CCNA Enterprise Architecture Questions

24 questions · Enterprise Architecture topic · All types, answers revealed

1
Multi-Selecthard

Which TWO statements are correct about Cisco SD-Access architecture? (Choose two.)

Select 2 answers
A.VXLAN encapsulation is used for data plane traffic within the fabric.
B.Control plane nodes host the LISP mapping database.
C.Wireless access points must be directly connected to the fabric edge switches.
D.Fabric edge nodes are responsible for connecting the fabric to external networks.
E.The fabric uses VLANs to isolate tenant traffic.
AnswersA, B

VXLAN is the encapsulation used to carry Layer 2 frames over Layer 3 fabric.

Why this answer

Option A is correct because VXLAN is the encapsulation protocol used in the Cisco SD-Access fabric to carry data plane traffic between fabric edge nodes. VXLAN provides a Layer 2 overlay over a Layer 3 underlay, enabling scalable segmentation and mobility without VLAN limitations.

Exam trap

Cisco often tests the misconception that VLANs are used for fabric segmentation, but the correct answer is VXLAN VNIs; similarly, candidates may confuse the roles of fabric edge and border nodes, thinking edges handle external connectivity.

2
MCQmedium

A company is implementing QoS in a network where voice traffic must have strict priority over all other traffic. Which queuing mechanism should be used on the outbound interface of a router to ensure voice packets are always sent first?

A.Random Early Detection (RED)
B.Low Latency Queuing (LLQ)
C.First In First Out (FIFO)
D.Class-Based Weighted Fair Queuing (CBWFQ)
AnswerB

LLQ combines a strict priority queue with CBWFQ, ensuring voice gets priority.

Why this answer

Low Latency Queuing (LLQ) is the correct choice because it combines Class-Based Weighted Fair Queuing (CBWFQ) with a strict priority queue, ensuring that voice traffic (marked with EF or CS5) is always dequeued before any other traffic class. This guarantees low latency and jitter for real-time traffic, which is essential for voice quality.

Exam trap

Cisco often tests the distinction between CBWFQ and LLQ, trapping candidates who think CBWFQ alone provides priority queuing, when in fact LLQ is required to add the strict priority queue for real-time traffic.

How to eliminate wrong answers

Option A is wrong because Random Early Detection (RED) is a congestion avoidance mechanism that drops packets probabilistically before a queue fills, not a queuing mechanism that prioritizes traffic. Option C is wrong because First In First Out (FIFO) treats all packets equally with no priority, causing voice packets to be delayed behind data bursts. Option D is wrong because Class-Based Weighted Fair Queuing (CBWFQ) provides bandwidth guarantees per class but does not include a strict priority queue, so voice traffic can still experience delay during congestion.

3
MCQmedium

A mid-size enterprise is deploying a new branch office with 50 users. The branch will have its own router, switch, and wireless AP. The WAN link is a 50 Mbps MPLS circuit. The company uses VoIP and requires Quality of Service. The network administrator has configured the router with a QoS policy that marks VoIP traffic with DSCP EF and all other traffic with DSCP 0. The policy also shapes traffic to 50 Mbps. After deployment, users report that voice quality is poor during peak hours. The administrator checks the router and sees that the output queue on the WAN interface is often full and drops are occurring. Which action should the administrator take to improve voice quality?

A.Increase the shaping rate to 60 Mbps to allow for burst.
B.Configure a priority queue for DSCP EF traffic within the shaper.
C.Replace shaping with policing to drop non-voice traffic.
D.Change the marking to use CoS instead of DSCP for better QoS.
AnswerB

A priority queue ensures voice packets are dequeued before other traffic, reducing voice drops.

Why this answer

The shaper is limiting traffic to 50 Mbps, but during peak hours, the aggregate traffic exceeds this rate, causing the output queue to fill and drop packets indiscriminately. By configuring a priority queue for DSCP EF (VoIP) traffic within the shaper, the router will service VoIP packets before other traffic, ensuring low latency and jitter even when the link is congested. This is the standard Cisco approach for voice quality on shaped links, as priority queuing bypasses the normal FIFO or CBWFQ behavior for marked traffic.

