Selasa, 20 Maret 2012

Soal Konfigurasi Setifikasi CCNA (ACL)

Haloo... kemarin saya ada nulis tentang soal konfigurasi EIGRP pada ujian CCNA, soal berikutnya yang keluar adalah ACL. Karena kemarin kunjungan di blog ini agak rame.. saya jadi semangat nulis lagi ^_^ (dukung trus ya, jangan lupa komentarnya) hehehehe.. ok! jangan terlalu banyak basa basi, langsung saja... berikut ceritanya...

Question
A network associate is adding security to the configuration of the Corp1 router. The user on host A should be able to use a web browser to access financial information from the Finance Web Server.Other types of access from host A to the finance web server should be blocked. All access from hosts in the Core or local LAN to the Finance Web Server should be blocked. All hosts in the core and on the local LAN should be able to access the Public web server.
The task is to create and apply a numberd access-list with no more than three statements that will allow ONLY host A web access to the Finance Web Server. No other hosts will have web access to the Finance Web Server. All other traffic is permitted.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to “cisco”.
The Core connection uses an IP address of 198.18.196.65
The computers in the Hosts LAN have been assigned addresses of 192.168.33.1 – 192.168.33.254
Host A 192.168.33.1
Host B 192.168.33.2
Host C 192.168.33.3
Host D 192.168.33.4
The servers in the Server LAN have been assigned addresses of 172.22.242.17 – 172.22.242.30
The Finance Web Server is assigned an IP address of 172.22.242.23
The Public Web Server is assigned an IP address of 172.22.242.17
Untuk simulasi di packet tracer bisa di lihat di Sini atau di Sini

Penyelesaian :
Seperti yang dikatakan.. bahawa akan di pasang security di Router Corp1, bahwa Host A dapat mengakses Finance Web Server hanya protokol HTTP yang di izinkan  (use web browser) selain HTTP dilarang (Other types be blocked) . Sedangkan Host-Host lain baik itu di LAN ataupun di core juga tidak diizinkan untuk mengakses Finance web Server. Kemudian Semua host di local LAN dan core dapat mengakses public Web Server.

Ok... untuk menjawabnya kita kumpulin dulu data-datanya (Nanti anda kan di kasih papan ma spidol, bisa di catat di sana), yaitu  :
Host A --> IP --> 192.168.33.1
Finance Web Server --> IP  --> 172.22.242.23
Public Web Server --> IP -->  172.22.242.17
Nah.. dikatakan bahwa akses list nya tidak lebih dari 3 statement.
1.  Host A dapat mengakses Finance Web Server mengunakan protokol HTTP.
access-list 100 permit tcp host 192.168.33.1 host 172.22.242.23 eq 80
2. Selain HTTP dilarang untuk mengakes finance web Server & LAN dan core juga dilarang
access-list 100 deny ip any host 172.22.242.23
3. Semua host di LAN dan di core dapat mengakses Public Web Server*
access-list 100 permit ip any any
 * Sebenarnya saya lebih setuju dengan jawaban access-list 100 permit ip any host 172.22.242.17 (tapi menurut laporan yg 100% katanya yang  di atas! jadi anda ikuti aja yang di atas).

Okay.. data dah terkumpul tinggal di kerjain.. anda klik computer console untuk konfigurasi (anda tidak bisa klik routernya)
Corp1>enable
Password: cisco
Corp1#show running-config 












 
Kita akan memasang akses list di network Sw-1 yaitu di Fa0/1, alasan'nya jelas.. kalau kita pasang di Fa0/0 maka core tidak akan kena, kalo kita pasang di Se1/0 LAN yang tidak kena. jadi jelas kita pasang di Fa0/1 (out) agar Core dan LAN dapat terkena security yang akan kita konfigurasi.OK! NEXT>> pasang data-data kita tadi ^_^

Corp1#configure terminal
Corp1(config)#access-list 100 permit tcp host 192.168.33.1 host 172.22.242.23 eq 80
Corp1(config)#access-list 100 deny ip any host 172.22.242.23
Corp1(config)#access-list 100 permit ip any any

Yup.. dah selesai.. jangan lupa kita pasang di interfacenya..
Corp1(config)#interface fa0/1
Corp1(config-if)#ip access-group 100 out 
Corp1(config-if)#end
Corp1#copy running-config startup-config   ---> WAJIB ini ^_^

Udah.. selesai.. seperti itulah soal konfigurasi ACL yang saya dapati tanggal 10 maret kemarin, ok!! untuk memastikanya anda bisa klik host A, dan buka browsernya.. kemudaian masukkan alamat finance
http://172.22.242.23 (maka akan keluar notifikasi sukses), kemudian coba host B masukkan di browsernya http://172.22.242.23 (harusnya ada notifikasi tidak sukses). Coba juga koneksi ke public web.

