[Free] 2019(Nov) EnsurePass Cisco 300-115 Dumps with VCE and PDF 101-110

Get Full Version of the Exam

Question No.101

An administrator recently configured all ports for rapid transition using PortFast. After testing, it has been determined that several ports are not transitioning as they should. What is the reason for this?

  1. RSTP has been enabled per interface and not globally.

  2. The STP root bridge selection is forcing key ports to remain in non-rapid transitioning mode.

  3. STP is unable to achieve rapid transition for trunk links.

  4. The switch does not have the processing power to ensure rapid transition for all ports.

Correct Answer: C


RSTP can only achieve rapid transition to the forwarding state on edge ports and on point-to- point links, not on trunk links. The link type is automatically derived from the duplex mode of a port. A port that operates in full-duplex is assumed to be point-to-point, while a half-duplex port is considered as a shared port by default. This automatic link type setting can be overridden by explicit configuration. In switched networks today, most links operate in full-duplex mode and are treated as point-to-point links by RSTP. This makes them candidates for rapid transition to the forwarding state.

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree- protocol/24062-146.html

Question No.102

A network engineer must set the load balance method on an existing port channel. Which action must be done to apply a new load balancing method?

  1. Configure the new load balancing method using port-channel load-balance.

  2. Adjust the switch SDM back to quot;defaultquot;.

  3. Ensure that IP CEF is enabled globally to support all load balancing methods.

  4. Upgrade the PFC to support the latest load balancing methods.

Correct Answer: A Explanation: Example:

EtherChannel balances the traffic load across the links in a channel through the reduction of part of the binary pattern that the addresses in the frame form to a numerical value that selects one of the links in the channel. EtherChannel load balancing can use MAC addresses or IP addresses, source or destination addresses, or both source and destination addresses. The mode applies to all EtherChannels that are configured on the switch. You configure the load balancing and forwarding method with use of theport- channel load-balance {dst-ip | dst-mac | src-dst-ip | src- dst-mac | src-ip | src-mac} global configuration command.

Reference: http://www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/12023-4.html

Question No.103

An EtherChannel bundle has been established between a Cisco switch and a corporate web server. The network administrator noticed that only one of the EtherChannel links is being utilized to reach the web server. What should be done on the Cisco switch to allow for better EtherChannel utilization to the corporate web server?

  1. Enable Cisco Express Forwarding to allow for more effective traffic sharing over the EtherChannel


  2. Adjust the EtherChannel load-balancing method based on destination IP addresses.

  3. Disable spanning tree on all interfaces that are participating in the EtherChannel bundle.

  4. Use link-state tracking to allow for improved load balancing of traffic upon link failure to the server.

  5. Adjust the EtherChannel load-balancing method based on source IP addresses.

Correct Answer: E


EtherChannel load balancing can use MAC addresses, IP addresses, or Layer 4 port numbers, and either source mode, destination mode, or both. The mode you select applies to all EtherChannels that you configure on the switch. Use the option that provides the greatest variety in your configuration. For example, if the traffic on a channel only goes to a single MAC address (which is the case in this example, since all traffic is going to the same web server), use of the destination MAC address results in the choice of the same link in the channel each time. Use of source addresses or IP addresses can result in a better load balance.


Question No.104

Refer to the exhibit. Switch A, B, and C are trunked together and have been properly configured for VTP. Switch B has all VLANs, but Switch C is not receiving traffic from certain VLANs. What would cause this issue?


  1. A VTP authentication mismatch occurred between Switch A and Switch B.

  2. The VTP revision number of Switch B is higher than that of Switch A.

  3. VTP pruning is configured globally on all switches and it removed VLANs from the trunk interface that is connected to Switch C.

  4. The trunk between Switch A and Switch B is misconfigured.

Correct Answer: C


VTP pruning increases network available bandwidth by restricting flooded traffic to those trunk links that the traffic must use to reach the destination devices. Without VTP pruning, a switch floods broadcast, multicast, and unknown unicast traffic across all trunk links within a VTP domain even though receiving switches might discard them. VTP pruning is disabled by default. VTP pruning blocks unneeded flooded traffic to VLANs on trunk ports that are included in the pruning-eligible list. The best explanation for why switch C is not seeing traffic from only some of the VLANs, is that VTP pruning has been configured.

Question No.105

Which portion of AAA looks at what a user has access to?

  1. authorization

  2. authentication

  3. accounting

  4. auditing

Correct Answer: A


AAA consists of the following three elements:

Authentication: Identifies users by login and password using challenge and response methodology before the user even gains access to the network. Depending on your security options, it can also support encryption.