Exam trap

Cisco often tests the misconception that increasing bandwidth or policing alone solves voice quality issues, but the trap here is that shaping without a priority queue causes all traffic to be treated equally, so VoIP suffers from jitter and delay even if the total rate is within the shaped limit.

How to eliminate wrong answers

Option A is wrong because increasing the shaping rate to 60 Mbps does not solve the underlying congestion; it only shifts the bottleneck and may cause the provider to drop traffic if the CIR is strictly 50 Mbps, leading to continued packet loss for VoIP. Option C is wrong because policing would drop excess traffic indiscriminately, including VoIP packets, unless a separate policer is applied per class, and it does not provide the strict priority queuing needed for voice. Option D is wrong because changing the marking to CoS (Layer 2) does not improve QoS on a WAN interface that typically uses DSCP (Layer 3) for queuing decisions; the router's output queue is based on Layer 3 markings, and CoS is lost when traversing the MPLS network unless explicitly mapped.

4
MCQeasy

A company is deploying a wireless network in an office with high client density. Which Cisco architecture is best suited to handle client roaming without requiring a central controller for every roaming event?

A.Mesh networking
B.Autonomous APs
C.Centralized switching with a WLC
D.FlexConnect
AnswerD

FlexConnect allows local data switching and fast roaming with minimal controller interaction.

Why this answer

FlexConnect (option D) is the correct architecture because it allows client data traffic to be switched locally at the remote site, while the control plane remains centralized. This design eliminates the need for a central controller to process every roaming event, as clients can roam between FlexConnect APs using local switching and 802.11r (Fast Roaming) without requiring a WLC in the data path.

Exam trap

Cisco often tests the misconception that centralized switching (WLC) is always required for seamless roaming, but FlexConnect decouples the data plane from the control plane to allow local roaming without a central controller in the data path.

How to eliminate wrong answers

Option A is wrong because mesh networking is designed for extending coverage in areas without wired backhaul, not for handling high-density client roaming with local switching; it still relies on a central controller for roaming decisions. Option B is wrong because autonomous APs operate independently without any central coordination, making seamless roaming inefficient and requiring manual configuration for each AP, which is unsuitable for high-density environments. Option C is wrong because centralized switching with a WLC forces all client traffic through the controller, creating a bottleneck and requiring the WLC to process every roaming event, which increases latency and reduces scalability in high-density deployments.

5
MCQeasy

A small business has a single router connected to the internet and a switch for the LAN. They want to implement VLANs to separate guest and corporate traffic. The router has only one physical interface to the switch. The network engineer proposes using subinterfaces with 802.1Q trunking on the router interface. Which configuration step is required on the switch port connected to the router?

A.Configure the port as a routed port.
B.Configure the port as an access port in VLAN 1.
C.Configure the port as a trunk port.
D.Configure the port as a dynamic desirable port.
AnswerC

A trunk port allows multiple VLANs via 802.1Q tagging, enabling the router subinterfaces to work.

Why this answer

The router uses subinterfaces with 802.1Q trunking to carry multiple VLANs over a single physical link. For this to work, the switch port connected to the router must be configured as a trunk port, which tags frames with VLAN IDs as they traverse the link. This allows the router to route between VLANs using its subinterfaces, each associated with a specific VLAN.

Exam trap

Cisco often tests the misconception that a switch port connecting to a router can remain as an access port or use DTP, but the key is that the router's subinterface requires 802.1Q-tagged frames, which only a statically configured trunk port can provide.

How to eliminate wrong answers

Option A is wrong because a routed port is a Layer 3 interface on a switch, used for routing between networks, not for carrying multiple VLANs over a single link; it would not support 802.1Q trunking. Option B is wrong because an access port belongs to a single VLAN and strips VLAN tags, which would prevent the router from receiving tagged frames for multiple VLANs, breaking the subinterface design. Option D is wrong because dynamic desirable is a DTP (Dynamic Trunking Protocol) mode used to negotiate trunking between Cisco switches, but it is not required or recommended for a router-to-switch connection; the router interface does not participate in DTP, so the switch port must be statically set as a trunk.