Sekalian info..  Mungkin ada modifikasi dari soal CCNA, seperti host bisa saja (A/B/C/D) harap DIPERHATIKAN.**

**Adapun beberapa Modifikasi lain dari soalnya bisa di lihat di bawah ini, tinggal di cocokkan saja mana yang sesuai dengan soal anda nanti.






















Host C should be able to use a web browser to access financial information from the Finance Web Server.
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80

No other hosts from the LAN nor the Core should be able to use a web browser to access this server.all
Corp1(config)#access-list 100 deny tcp any host 172.22.242.23 eq 80

Other traffic should be allowed.
Corp1(config)#access-list 100 permit ip any any

Nah... seperti itulah kira-kira soal ACL yang ada di ujian CCNA, insya Allah masih valid.. nanti kita lihat yang ujian sabtu nanti gimana kabarnya ^_^ (sekali lagi harus teliti dan hati-hati ya...)
Good Luck..
Next.. VTP..

Sabtu, 17 Maret 2012

Soal Konfigurasi Setifikasi Routing EIGRP

Soal-soal sertifikasi CCNA rata-rata sama, saya dengar2 tidak ada banyak perubahan. Berikut soal konfigurasi LAB EIGRP, saat ujian tgl 10 maret kemarin. 

Question
After adding R3 router, no routing updates are being exchanged between R3 and the new location. All other inter connectivity and Internet access for the existing locations of the company are working properly.

- The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers.
- Access to the router CLI can be gained by clicking on the appropriate host. All passwords on all routers are cisco.

IP addresses are listed in the chart below.

Penyelesaian.
Setelah memasang router tiga (ENG) tidak ada routing update antara R1(MGT) dan R3(ENG), untuk menyelesaikanya kita lihat terlebih dahulu konfigurasi router di ENG.
klik computer F (anda tidak bisa langsung mengklik router ENG, seperti di packet tracer)
ENG>enable
Password:  cisco
ENG#show running-config
  
Di sini terlihat ada kesalahan konfigurasi di router ENG, karena AS number yang digunakan untuk routing EIGRP bukanlah 22, melainkan 122. Langkah selanjutnya anda harus menghapus dahulu roting eigrp 22 ini, kemudian membuat routing yang baru. anda harus masuk di global configuration mode
ENG#configure terminal
ENG(config)#
ENG(config)#no router eigrp 22        ---> menghapus routing egirp 22
ENG(config)#router eigrp 122         ----> membuat routing egirp 122
ENG(config-router)#network 192.168.60.0
ENG(config-router)#network 192.168.70.0   
ENG(config-router)#no auto-summary
ENG(config-router)#end
ENG#copy running-config startup-config    ---> WAJIB selesai konfigurasi untuk di save


Selesai mengkonfigurasi router ENG, anda pindah ke router MGT (klik komputer G) untuk mengkonfigurasinya. pertama lihat dahulu konfigurasi di router MGT.
MGT>enable
Password: cisco
MGT#show running-config 
 Bila di lihat dari konfigurasi router MGT, da kesalahan pendaftaran network, seharusnya network yang didaftarkan adalah 192.168.77.0 (bukan 192.168.76.0) --> directly connected dengan Fa0/0
MGT(config)#router eigrp 122
MGT(config-router)#no network 172.168.76.0    --> menghapus network 172.168.76.0
MGT(config-router)#network 172.168.77.0     ---> memasang network directly connected dengan Fa0/0
MGT(config-router)#end
MGT#copy running-config startup-config   --> wajib save konfigurasi

Bila dua router ini telah di konfigurasi, sekarang kita check apakah update roting di terima oleh router ENG. jangan lupa juga untuk check koneksi tiap router untuk menghindari kesalahan.
di terminal ENG.
ENG#show ip route 
Bila semua router dapat menerima roting update dan semua koneksi dapat berjalan berarti konfigurasi telah selesai. jagan lupa untuk menyimpan konfigurasi sebelum lanjut ke pertanyaan berikutnya.

untuk lebih jelas, latihan di pacet tracer download di sini atau di sini.
untuk software pacet tracer download di sini atau di sini.

