Question 101: Which of the following zero-trust network access (ZTNA) architectures deploys software agents in all endpoints to gather and share information with the broker to authenticate and authorize access?
A. Service-initiated ZTNA
B. Endpoint-initiated ZTNA
C. Self-hosted ZTNA
D. ZTNA as a service
Correct Answer: B. Endpoint-initiated ZTNA
Explanation: Endpoint-initiated ZTNA architecture requires organizations to deploy software agents in all network endpoints. There, information is gathered and shared with the broker during the authentication and authorization process.
Question 102: Which Rapid Spanning Tree Protocol port state is a combination of standard 802.1D STP’s disabled, blocking and listening states?
A. Blocking
B. Discarding
C. Learning
D. Forwarding
E. Listening
Correct Answer: B. Discarding
Explanation: Rapid Spanning Tree Protocol (RSTP) defines three port states, compared with 802.1D STP’s five states. RSTP combines the disabled, blocking and listening states into a single port state known as discarding.
The reason for the combination is because a port in a disabled, blocking or listening state doesn’t differ from an STP topology perspective. Each of these states discards all frames and isn’t actively learning the media access control (MAC) addresses of connected switches and devices.
Question 103: Host A receives a frame and discards it after determining it is corrupt. Which OSI layer checks frames for errors?
A. Application
B. Network
C. Physical
D. Data-link
E. FCS or CRC
Correct Answer: D. Data-link
Explanation: The data-link layer is responsible for checking each received frame for errors. Every Ethernet frame includes the frame check sequence (FCS) or cyclic redundancy check value that is calculated by the host that sent the frame.
The receiving host generates its own FCS value for every frame received and then compares it with the FCS included in the frame. If the FCS values match, the frame has arrived without any error. If the FCS values don’t match, then the host assumes the frame has an error or is corrupt and, therefore, discards it. More information on Ethernet frames can be found on Firewall.cx’s Ethernet frame analysis page.
Question 104: No matter how it’s configured, a single switch port is considered what?
A. A separate unicast domain
B. A separate broadcast domain
C. A separate multicast domain
D. A separate collision domain
Correct Answer: D. A separate collision domain
Explanation: Unlike a network hub, which is a single collision domain for all ports, each port on a Layer 2 switch is a separate collision domain.
Question 105: Identify which of the services below uses both TCP and UDP ports.
A. FTP
B. TFTP
C. DNS
D. SSH
E. Telnet
Correct Answer: C. DNS
Explanation: The DNS protocol is the only protocol of those listed above that uses both the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). UDP is the preferred transport protocol for DNS services because it is fast. UDP doesn’t require a connection to be established between the hosts before sending any data.
If a host fails to receive a response from a DNS server after several requests, it can then switch to TCP. TCP is slower, but more reliable, because it requires a three-way handshake to be established between the hosts before any data is sent.
Question 106: A router with a BGP autonomous system number of 65001 is peered with another router with the same BGP AS. Which of the following is true?
A. The ebgp multihop command must be configured to reach an established state.
B. A BGP connection will be established, but no traffic will traverse the connection.
C. The routers are considered eBGP neighbors.
D. The routers are considered iBGP neighbors.
E. A BGP establishment error will occur because of the AS conflict.
Correct Answer: D. The routers are considered iBGP neighbors.
Explanation: When two routers belong to the same autonomous system bearing the same AS number, they are considered internal BGP, or iBGP, neighbors. This also means the routes learned between these neighbors use the internal BGP administrative distance of 200, as opposed to the external AD of 20.
Question 107: What is the default 802.1D short spanning tree port cost of a 10 Gbps Ethernet link?
A. 10
B. 4
C. 2
D. 2,000
Correct Answer: C. 2
Explanation: By default, the 802.1D path cost for a 10 Gbps link is 2 using the short 16-bit method. If you calculate the same link using the long 32-bit method, you get a default value of 2,000.