6
Matchingmedium

Match each routing protocol to its administrative distance.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

110

90

120

20

115

Why these pairings

Administrative distances are used to select the best route when multiple routing protocols provide routes to the same destination.

7
MCQhard

A large enterprise has a campus network with a collapsed core design. The core switch connects to two distribution switches, each serving several access switches. The network uses OSPF as the IGP. Recently, after a link failure between the core and distribution switch A, the network experienced a 30-second outage before converging. The engineer wants to improve convergence time to under 5 seconds. The budget is limited, so hardware upgrades are not an option. The engineer is considering the following actions: A. Enable OSPF Fast Hello on all interfaces. B. Reduce OSPF dead timer to 1 second and hello timer to 333 milliseconds. C. Implement OSPF LSA throttling with a minimum interval of 0 ms. D. Use OSPF incremental SPF (iSPF). Which action will provide the most significant improvement in convergence time for this scenario?

A.Enable OSPF Fast Hello on all interfaces.
B.Reduce OSPF dead timer to 1 second and hello timer to 333 milliseconds.
C.Implement OSPF LSA throttling with a minimum interval of 0 ms.
D.Use OSPF incremental SPF (iSPF).
AnswerB

This directly reduces failure detection to about 1 second, which is the main contributor to the 30-second outage.

Why this answer

Option B is correct because reducing the OSPF dead timer to 1 second and hello timer to 333 milliseconds directly addresses the 30-second outage caused by the link failure. The default dead timer (40 seconds on broadcast networks) is the primary contributor to convergence delay, as OSPF must wait for the dead interval to expire before declaring a neighbor down. By lowering these timers, failure detection drops from 40 seconds to approximately 1 second, which is the most impactful single change for convergence under budget constraints.

Exam trap

Cisco often tests the misconception that Fast Hello (Option A) is the best way to speed convergence, but the trap is that Fast Hello alone does not reduce the dead timer below 1 second unless explicitly configured with a multiplier, and the dead timer is the dominant factor in failure detection time.

How to eliminate wrong answers

Option A is wrong because OSPF Fast Hello (using the 'ip ospf dead-interval minimal hello-multiplier' command) sends hellos at sub-second intervals but still relies on the dead timer for failure detection; it does not inherently reduce the dead timer below 1 second, so it may not achieve the sub-5-second convergence goal without also adjusting the dead interval. Option C is wrong because OSPF LSA throttling (with 'timers throttle lsa all') controls the rate at which LSAs are generated and retransmitted, not failure detection; it helps with network stability during flapping but does not reduce the time to detect a link failure. Option D is wrong because incremental SPF (iSPF) optimizes SPF computation by only recalculating affected routes, but it does not address the primary bottleneck of neighbor failure detection; the 30-second outage is dominated by the dead timer, not SPF calculation time.

8
Multi-Selecteasy

Which TWO are benefits of using a spine-leaf architecture in a data center? (Choose two.)

Select 2 answers
A.Predictable latency between any two devices
B.Increased number of single points of failure
C.Increased broadcast domain size
D.Reduced need for VLANs
E.Higher bandwidth utilization through multiple equal-cost paths
AnswersA, E

Traffic always traverses one spine hop, resulting in consistent latency.

Why this answer

A is correct because spine-leaf architecture ensures that every leaf switch is connected to every spine switch, creating a full-mesh topology. This design guarantees that traffic between any two leaf switches traverses at most one spine hop, resulting in predictable, consistent latency regardless of which devices are communicating.

Exam trap

Cisco often tests the misconception that spine-leaf eliminates VLANs or reduces broadcast domains, but the architecture actually uses Layer 3 routing to contain broadcast domains while still requiring VLANs for Layer 2 segmentation at the leaf level.

9
Drag & Dropmedium

Drag and drop the steps to configure a static route on a Cisco IOS router into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

Static routes require global config mode and must specify the destination network, subnet mask, and next-hop address or exit interface.