Berikutnya.. ada soal ACLs dan VTP

Jumat, 16 Maret 2012

Akhir yang melegakan

Akhirnya.. perjuangan selama satu tahun ikut di BINCEN (BINUS CENTER) untuk persiapan sertifikasi cisco selesai juga..  Ada rasa lega, lapang, ada juga rasa sedikit kecewa.. 
lega dan lapang karena saya lulus untuk sertifikasi CCNA. 
Sedikit kecewa karena.. hasinya tipis.. nggak perfect :'(
 Kalo boleh saya sarankan untuk instruktur CCNA BINCEN, esok-esok berikan student'nya informasi sebanyak-banyaknya tentang ujian setifikasinya dari awal kita masuk. Gimana trik-trik'nya, lakukan simulasi-simulasi sebanyak-banyaknya sebelum ujian sertifikasi (soalnya kita akhir-akhir kurang simulasinya, iya kan??) malah simulasinya nggak sama kyak sertifikasi. kalo perlu perbanyak latihan dump soal-soal dari awal, begitu selesai bahas materi langsung bahas dump / BAB. (gila semuanya sama persis, cuma di acak aja pilihannya), karena sama percis.. orang nggak ikut kursus'pun bisa, saya ngeluangin waktu 3 minggu untuk latihan dump + konfigurasi). dump untuk latihan dan softwarenya bisa anda lihat di sini

Sedikit cerita suasana ujian. Sabtu, 10 Maret 2012. saya datang ke BINCEN untuk ujian sertifikasi CCNA, udah bikin jadwal dari 2 bulan sebelumnya kalo bakal ujian tanggal segitu. Ada tambahan biaya untuk ujian, kita harus stor debit. Sekarang untuk ujian setifikasi cisco dikenakan biaya $295(parah... mahal'nyaaa, ini faktor utama yg bikin deg-deg'an gawat kalo sampe gagal).  ujian pukul 13.00, pukul 12.00 saya sudah di sana menunggu di ruang tunggu BINCEN. 1/2 satu kita di suruh naik ke lantai 3, kami ujian bertiga. Trus di foto, saya di foto berulang-ulang kali, fotonyo gagal trus (dalam hati udah deg-deg'an karena mau ujian jadi tambah deg-deg'an!! firasat nggak bener neh foto sampe gagal terus :'( ). Selesai foto kita di buka'in computer, g ada tampilan apapun.. cuma username aja. CS'nya bilang kalo dah siap tinggal tekan,ok! trus kita di tinggal. ^_^ ok!
pertama keluar simulasi.. gimana cara-cara ngerja'in soal. next --> total soal ada 48 soal, soal pertama pilihan ganda, gampang.. sama kayak di dump collisio
soal kedua masih pilihan ganda, eh.. sama juga.. eeit tunggu dulu pilihanya di balik..
soal ketiga konfigurasi.. (kaget!! wew.. apa ini...  kok routernya nggak bisa di click, saya oon nggak baca instruksi pass awal, ternyata untuk konfigurasi harus klik komputernya, hati tambah deg-deg'an, secara kurang latihan konfigurasinya.. kebanyakan latihan dump!)
ini tampilan konfigurasi.Bisa di lihat lebih jelas & di bahas di sini.
soal empat, lima, enam, tujuh, dst.. end.. langsung keluar score.. 
hati bimbang pass klik untuk score... soalnya pas konfigurasi ACL.. nggak di save (LUPA!!), lulus nggak ya! next..
keluar 867. Alhamdulillah... 
liat hasil print di bawah.. bener!!! konfigurasi ACLs NAT gwa dapet 0%, apa karena nggak di save ya? apa karena nggak sesuai sama maunya cisco? tapi configurasinya saya check 2x dan jalan. 
yo wisss lah.. dah lewat.... yang penting saya sudah selesai...dan lulus.. semoga ini jadi langkah yang baik untuk kehidupan saya kedepan dan bermanfaat untuk yang lain. Aamin...