Question 108: After carefully examining the network diagram above, select the correct statement regarding broadcast and collision domains.
After carefully examining the network diagram above, select the correct statement regarding broadcast and collision domains.
A. There is one broadcast domain and seven collision domains.
B. There are two broadcast domains and five collision domains.
C. There is one broadcast domain and 12 collision domains.
D. There are two broadcast domains and seven collision domains.
E. There are two broadcast domains and 12 collision domains.
Correct Answer: D. There are two broadcast domains and seven collision domains.
Explanation: Each link to a switch — switch port — is a separate collision domain. In our diagram, we have two switches and a total of seven links. Hubs — located in the lower left corner of the image — do not create separate collision domains per link. That’s because traffic entering one port exits all other ports.
Routers, on the other hand, create separate broadcast domains, as broadcast packets do not propagate across them.
Question 109: Which of the following is the correct syntax to configure a switch port as a standard user port on VLAN 10 for data and VLAN 50 for VoIP?
A.
TechTarget-SW1(config-if)#switchport mode trunk
TechTarget-SW1(config-if)#switchport access vlan 10
TechTarget-SW1(config-if)#switchport voice vlan 50
B.
TechTarget-SW1(config-if)#switchport mode access
TechTarget-SW1(config-if)#switchport access vlan 10
TechTarget-SW1(config-if)#switchport voice vlan 50
C.
TechTarget-SW1(config-if)#switchport mode trunk
TechTarget-SW1(config-if)#switchport access vlan 10
TechTarget-SW1(config-if)#switchport voip vlan 50
D.
TechTarget-SW1(config-if)#switchport mode access
TechTarget-SW1(config-if)#switchport access vlan 10
TechTarget-SW1(config-if)#switchport voip vlan 50
E.
TechTarget-SW1(config-if)#switchport mode access
TechTarget-SW1(config-if)#switchport access vlan 50
TechTarget-SW1(config-if)#switchport voice vlan 10
Correct Answer:
B.
TechTarget-SW1(config-if)#switchport mode access
TechTarget-SW1(config-if)#switchport access vlan 10
TechTarget-SW1(config-if)#switchport voice vlan 50
Explanation: When configuring a user port for both voice and data, follow three steps. The first step is to define the port as an access port, as opposed to a trunk port. Second, configure the access virtual LAN to the VLAN ID of standard data traffic. Finally, you must configure the voice VLAN to the appropriate VLAN ID.
Question 110: Your manager has requested you indicate which of the above ports will be Spanning Tree Protocol-designated ports.
Your manager has requested you indicate which of the above ports will be Spanning Tree Protocol-designated ports.
A. Switch V1, Port Fa0/0; Switch V3, Port Fa0/0; Switch V3, Port Fa0/24
B. Switch V1, Port Fa0/24; Switch V2, Port Fa0/0; Switch V2, Port Fa0/24
Correct Answer: B. Switch V1, Port Fa0/24; Switch V2, Port Fa0/0; Switch V2, Port Fa0/24
Explanation: The first step is to understand which switch will become the root switch. This is done via a process called the STP root bridge election process. According to this process, the switch with the lowest bridge ID will be elected as the root switch. In our network diagram, that’s SwitchV2.
As per STP protocol, SwitchV2 will have all ports set to STP designated. Ports Fa0/0 on SwitchV1 and SwitchV3 are used to reach the root switch and are, therefore, designated STP root ports.
The last set of ports to examine is Fa0/24 on SwitchV1 and SwitchV3. Between these two, one port must be set to blocking mode in order to avoid creating a loop in our network, while the other will be set to forwarding mode. SwitchV1 wins because it has a lower MAC address, so SwitchV1 Fa0/24 is set to forwarding and becomes an STP-designated port, while SwitchV3 Fa0/24 turns to a blocking state.
Detailed examples and analysis on STP, bridge election and STP port states can be found on Firewall.cx’s STP section.