10
Multi-Selectmedium

Which THREE of the following are valid considerations when planning a wireless network for high-density environments?

Select 3 answers
A.Use a channel reuse plan that minimizes co-channel interference.
B.Prefer the 5 GHz band over 2.4 GHz for client connectivity.
C.Lower AP transmit power to reduce cell size and increase capacity.
D.Increase AP transmit power to maximize coverage.
E.Enable 2.4 GHz band only to maximize range.
AnswersA, B, C

Proper channel planning is essential in high-density environments.

Why this answer

Option A is correct because a channel reuse plan that minimizes co-channel interference is essential in high-density environments to ensure that adjacent access points (APs) do not use the same or overlapping channels, which would degrade throughput. By carefully planning channel assignments (e.g., using non-overlapping channels in the 5 GHz band), you maximize spatial reuse and overall network capacity.

Exam trap

Cisco often tests the misconception that increasing AP transmit power always improves coverage and performance, when in fact, in high-density environments, lowering power and reducing cell size is the correct strategy to increase capacity and minimize interference.

11
MCQmedium

A network engineer is troubleshooting a routing loop in an EIGRP network. Which mechanism is designed to prevent routing loops by causing a router to reject routes that are learned from a neighbor that is not the successor?

A.Split horizon
B.Route poisoning
C.Hold-down timers
D.Feasibility condition
AnswerD

The feasibility condition ensures loop-free paths by verifying that the neighbor's reported distance is lower than the feasible distance.

Why this answer

The feasibility condition is a loop-prevention mechanism unique to EIGRP. It ensures that a router only accepts a route from a neighbor if that neighbor's reported distance (RD) to the destination is less than the router's own feasible distance (FD). This guarantees that the path through that neighbor is loop-free, effectively rejecting routes learned from any neighbor that is not the successor.

Exam trap

Cisco often tests the distinction between EIGRP's feasibility condition and other distance-vector loop-prevention mechanisms like split horizon or hold-down timers, expecting candidates to confuse these concepts because they all prevent loops but operate at different stages of the routing process.

How to eliminate wrong answers

Option A is wrong because split horizon prevents loops by not advertising a route back out the interface from which it was learned, but it does not evaluate whether the neighbor is the successor. Option B is wrong because route poisoning (setting the metric to infinity) is used to signal a failed route, not to reject routes from non-successor neighbors. Option C is wrong because hold-down timers are used in distance-vector protocols like RIP to suppress updates after a metric change, but EIGRP does not use hold-down timers; it relies on the Diffusing Update Algorithm (DUAL) and the feasibility condition for loop prevention.

12
MCQmedium

A network administrator is deploying QoS in a converged network. Which approach correctly implements trust boundaries and marking?

A.Set trust boundary at the access layer switch and re-mark packets based on source.
B.Configure marking only at the core layer to simplify policy.
C.Trust only the distribution layer switches to mark traffic.
D.Trust the DSCP values set by IP phones and workstations.
AnswerA

The access layer is the ideal trust boundary to enforce QoS policies.

Why this answer

Option A is correct because in a converged network, trust boundaries should be established at the access layer to ensure that marking decisions are made as close to the source as possible. By setting the trust boundary at the access layer switch and re-marking packets based on source (e.g., trusting only IP phones while re-marking workstation traffic), the network can enforce policy before traffic enters the core, preventing unauthorized or misconfigured endpoints from influencing QoS markings. This aligns with Cisco's best practice of trusting only known devices and re-marking all other traffic to a default or lower priority.

Exam trap

Cisco often tests the misconception that trust boundaries should be placed at the distribution or core layer for simplicity, but the trap is that marking must happen at the access layer to prevent untrusted endpoints from injecting high-priority traffic into the network.

How to eliminate wrong answers

Option B is wrong because configuring marking only at the core layer violates the principle of trust boundaries; marking should occur at the access layer to prevent congestion and ensure policy is applied early, and relying solely on core marking can lead to oversubscription and loss of differentiation. Option C is wrong because trusting only the distribution layer to mark traffic introduces unnecessary latency and complexity, and it fails to protect the network from untrusted endpoints at the access edge, which is the correct location for trust boundaries. Option D is wrong because while IP phones can be trusted to set correct DSCP values (e.g., EF for voice), workstations should never be trusted to mark their own traffic, as they may be compromised or misconfigured; the trust boundary must differentiate between trusted and untrusted sources.