 I realy want to say :
Thanks to Allah SWT --> Hanya atas berkat rahmat Allah saya dapat mengikuti ujian.
Thanks to All My family --> Because always support me ^_^
Thanks to my daughter --> Abi kangen nak...
Thanks to 9tut.com --> Anda benar-benar membantu saya untuk lulus, saya akan mendukung terus situs anda.
Thanks to Collisio --> dump anda sangat membantu saya, walau ada beberapa yang salah :)
Thanks to My Instructor --> David, Yuda, Moko udah mau membagi pengetahuan'nya ^_^
Thanks to All My friends --> senasib sepenangunggan..

Next target.. CCNP.. aamin..

Minggu, 04 Maret 2012

Software Simulasi CCNA

New Page 1
H – 6, semakin dekat dengan  jadwal ujian CCNA. Saya harap nanti ujiannya lancar. Sekarang saya mo berbagi bahan belajar saya untuk ujian. Langsung saja ya semoga bermanfaat…

Ada banyak sekali soal-soal simulasi untuk ujian CCNA di internet, yang online seperti ini dan itu. Tapi yang namanya online anda membutuhkan koneksi internet untuk mengakses soal-soal tersebut. Bagaimana yang nggak punya koneksi internet?? Na.. ini ada software pembantu namanya “Visual CertExam Manager”. Software ini memberikan simulasi mengerjakan soal-soal CCNA + ada score nya…
Software nya bisa anda download di sini atau di sini
Kalo ada yang kurang paham cara downloadnya bisa lihat ke sini
Saya anggap anda telah berhasil mendownload softwarenya, kemudian anda extract, caranya klik kanan, kemudian pilih extract. Anda membutuhkan winrar untuk mengextract file tersebut. Bagi yang nggak punya winrar bisa di download di sini atau di sini.
Bila file sudah di extract, proses selanjutnya adalah di intall. Cukup double click file yang sudah di extract.
Kemudian tampil seperti ini. (hehehehe.. kalo masih nggak ngerti kelewatan)
Tinggal click next --> agree --> next --> next --> beres..
Kalo udah di install, jangan di buka dulu, kita butuh register softwarenya agar menjadi full version, caranya tinggal double click full.reg di folder yang sudah anda extract tadi.
Tampilanya seperti ini, click yes!
Udah selesai di intallasi anda bisa meletakkanya di desktop bila anda suka. Selanjutnya jalankan programnya.(biar panjang tulisanya :p)
 
Setelah anda jalnkan programnya, bisa dilihat ada beberapa fitur di software ini.
Add -- > untuk memasukkan bahan – bahan (soal – soal) untuk simulasi, formatnya VCE
Kalau anda belum punya bisa di download di sini atau di sini, lebih banyak nanti saya share di post berikutnya
Click add -- > kemudian pilih di soal simulasinya, yang sudah anda download tadi / yang anda sudah ada. File berformat vce. -- > kemudian click open

Untuk memulai simulasi cukup pilih file simulasinya, kemudian click start. Maka akan tampil seperti ini
Isikan nama candidate “nama anda”.
Anda bisa memilih pertanyaan berdasarkan materi/BAB, cukup dengan click “Take questions from selected sections only:”
Atau bisa juga memilih berapa banyak pertanyaan yang akan di tampilkan, serta waktu pengerjaannya.
Selanjutnya click OK! Untuk memulai -- > kemudian begin
Maka akan muncul pertanyaan – pertanyaan simulasinya. Pertanyaan berikut click Next. Memeriksa jawaban yang belum terjawab click Review. Kalau sudah di jawab semua. Klik end exam. Dan score anda akan segera keluar.
 Untuk lulus sertifikasi CCNA score anda harus mencapai 825/1000. Ijo berarti lulus, kalo merah berarti gagal. Semakin banyak anda mengerjakan soal semakin bagus. Selamat mencoba. Semoga berhasil

Cara Download


Cara download.
Na.. bagi yang bingung kenapa nggak tampil.. ini itu.. saya bahas di sini. Namanya gratisan.. nt harus rala nunggu, nggak bisa langsung maen download aja J nggak apa-apa ya..
Lanjut..
Ketika anda meng click download.. mungnkin anda ada yang bingung kenapa dowonloadnya tidak muncul. Malah ada halaman http://adf.ly/ atau di http://zpag.es
Di sini anda Cuma di suruh ngunggu sebentar.. sampai ada tulisan skip add di pojok kanan atas. Kemudian anda click. Nanti anda akan terbuka halaman seperti ini untuk indowebseter.
Anda tinggal click download. Kemudian tampil seperti di bawah ini.
Sekali lagi saya mohon maaf, karena untuk yang gratis anda pelu nunggu. Nggak lama kok. Cuma beberapa detik. Setelah proses selesai dan tapil seperti ini :
Anda tinggal click download. Kemudian download akan segera di mulai.
Process download lebih cepat dengan IDM. Kalo belum punya bisa di download  di sini. atau sini 
Jangan lupa tempat penyimpan file download anda. Save As

