Home > Articles > Cisco Certification > Cisco Networking Academy Switched Networks Companion Guide: VLANs

Cisco Networking Academy Switched Networks Companion Guide: VLANs

Chapter Description

This chapter covers how to configure, manage, and troubleshoot VLANs and VLAN trunks. It also examines security considerations and strategies relating to VLANs and trunks, and best practices for VLAN design.

Check Your Understanding Questions

Complete all the review questions listed here to test your understanding of the topics and concepts in this chapter. The appendix “Answers to ‘Check Your Understanding’ Questions” lists the answers.

  1. For what reason would a network administrator use the show interfaces trunk command on a switch?

    1. To view the native VLAN
    2. To examine DTP negotiation as it occurs
    3. To verify port association with a particular VLAN
    4. To display an IP address for any existing VLAN
  2. What is the purpose of the switch command switchport access vlan 99?

    1. To enable port security
    2. To make the port operational
    3. To assign the port to a particular VLAN
    4. To designate the VLAN that does not get tagged
    5. To assign the port to the default native VLAN (VLAN 99)
  3. Which step should be performed first when deleting a VLAN that has member switch ports?

    1. Reload the switch.
    2. Implement the delete vlan.dat command.
    3. Reassign all VLAN member ports to a different VLAN.
    4. Back up the running config.
  4. All access ports on a switch are configured with the administrative mode of dynamic auto. An attacker, connected to one of the ports, sends a malicious DTP frame. What is the intent of the attacker?

    1. VLAN hopping attack
    2. DHCP spoofing attack
    3. MAC flooding attack
    4. ARP poisoning attack
  5. Which of the following statements accurately describe DTP? (Choose two.)

    1. DTP is a Cisco-proprietary protocol.
    2. DTP supports IEEE 802.1Q.
    3. Cisco switches require DTP to establish trunks.
    4. DTP must be enabled on only one side of the trunk link.
    5. Trunk ports that are configured for dynamic auto will request to enter the trunking state.
  6. Match the action to the corresponding command.

    1. Assigns VLAN 10 for untagged traffic
    2. Activates the current interface as trunk
    3. Prohibits VLAN 10 on the trunk interface
    4. Switch(config-if)# switchport trunk allowed vlan remove 10
    5. Switch(config-if)# switchport mode trunk
    6. Switch(config-if)# switchport trunk native vlan 10
  7. What is one way to prevent the VLAN hopping attack?

    1. Disable DTP negotiation on all ports.
    2. Change the native VLAN to an unused VLAN.
    3. Designate a different default VLAN.
    4. Remove all user VLANs from the trunk.
  8. What security issue is of concern regarding the VLAN configuration of switches?

    1. All interfaces are in the same user VLAN.
    2. The management VLAN is using the same VLAN ID as a user VLAN is using.
    3. The “black hole” VLAN is not configured.
    4. The native VLAN has not been changed from the default setting.
  9. In which location are the normal-range VLANs stored on a Cisco switch by default?

    1. Flash memory
    2. Startup config
    3. Running config
    4. RAM
  10. Which of the following statements describe the benefits of VLANs? (Choose two.)

    1. VLANs improve network performance by regulating flow control and window size.
    2. VLANs enable switches to route packets to remote networks through VLAN ID filtering.
    3. VLANs reduce network cost by reducing the number of physical ports required on switches.
    4. VLANs improve network security by isolating users that have access to sensitive data and applications.
    5. VLANs divide a network into smaller logical networks, resulting in lower susceptibility to broadcast storms.
  11. An administrator is investigating an inoperational trunk link between a Cisco switch and a switch from another vendor. After a few show commands, the administrator notices that the switches are not negotiating a trunk. What is a probable cause for this issue?

    1. Both switches are in trunk mode.
    2. Both switches are in nonegotiate mode.
    3. Switches from other vendors do not support DTP.
    4. DTP frames are flooding the entire network.
  12. Which distinct type of VLAN is used by an administrator to access and configure a switch?

    1. Default VLAN
    2. Native VLAN
    3. Data VLAN
    4. Management VLAN