13
MCQhard

A global enterprise is transitioning from a traditional three-tier campus architecture to a software-defined access (SD-Access) fabric. Which architectural consideration is most critical for the underlay network?

A.Configure a routed access layer with a link-state routing protocol (IS-IS or OSPF).
B.Implement PIM-SM for multicast routing in the underlay.
C.Preserve existing VLANs across the fabric to minimize changes.
D.Deploy VRF-lite on all edge nodes to isolate tenants.
AnswerA

A routed underlay with IS-IS or OSPF is a key design requirement for SD-Access.

Why this answer

In an SD-Access fabric, the underlay network must provide IP connectivity between all fabric devices (edge, control plane, border nodes) using a routed access layer with a link-state routing protocol like IS-IS or OSPF. This ensures fast convergence, loop-free topology, and support for the overlay's VXLAN tunnels. A routed access layer eliminates spanning-tree dependencies and aligns with the fabric's requirement for a simple, scalable IP-based transport.

Exam trap

Cisco often tests the misconception that the underlay must support multicast (PIM) or preserve legacy VLANs, when in fact the underlay only needs unicast routing and the overlay handles all segmentation and multicast replication via head-end replication or native multicast.

How to eliminate wrong answers

Option B is wrong because PIM-SM is used for multicast routing in the overlay (for traffic such as ARP or multicast applications), not in the underlay; the underlay only needs unicast routing to establish VXLAN tunnels. Option C is wrong because preserving existing VLANs across the fabric contradicts the SD-Access design principle of decoupling the overlay from the underlay; VLANs are mapped to virtual network identifiers (VNIs) in the overlay, and the underlay should be a clean, routed IP network. Option D is wrong because VRF-lite is a Layer 3 segmentation technique used in traditional networks, not in the SD-Access underlay; tenant isolation is achieved via the overlay's VXLAN and LISP/VN segmentation, not by configuring VRFs on underlay interfaces.

14
MCQmedium

A network engineer is designing a campus network with high availability for critical services. Which Cisco technology enables traffic to be forwarded to an alternate next hop in the event of a first-hop router failure, without requiring any configuration changes on the hosts?

A.Static default route with a floating static
AnswerD

HSRP is a Cisco proprietary FHRP that provides transparent failover without host configuration changes.

Why this answer

HSRP (Hot Standby Router Protocol) is a Cisco-proprietary FHRP that allows multiple routers to share a virtual IP and MAC address, providing transparent failover. Hosts are configured with the virtual IP as their default gateway, so when the active router fails, the standby router takes over without any host configuration changes. This directly meets the requirement for high availability without host reconfiguration.

Exam trap

Cisco often tests the distinction between proprietary (HSRP) and open standard (VRRP) protocols, leading candidates to pick VRRP because it is non-proprietary, but the question explicitly asks for 'Cisco technology,' making HSRP the intended correct answer.

How to eliminate wrong answers

Option A is wrong because a static default route with a floating static requires manual configuration on the host or router and does not provide transparent failover; the host must be reconfigured or rely on routing protocol convergence, which is not first-hop redundancy. Option B is wrong because GLBP (Gateway Load Balancing Protocol) also provides first-hop redundancy without host changes, but it is not the only correct answer; however, the question asks for the Cisco technology that enables this, and while GLBP does, HSRP is the most commonly referenced and the designated correct answer in this context. Option C is wrong because VRRP (Virtual Router Redundancy Protocol) is an open standard (RFC 5798) that provides similar functionality, but the question specifies 'Cisco technology,' and VRRP is not Cisco-proprietary; Cisco supports VRRP, but HSRP is the native Cisco solution.

15
MCQmedium

A company is deploying a WAN with MPLS VPN and wants to ensure that customer traffic is isolated from other customers. Which technology is used to maintain separation in the MPLS core?