Selamat mencoba, semoga berhasil

Sabtu, 03 Maret 2012

Soal-soal STP

New Page 1
1.      What are the possible trunking modes for a switch port? (choose three)
-          Transparent
-          Auto
-          On
-          Desirable
-          Client
-          Forwarding

Explanation :
Here, the trunk link is identified by its physical location as the switch module number and port
number. The trunking mode can be set to any of the following:
on-This setting places the port in permanent trunking mode. The corresponding switch
port at the other end of the trunk should be similarly configured because negotiation is not
allowed. The encapsulation or identification mode should also be manually configured.
off-This setting places the port in permanent non-trunking mode. The port will attempt
to convert the link to non-trunking mode.
desirable-Selecting this port will actively attempt to convert the link into trunking
mode. If the far end switch port is configured to on, desirable, or auto mode, trunking
will be successfully negotiated.
auto-The port will be willing to convert the link into trunking mode. If the far end switch
port is configured to on or desirable, trunking will be negotiated. By default, all Fast
Ethernet and Gigabit Ethernet links that are capable of negotiating using DTP are
configured to this mode. Because of the passive negotiation behavior, the link will never
become a trunk, if both ends of the link are left to the auto default.
nonegotiate-The port is placed in permanent trunking mode, but no DTP frames are
generated for negotiation. The far end switch port must be manually configured for
trunking mode.

2.      Which two of these statements regarding RSTP are correct? (choose two)
-          RSTP cannot operate with PVST+.
-          RSTP defines new port roles.
-          RSTP defines no new port states.
-          RSTP is a proprietary implementation of IEEE 802.1D STP.
-          RSTP is compatible with the original IEEE 802.1D STP.

3.     

Jawaban :


4.      Refer to the exhibit. Which statement is true?

-          The Fa0/11 role confirms that SwitchA is not the root bridge for VLAN 20
-          VLAN 20 is running the per VLAN spanning tree protocol.
-          The MAC address of the root bridge is 0017.596d.1580
-          SwitchA is not the root bridge, because not all of the interface roles are designated.

5.      In which circumstance are multiple copies of the same unicast frame likely to be transmitted in switched LAN?
-          After broken links are re-established
-          In an improperly implemented redundant topology
-          When upper-layer protocols require high reliability
-          During high traffic periods
-          When a dual ring topology is in use
Penjelasan :
If we connect two switches via 2 or more links and do not enable STP on these switches then a loop (which creates multiple copies of the same unicast frame) will occur. It is an example of an improperly implemented redundant topology.

6.      Refer to the exhibit. Each of these four switches has been configured with a hostname, as well as being configured to run RSTP. No other configuration changes have been made. Which three of these show the correct RSTP port roles for the indicated switches and interfaces? (Choose three)

-          SwitchA, Fa0/2, designated
-          SwitchA, Fa0/1, root
-          SwitchB, Gi0/2, root
-          SwitchB, Gi0/1, designated
-          SwitchC, Fa0/2, root
-          SwitchD, Gi0/2, root
Penjelasan :
Lihat di sini pertanyaan no. 7

7.      Which three statements about RSTP are true? (choose three)
-          RSTP significantly reduces topology reconverging time after a link failure.
-          RSTP expends the STP port roles by adding the alternate and backup roles.
-          RSTP port states are blocking, discarding, learning, or forwarding.
-          RSTP also uses the STP proposal-agreement sequence.
-          RSTP use the same timer-based process as STP on point-to-point links.
-          RSTP provides a faster transition to the forwarding state on point-to-point links than STP does.

8.     

