Practise switch scenarios involving SW1, SW2, VLANs, trunk links, allowed VLAN lists and show interfaces trunk output.
Start Scenario PracticeDrag and drop the steps to configure VLAN Trunking Protocol (VTP) on a Cisco switch in the correct order.
Explanation: VTP requires setting mode and domain before trunking works; verification confirms operation.
A network administrator is troubleshooting a performance issue in a large enterprise campus network. The network consists of Cisco Catalyst 9300 switches acting as access switches and Cisco Catalyst 9500 switches as distribution. Users on VLAN 10 report intermittent slow file transfers to a server on VLAN 20. The administrator has verified that there are no errors on the links, CPU utilization is normal, and STP topology is stable. The administrator suspects a possible QoS issue. Upon checking the QoS configuration on the access switch, the administrator finds that the default QoS configuration is in place, which trusts the CoS value at the port level. The connected devices are IP phones and PCs; the IP phones mark voice traffic with CoS 5. The server on VLAN 20 is connected to a distribution switch. Which action should the administrator take to most likely resolve the issue?
Explanation: Option C is correct because Auto QoS for VoIP automatically configures the necessary class maps, policy maps, and trust settings to properly classify and queue voice traffic (CoS 5) while ensuring data traffic is not starved. The default QoS configuration trusts CoS at the port level, but without proper queuing and scheduling, voice and data may compete for buffers, causing intermittent slow file transfers. Auto QoS sets up strict priority queuing for voice and allocates bandwidth for data, resolving the performance issue without manual misconfiguration.
Your company has deployed a Cisco Catalyst 9300 switch stack as the distribution layer for a campus network. The network uses VLANs 10 (data), 20 (voice), and 30 (management). The switch stack is configured with DHCP snooping, Dynamic ARP Inspection (DAI), and IP Source Guard (IPSG) on access ports. Recently, users in VLAN 10 report intermittent connectivity issues. You notice that some users receive duplicate IP addresses from the DHCP server. The DHCP server is connected to a trunk port on the switch stack. After reviewing logs, you see that DHCPACK messages are being dropped on the trunk port. The DHCP snooping binding table shows entries for legitimate clients, but also some entries with MAC addresses from a different vendor. Which action should you take to resolve the issue?
Explanation: The DHCP snooping feature treats all ports as untrusted by default, which means DHCP server messages (DHCPOFFER, DHCPACK, DHCPNAK) are dropped on untrusted ports. Since the DHCP server is connected to a trunk port and DHCPACK messages are being dropped, that trunk port must be explicitly configured as a trusted port for DHCP snooping using the 'ip dhcp snooping trust' interface command. This allows legitimate DHCP server responses to reach clients, resolving the duplicate IP address issue caused by clients not receiving their assigned addresses.
Which TWO of the following are valid methods to mitigate VLAN hopping attacks?
Explanation: Option B is correct because disabling Dynamic Trunking Protocol (DTP) on all access ports prevents a switch port from automatically negotiating a trunk, which is the primary vector for VLAN hopping attacks. An attacker can spoof DTP messages to force a port into trunking mode, gaining access to multiple VLANs; disabling DTP eliminates this risk.
Examine the following configuration snippet: interface GigabitEthernet1/0/1 switchport mode access switchport access vlan 100 spanning-tree portfast spanning-tree bpduguard enable What is the effect of this configuration?
Explanation: The configuration enables PortFast and BPDU Guard on an access port. PortFast immediately transitions the port to forwarding state, bypassing the usual STP listening and learning phases. BPDU Guard monitors for incoming BPDUs; if any are received, it error-disables the port to prevent a potential bridging loop from an unauthorized switch connection.
+10 more scenario questions available
Practice all SW1 and SW2 VLAN Trunking Practice QuestionsPractise switch scenarios involving SW1, SW2, VLANs, trunk links, allowed VLAN lists and show interfaces trunk output. These appear throughout the 350-401 and require you to apply your knowledge, not just recall facts.
Cisco doesn't publish an exact breakdown, but scenario-based questions (especially exhibit and command-output formats) make up a significant portion of the 350-401. Practicing each scenario type ensures you're ready for any format.
Yes. Courseiva provides free 350-401 scenario practice across all official exam domains. The platform includes scenario-based questions, command-output interpretation, topic-based practice, mock exams, and readiness tracking — no account required.
Launch a full SW1 and SW2 VLAN Trunking Practice Questions session with instant scoring and detailed explanations.
Start Scenario Practice →