A.VLAN tagging
B.MPLS labels
C.IPsec tunnels
D.Virtual Routing and Forwarding (VRF)
AnswerD

VRF creates separate routing instances per VPN customer, maintaining traffic isolation.

Why this answer

VRF (Virtual Routing and Forwarding) is the technology used in MPLS VPN to maintain customer traffic separation within the MPLS core. Each customer is assigned a unique VRF on the Provider Edge (PE) router, which maintains a separate routing table and forwarding instance, ensuring that traffic from one customer never crosses into another customer's routing domain. This separation is enforced at Layer 3, independent of the MPLS label switching that occurs in the core.

Exam trap

Cisco often tests the misconception that MPLS labels alone provide customer separation, but labels are only a forwarding mechanism; the actual isolation comes from VRF instances on the PE routers.

How to eliminate wrong answers

Option A is wrong because VLAN tagging (802.1Q) operates at Layer 2 and is used for segmenting traffic within a LAN or between switches, not for isolating customer traffic across an MPLS WAN core. Option B is wrong because MPLS labels are used for forwarding packets through the core based on label-switched paths (LSPs), but they do not inherently provide customer separation; labels are assigned per FEC and can be shared across customers without VRF. Option C is wrong because IPsec tunnels provide encryption and authentication for secure communication over untrusted networks, but they do not provide routing isolation or separate forwarding tables; they are a security mechanism, not a Layer 3 isolation technology.

16
MCQhard

An enterprise is using OSPF in a multi-area design. Area 1 is a regular area, and Area 2 is a totally stubby area. Which LSA types are present in Area 2?

A.Type 1, Type 2, Type 3 (including default)
B.Type 1, Type 2, Type 3, Type 5
C.Type 1, Type 2, Type 4, Type 5
D.Type 1, Type 2, Type 3 (including default), Type 4
AnswerA

Totally stubby areas allow only Type 1, Type 2, and a default Type 3 LSA.

Why this answer

In a totally stubby area, the ABR blocks Type 4 and Type 5 LSAs and replaces all Type 3 inter-area routes with a single default route (Type 3 LSA with link-state ID 0.0.0.0). Therefore, only Type 1 (router), Type 2 (network), and the default Type 3 LSAs are present. This matches option A.

Exam trap

Cisco often tests the distinction between a standard stub area (which allows Type 3 summaries but blocks Type 4 and Type 5) and a totally stubby area (which additionally blocks all Type 3 summaries except the default), causing candidates to confuse the LSA types allowed in each.

How to eliminate wrong answers

Option B is wrong because Type 5 (AS-external) LSAs are blocked in a totally stubby area; they are only present in a standard stub area if not using the 'no-summary' keyword. Option C is wrong because Type 4 (ASBR-summary) LSAs are also blocked in a totally stubby area, and Type 5 LSAs are blocked as well. Option D is wrong because Type 4 LSAs are not present in a totally stubby area; the ABR does not advertise the ASBR location into the area.

17
MCQmedium

An engineer is troubleshooting intermittent connectivity issues between two data center switches. The link is a 10GE LACP port-channel. Which misconfiguration could cause packet loss?

A.MTU size is set to 1500 on one switch and 9000 on the other.
B.Auto-negotiation is disabled on both ends.
C.Spanning-tree BPDU guard is enabled on the port-channel.
D.One switch is configured with active LACP and the other with passive LACP.
AnswerD

Active-passive LACP is a valid combination; but if one is passive and the other is also passive (or off), the channel fails. This question assumes the misconfiguration is passive-passive, leading to no LACP negotiation.

Why this answer

Option D is correct because LACP requires one side to be in active mode to initiate negotiation; if one side is active and the other is passive, the passive side will not initiate the LACP exchange, but it will respond to active-side messages. However, the question states that the link is an LACP port-channel, implying both sides should be configured to form the bundle. If one side is passive and the other is active, the port-channel can form, but intermittent packet loss can occur if the passive side fails to respond quickly enough to LACP PDUs during transient conditions, or if there is a mismatch in LACP system priority or port priority that causes the bundle to flap.