Jawaban :


9.      Refer to the exhibit. The output that is shown is generated at a switch. Which three of these statements are true? (Choose three)

-          All ports will be in a state of discarding, learning or forwarding.
-          Thirty VLANs have been configured on this switch.
-          The bridge priority is lower than the default value for spanning tree.
-          All interfaces that are shown are on shared media.
-          All designated ports are in a forwarding state.
-          The switch must be the root bridge for all VLANs on this switch.
Explanation :
From the output, we see that all ports are in Designated role (forwarding state) -> A and E are correct.
The command “show spanning-tree vlan 30″ only shows us information about VLAN 30. We don’t know how many VLAN exists in this switch -> B is not correct.
The bridge priority of this switch is 24606 which is lower than the default value bridge priority 32768 -> C is correct.
All three interfaces on this switch have the connection type “p2p”, which means Point-to-point environment – not a shared media -> D is not correct.
The only thing we can specify is this switch is the root bridge for VLAN 3o but we can not guarantee it is also the root bridge for other VLANs -> F is not correct.

10.  An administrator would like to configure a switch over a virtual terminal connection from location outside of the local LAN. Which of the following are required in order for the switch to be configured from a remote location?
-          The switch must be configured with an IP address, subnet mask, and default gateway.
-          The switch must be connected to a router over a VLAN trunk
-          The switch must be reachable through a port connected to its management VLAN
-          The switch console port must be connected to the Ethernet LAN
-          The switch management VLAN must be created and have a membership of at least one switch port
-          The witch must be fully configured as an SNMP agent.

11.  Computer 1 is consoles into switch A. Telnet connection and pings run from the command prompt on switch A fail. Which the following could cause this problem?

-          Switch A does not have a cdp entry for switch B or router JAX
-          Switch A does not have an IP address
-          Port 1 on Switch A should be an access port rather than a trunk port
-          Switch A is not directly connected to router JAX
-          Switch A does not have a default gateway assigned

Explanation :
IP address needs to be configured for ping test and to manage remotely via telnet on the switch..
Cukup dengan memasukkan ip address, telnet bisa jalan. Silahkan coba di lab.

12.  Refer to the exhibit. Given the output shown from this Cisco Catalyst 2950, what is the most likely reason that interface FastEthernet 0/10 is not the root port for VLAN 2?
Switch# show spanning-tree interface fastethernet0/10
-          This switch has more than one interface connected to the root network segment in VLAN 2.
-          This switch is running RSTP while the elected designated switch is running 802.1d Spanning Tree.
-          This switch interface has a higher path cost to the root bridge than another in the topology.
-          This switch has a lower bridge ID for VLAN 2 than the elected designated switch.

13.  Which cisco catalyst feature automatically disables the port in an operational portFast upon receipt of the BPDU?
-          BackboneFast
-          UplinkFast
-          RootGuard
-          BPDU Guard
-          BPDU Filter

14.  Refer to the exhibit. Which two statements are true of the interface on switch1? (choose two)
-          A hub is connected directly to FastEthernet0/5
-          FastEthernet0/1 is configured as a trunk link
-          FastEthernet0/5 has statically assigned mac address
-          Interface FastEthernet0/2 has been disable.
-          Multiple devices are connected directly to fastEthernet0/1
-          FastEthernet0/1 is connected to a host with multiple network interface card

15.  What value is primarily used to determine which port becomes the root port on each non-root switch in a spanning-tree topology?
-          lowest port MAC address
-          port priority number and MAC address.
-          VTP revision number
-          highest port priority number.
-          path cost
Explanation :
The path cost to the root bridge is the most important value to determine which port will become the root port on each non-root switch. In particular, the port with lowest cost to the root bridge will become root port (on non-root switch).

16.  Which two states are the port states when RSTP has converged? (choose two)
-          Blocking
-          learning
-          disabled
-          forwarding
-          listening

Explanation :
RSTP only has 3 port states that are discarding, learning and forwarding. When RSTP has converged there are only 2 port states left: discarding and forwarding but the answers don’t mention about discarding state so blocking state (answer A) may be considered the best alternative answer.

17.  Which three statements accurately describe layer 2 Ethernet switches?(choose three)
-           Microsegmentation decreases the number of collisions on the network.
-          if a switch receives a frame for an unkown destination,it uses ARP to resolve the address.
-          Spanning Tree Protocol allows switches to automatically share vlan information.
-          In a properly functioning network with redundant switched paths,each swiched aegment will contain one
-          root bridge with all its ports in the forwarding state.All other switches in that broadcast domain will have only one root port.
-          Establishing vlans increases the number of broadcast domains.
-          Switches that are configured with vlans make forwarding decisions based on both layer 2 and layer 3 address information.

