards traffic, and A2 blocks traffic.
A company has a Unified Communications and Collaboration (UCC) solution.
– Users run softphones on their desktops and laptops.
– The UCC solution is configured to use a certain range of Layer 4 ports for VoIP traffic.
– The user devices connect to AOS-Switches.
A network administrator needs to configure the AOS-Switches to prioritize only the VoIP traffic.
Where can the administrator configure a DSCP value to meet this goal?
- A . in a global UDP port-based QoS policy
- B . on the interfaces through which the VoIP traffic is forwarded
- C . on the interfaces that connect to the user devices
- D . on the VLAN to which the user devices are assigned
Two 5400R AOS-Switches are OSPF neighbors. The network administrator wants routing paths to update as quickly as possible in the event of a failure on a neighboring switch.
Which technology should the administrator implement on the connected switch interfaces?
- A . MAC Lockdown
- B . Unidirectional Link Detection (UDLD)
- C . Bidirectional Forwarding Detection (BFD)
- D . Spanning Tree Root Guard
Refer to the exhibit.
Network administrators want the network to use PIM-DM to route multicasts from Server 1 to receivers in VLAN 24.
Which protocols should the administrators enable on which VLANs on Switch-1?
- A . PIM-DM on VLAN 24; IGMP and PIM-DM on VLAN 10
- B . IGMP on VLAN 24; IGMP on VLAN 10
- C . IGMP on VLAN 24; PIM-DM on VLAN 10
- D . IGMP and PIM-DM on VLAN 24; PIM-DM on VLAN 10
- E . IGMP and PIM-DM on VLAN 24; PIM-DM on VLAN 10
A network administrator applies the ACL shown in the exhibit.
Which source IP address does the myList ACL deny?
- A . 10.1.0.10
- B . 10.1.1.10
- C . 10.1.2.10
- D . 10.2.1.10