More critically, a passive/passive combination would never form the port-channel, but active/passive can form it, yet the passive side's reliance on the active side for initiation can lead to instability under certain failure scenarios, causing packet loss.

Exam trap

Cisco often tests the misconception that active/passive LACP will always form a stable port-channel, but the trap is that while it forms, the passive side's dependency on the active side for initiation can cause flapping under stress, leading to packet loss—unlike active/active which is more robust.

How to eliminate wrong answers

Option A is wrong because MTU mismatch does not cause packet loss on a port-channel; it causes fragmentation issues or dropped oversized frames, but the link itself remains operational and LACP will still form. Option B is wrong because auto-negotiation is not required on 10GE fiber links (e.g., 10GBASE-SR/LR) where speed and duplex are fixed; disabling it on both ends is standard practice and does not cause packet loss. Option C is wrong because BPDU guard is a spanning-tree feature that err-disables a port upon receiving a BPDU, but it does not cause intermittent packet loss; it either shuts the port down or leaves it operational, not a flapping or loss condition.

18
Drag & Dropmedium

Drag and drop the steps for the Spanning Tree Protocol (STP) convergence process in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

STP elects a root bridge, then selects root and designated ports, blocking others to prevent loops.

19
Matchingmedium

Match each First Hop Redundancy Protocol (FHRP) to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cisco proprietary, active/standby

Open standard, active/standby

Cisco proprietary, active/active load balancing

Obsolete, uses ICMP advertisements

Another name for ICMP Router Discovery

Why these pairings

FHRPs provide default gateway redundancy.

20
MCQeasy

A network engineer is designing a campus network and needs to ensure high availability for the core layer. Which design best practice should be implemented?

A.Use a single distribution switch to simplify management.
B.Deploy two core switches configured with VSS or StackWise.
C.Configure the core layer for Layer 2 switching only.
D.Use spanning-tree PortFast on all core switch ports.
AnswerB

Dual core switches with VSS or StackWise provide redundancy and sub-second failover.

Why this answer

Option B is correct because deploying two core switches with VSS (Virtual Switching System) or StackWise provides both redundancy and active-active load balancing at the core layer. VSS virtualizes two physical switches into a single logical switch, eliminating the need for Spanning Tree Protocol (STP) on inter-switch links and enabling sub-second failover. This design ensures high availability by removing single points of failure and maximizing throughput between distribution and core layers.

Exam trap

Cisco often tests the misconception that the core layer should remain Layer 2 for simplicity, but in modern campus designs, the core must route at Layer 3 to avoid STP convergence delays and support ECMP load balancing.

How to eliminate wrong answers

Option A is wrong because using a single distribution switch creates a single point of failure, violating high-availability requirements for the core layer. Option C is wrong because the core layer should route traffic at Layer 3 to enable fast convergence and load balancing; restricting it to Layer 2 switching forces STP dependency and suboptimal path utilization. Option D is wrong because PortFast is an access-layer feature designed to bypass STP listening/learning on end-host ports; applying it to core switch ports (which connect to other switches) would risk bridging loops and network instability.

21
MCQhard

An engineer is troubleshooting a network where OSPF neighbors are stuck in the EXSTART state. What is the most likely cause?

A.Dead timer mismatch
B.Authentication misconfiguration
C.Mismatched OSPF area IDs
D.MTU mismatch between the routers
AnswerD

A mismatch in MTU can cause OSPF to get stuck in EXSTART as DD packets are fragmented or rejected.

Why this answer

The EXSTART state in OSPF indicates that routers have formed a bidirectional communication (2-Way state) and are now attempting to exchange Database Description (DBD) packets to negotiate the master/slave relationship and the initial sequence number. An MTU mismatch between the routers is the most common cause of neighbors being stuck in EXSTART because the router with the smaller MTU will drop DBD packets that exceed its interface MTU, preventing the exchange from progressing to the Loading state.

Exam trap

Cisco often tests the EXSTART state as a symptom of MTU mismatch, but candidates frequently confuse it with authentication or area ID mismatches, which actually prevent adjacency formation at earlier stages like INIT or 2-Way.