Authorization: After initial authentication, authorization looks at what that authenticated user has access to do. RADIUS or TACACS security servers perform authorization for specific privileges by defining attribute-value (AV) pairs, which would be specific to the individual user rights. In the Cisco IOS, you can define AAA authorization with a named list or authorization method.

Accounting: The last quot;Aquot; is for accounting. It provides a way of collecting security information that you can use for billing, auditing, and reporting. You can use accounting to see what users do once they are authenticated and authorized. For example, with accounting, you could get a log of when users logged in and when they logged out.

Reference: http://www.techrepublic.com/blog/data-center/what-is-aaa-and-how-do-you-configure- it-in-the-cisco-ios/

Question No.106

While troubleshooting a network outage, a network engineer discovered an unusually high level of broadcast traffic coming from one of the switch interfaces. Which option decreases consumption of bandwidth used by broadcast traffic?

  1. storm control

  2. SDM routing

  3. Cisco IOS parser

  4. integrated routing and bridging

  5. Dynamic ARP Inspection

Correct Answer: A


Storm control prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on a port. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configuration, or users issuing a denial-of-service attack can cause a storm.

Storm control is configured for the switch as a whole but operates on a per-port basis. By default, storm control is disabled.

Storm control uses rising and falling thresholds to block and then restore the forwarding of broadcast, unicast, or multicast packets. You can also set the switch to shut down the port when the rising threshold is reached.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2950/software/releas e/12- 1_22ea/SCG/scg/swtrafc.html

Question No.107

A network engineer configures port security and 802.1x on the same interface. Which option describes what this configuration allows?

  1. It allows port security to secure the MAC address that 802.1x authenticates.

  2. It allows port security tosecure the IP address that 802.1x authenticates.

  3. It allows 802.1x to secure the MAC address that port security authenticates.

  4. It allows 802.1x to secure the IP address that port security authenticates.

Correct Answer: A


802.1X and Port Security

You can configure port security and 802.1X on the same interfaces. Port security secures the MAC addresses that 802.1X authenticates. 802.1X processes packets before port securityprocesses them, so when you enable both on an interface, 802.1X is already preventing inbound traffic on the interface from unknown MAC addresses.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx- os/security/configuration/guide/sec_nx-os-cfg/sec_portsec.html

Question No.108

When you configure a private VLAN, which type of port must you configure the gateway router port as?

  1. promiscuous port

  2. isolated port

  3. community port

  4. access port

Correct Answer: A


There are mainly two types of ports in a Private VLAN: Promiscuous port (P-Port) and Host port. Host port further divides in two types – Isolated port (I-Port) and Community port (C-port).

Reference: http://en.wikipedia.org/wiki/Private_VLAN

Question No.109

A Cisco Catalyst switch that is prone to reboots continues to rebuild the DHCP snooping database. What is the solution to avoid the snooping database from being rebuilt after every device reboot?

  1. A DHCP snooping database agent should be configured.

  2. Enable DHCP snooping for all VLANs that are associated with the switch.

  3. Disable Option 82 for DHCP data insertion.

  4. Use IP Source Guard to protect the DHCP binding table entries from being lost upon rebooting.

  5. Apply ip dhcp snooping trust on all interfaces with dynamic addresses.

Correct Answer: A


Minimum DHCP Snooping Configuration

The minimum configuration steps for the DHCP snooping feature are as follows:

  1. Define and configure the DHCP server.

  2. Enable DHCP snooping on at least one VLAN.

    By default, DHCP snooping is inactive on all VLANs.

  3. Ensure that DHCP server is connected through a trusted interface. By default, the trust state of all interfaces is untrusted.

  4. Configure the DHCP snooping database agent.

    This step ensures that database entries are restored after a restart or switchover.

  5. Enable DHCP snooping globally.

The feature is not active until you complete this step. Reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/snoo dhcp.html#wp1090479

Question No.110

On which interface can port security be configured?

  1. static trunk ports

  2. destination port for SPAN

  3. EtherChannel port group

  4. dynamic access point

Correct Answer: A


Port Security and Port Types

You can configure port security only on Layer 2 interfaces. Details about port security and different types of interfaces or ports are as follows:

Access portsYou can configure port security on interfaces that you have configured as Layer 2 access ports. On an access port, port security applies only to the access VLAN.

Trunk portsYou can configure port security on interfaces that you have configured as Layer 2 trunk ports. VLAN maximums are not useful for access ports. The device allows VLAN maximums only for VLANs associated with the trunk port.

SPAN portsYou can configure port security on SPAN source ports but not on SPAN destination ports.

Ethernet Port ChannelsPort security is not supported on Ethernet port channels. Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx- os/security/configuration/guide/sec_nx-os-cfg/sec_portsec.html

Get Full Version of the Exam
300-115 Dumps
300-115 VCE and PDF