18.  Which two of these are characteristics of the 802.1Q protocol? (Choose two)
-           It is a layer 2 messaging protocol which maintains vlan configurations across network.
-          It includes an 8-bit field which specifies the priority of a frame.
-          It is used exclusively for tagging vlan frames and dose not address network reconvergence following switched network topology changes.
-          It modifies the 802.3 frame header and thus requires that the FCS be recomputed.
-          It is a trunking protocol capable of earring untagged frames.

Explanation :
IEEE 802.1Q is the networking standard that supports Virtual LANs (VLANs) on an Ethernet network. It is a protocol that allows VLANs to communicate with one another using a router. 802.1Q trunks support tagged and untagged frames.
If a switch receives untagged frames on a trunk port, it believes that frame is a part of the native VLAN. Also, frames from a native VLAN are not tagged when exiting the switch via a trunk port.
The 802.1q frame format is same as 802.3. The only change is the addition of 4 bytes fields. That additional header includes a field with which to identify the VLAN number. Because inserting this header changes the frame, 802.1Q encapsulation forces a recalculation of the original FCS field in the Ethernet trailer.
Note: Frame Check Sequence (FCS) is a four-octet field used to verify that the frame was received without loss or error. FCS is based on the contents of the entire frame.

19.  A network administrator needs to configure port security on a switch.which two statements are true? (choose two)
-          The network administrator can apply port security to dynamic access ports
-          The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
-          The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
-          The network administrator can apply port security to EtherChannels.
-          When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.

20.  Refer to the exhibit. At the end of an RSTP election process, which access layer switch port will assume the discarding role?
-          Switch3, port fa0/1
-          Switch3, port fa0/12
-          Switch4, port fa0/11
-          Switch4, port fa0/2
-          Switch3, port Gi0/1
-          Switch3, port Gi0/2

Explanation:
Slection of the designated ports. The ports on the root brigde are designated ports. The designated port should be the one that has the lowest path cost to the root bridge. If the ports have the same path cost, the lowest ID switch port will be the designated port. If the switch ports have the same ID, the lowest number port will be the designated port

21.  Refer to the exhibit. This command is executed on 2960Switch:
2960Switch(config)# mac-address-table static 0000.00aa.aaaa vlan 10 interface fa0/1.
Which two of these statements correctly identify results of executing the command? (Choose two.)
-           Port security is implemented on the fa0/1 interface.
-          MAC address 0000.00aa.aaaa does not need to be learned by this switch.
-          Only MAC address 0000.00aa.aaaa can source frames on the fa0/1 segment.
-          Frames with a Layer 2 source address of 0000.00aa.aaaa will be forwarded out fa0/1.
-          MAC address 0000.00aa.aaaa will be listed in the MAC address table for interface fa0/1 only.

Explanation
The above command adds the MAC address 0000.00aa.aaaa to the MAC address table of the switch. This is called static MAC address. Static addresses have the following characteristics:
* Static addresses will not be removed from the address table when a given interface link is down.
* Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
* A static address cannot be learned on another port until the address is removed with the no form of this command.
Static MAC address is not a Port Security feature -> A is not correct.
If the MAC address 0000.00aa.aaaa is seen again (on fa0/1 or other ports), it does not need to be learned because it already exists in the MAC address table of the switch -> B is correct.
Although configured with a static MAC address, switch can still learn other MAC addresses dynamically -> C is not correct.
Frames with a Layer 2 destination address (not source address) of 0000.00aa.aaaa will beforwarded out fa0/1 -> D is not correct.

22.  Which port state is introduced by Rapid-PVST?
-          Learning
-          Listening
-          Discarding
-          forwarding

Explanation
PVST+ is based on IEEE802.1D Spanning Tree Protocol (STP). But PVST+ has only 3 port states (discarding, learning and forwarding) while STP has 5 port states (blocking, listening, learning, forwarding and disabled). So discarding is a new port state in PVST+.

23.  Refer to the exhibit. Give this output for SwitchC, what should the network administrator’s next action be?
-          Check the trunk encapsulation mode for SwitchC’s fa0/1 port.
-          Check the duplex mode for SwitchC’s fa0/1 port.
-          Check the duplex mode for SwitchA’s fa0/2 port.
-          Check the trunk encapsulation mode for SwitchA’s fa0/2 port.