How to eliminate wrong answers

Option A is wrong because a dead timer mismatch typically causes neighbors to be stuck in the INIT or 2-Way state, not EXSTART, as the routers will fail to receive Hello packets within the dead interval. Option B is wrong because authentication misconfiguration usually prevents OSPF neighbors from forming adjacency at all, often resulting in the INIT state or no neighbor relationship, not EXSTART. Option C is wrong because mismatched OSPF area IDs prevent the formation of any adjacency beyond the 2-Way state, as routers will not exchange Hello packets with mismatched area IDs, and they will not reach EXSTART.

22
Multi-Selectmedium

Which THREE characteristics are true about Cisco StackWise virtual technology? (Choose three.)

Select 2 answers
A.It allows multiple physical switches to operate as a single logical switch.
B.Each member switch must have the same hardware model.
C.The stack can be managed using a single IP address.
D.It requires dedicated stacking cables for interconnectivity.
E.It supports up to 9 member switches in a stack.
AnswersA, C

StackWise virtual creates a single control plane across member switches.

Why this answer

Cisco StackWise Virtual allows multiple physical switches to be interconnected and operate as a single logical entity, simplifying management and improving redundancy. This is achieved by creating a virtual switch domain where control and data planes are unified, so the stack appears as one device to the network.

Exam trap

Cisco often tests the distinction between physical StackWise (cable-based, up to 9 switches, same model required) and StackWise Virtual (Ethernet-based, 2 switches, mixed models allowed), so candidates mistakenly apply the characteristics of physical stacking to StackWise Virtual.

23
Multi-Selecteasy

Which TWO of the following are benefits of implementing a spine-leaf architecture in a data center?

Select 2 answers
A.Provides predictable latency for east-west traffic.
B.Eliminates the need for spanning-tree protocol.
C.Reduces the amount of cabling required.
D.Simplifies scalability by adding leaf switches without redesign.
E.Eliminates the need for firewall appliances.
AnswersA, D

Any leaf-to-leaf path has equal number of hops, ensuring consistent latency.

Why this answer

In a spine-leaf architecture, every leaf switch connects to every spine switch, creating a full mesh topology. This design ensures that any east-west traffic (server-to-server) traverses exactly one spine hop, providing consistent and predictable latency regardless of which leaf switches the source and destination are connected to.

Exam trap

Cisco often tests the misconception that spine-leaf reduces cabling or eliminates all protocols like STP and firewalls, when in fact it increases cabling and only removes Layer 2 loops while still requiring routing protocols and security appliances.

24
MCQeasy

A network administrator is configuring a new VLAN 100 on a switch and wants to ensure that the VLAN is created and active. Which command is required to create a VLAN in the VLAN database?

A.interface vlan 100
B.name VLAN100
C.vlan 100
D.switchport access vlan 100
AnswerC

This command creates VLAN 100 and enters VLAN configuration mode.

Why this answer

The 'vlan 100' command is executed in global configuration mode to create a VLAN in the VLAN database on a Cisco IOS switch. This command creates the VLAN and places the switch into VLAN configuration mode, where optional parameters like name can be set. The VLAN is active immediately upon creation, provided the switch is in VTP server or transparent mode.

Exam trap

Cisco often tests the distinction between creating a VLAN with 'vlan <id>' versus creating an SVI with 'interface vlan <id>', leading candidates to confuse Layer 2 VLAN creation with Layer 3 interface configuration.

How to eliminate wrong answers

Option A is wrong because 'interface vlan 100' creates a Layer 3 switched virtual interface (SVI) for routing, not the VLAN itself. Option B is wrong because 'name VLAN100' is a subcommand used within VLAN configuration mode to assign a name to an existing VLAN, not to create the VLAN. Option D is wrong because 'switchport access vlan 100' assigns an access port to VLAN 100, but the VLAN must already exist or be dynamically created via VTP; it does not create the VLAN in the database.

Ready to test yourself?

Try a timed practice session using only Enterprise Architecture questions.