2017 Novermber New 300-115 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-115 Questions:

1.|2017 New 300-115 Exam Dumps (PDF & VCE) 478Q&As Download:
https://www.braindump2go.com/300-115.html

2.|2017 New 300-115 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNYjV4eHQ4dTJoQXc?usp=sharing

QUESTION 161
Which private VLAN can have only one VLAN and be a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports and the gateway?

A. isolated VLAN
B. primary VLAN
C. community VLAN
D. promiscuous VLAN

Answer: A
Explanation:
Understanding Primary, Isolated, and Community Private VLANs Primary VLANs and the two types of secondary VLANs (isolated and community) have these characteristics:
Primary VLAN–The primary VLAN carries traffic from the promiscuous ports to the host ports, both isolated and community, and to other promiscuous ports.
Isolated VLAN–An isolated VLAN is a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports. You can configure multiple isolated VLANs in a private VLAN domain; all the traffic remains isolated within each one. Each isolated VLAN can have several isolated ports, and the traffic from each isolated port also remains completely separate.
Community VLAN–A community VLAN is a secondary VLAN that carries upstream traffic from the community ports to the promiscuous port and to other host ports in the same community. You can configure multiple community VLANs in a private VLAN domain. The ports within one community can communicate, but these ports cannot communicate with ports in any other community or isolated VLAN in the private VLAN.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/ CLIConfigurationGuide/PrivateVLANs.html

QUESTION 162
Which database is used to determine the validity of an ARP packet based on a valid IP-to- MAC address binding?

A. DHCP snooping database
B. dynamic ARP database
C. dynamic routing database
D. static ARP database

Answer: A
Explanation:
Information About Dynamic ARP Inspection DAI is used to validate ARP requests and responses as follows:
Intercepts all ARP requests and responses on untrusted ports.
Verifies that a packet has a valid IP-to-MAC address binding before updating the ARP cache or forwarding the packet.
Drops invalid ARP packets.
DAI can determine the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a DHCP snooping binding database. This database is built by DHCP snooping when it is enabled on the VLANs and on the device. It may also contain static entries that you have created.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/hyperv/sw/5_2_1_s_m_1_5_2/troubleshooting/configuration/guide/n1000v_troubleshooting/n1000v_trouble_19dhcp.html

QUESTION 163
When IP Source Guard with source IP filtering is enabled on an interface, which feature must be enabled on the access VLAN for that interface?

A. DHCP snooping
B. storm control
C. spanning-tree portfast
D. private VLAN

Answer: A
Explanation:
IP Source Guard Configuration Guidelines
You can configure static IP bindings only on nonrouted ports. If you enter the ip source binding mac-address vlan vlan-id ip-address interface interface-id global configuration command on a routed interface, this error message appears:
Static IP source binding can only be configured on switch port.
When IP source guard with source IP filtering is enabled on an interface, DHCP snooping must be enabled on the access VLAN for that interface.
If you are enabling IP source guard on a trunk interface with multiple VLANs and DHCP snooping is enabled on all the VLANs, the source IP address filter is applied on all the VLANs.
You can enable this feature when 802.1x port-based authentication is enabled.
Reference: http:// www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01110.html

QUESTION 164
Which switch feature prevents traffic on a LAN from being overwhelmed by continuous multicast or broadcast traffic?

A. storm control
B. port security
C. VTP pruning
D. VLAN trunking

Answer: A
Explanation:
A traffic storm occurs when packets flood the LAN, which creates excessive traffic and degrades network performance. The traffic storm control feature prevents LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces from either mistakes in network configurations or from users issuing a DoS attack.
Reference: http://3c3cc.com/c/en/us/td/docs/routers/7600/ios/122SR/configuration/guide/swcg/dos.pdf

QUESTION 165
Which command would a network engineer apply to error-disable a switchport when a packet-storm is detected?

A. router(config-if)#storm-control action shutdown
B. router(config-if)#storm-control action trap
C. router(config-if)#storm-control action error
D. router(config-if)#storm-control action enable

Answer: A
Explanation:
Configuring the Traffic Storm Control Shutdown Mode
To configure the traffic storm control shutdown mode on an interface, perform this task:
Command Purpose
Step 1 Router(config)# interface {{type1 Selects an interface to configure.
slot/port} | {port-channel num-ber}}
Step 2 Router(config-if)# storm-control (Optional) Configures traffic storm control to action shutdown error- disable ports when a traffic storm occurs.
• Enter the no storm-control action shut-down command to revert to the default action (drop).
• Use the error disable detection and recov-ery feature, or the shutdown and no shut-down commands to reenable ports.
Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/storm.html

QUESTION 166
When a Cisco Catalyst switch that is configured in VTP server mode is first booted, which two VLAN ranges are loaded on the switch?

A. all VLAN are in the VLAN database.
B. VLANs greater than 1005 in the startup-config file
C. the first 1005 VLANs in the VLAN database file
D. the first 1005 VLANs in the startup-config file
E. VLANs greater than 1005 in the VLAN database file

Answer: BC
Explanation:
If the startup VTP mode is server mode, or the startup VTP mode or domain names do not match the VLAN database, VTP mode and VLAN configuration for the first 1005 VLANs are selected by VLAN database information, such as the vlan.dat file. VLANs greater than 1005 are configured from the switch configuration file.
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2940-series-switches/109304-manage-vlandat.html#bootup

QUESTION 167
An enterprise network has port security sticky enabled on all access ports.
A network administrator moves a PC from one office desk to another.
After the PC is moved, the network administrator clears the port security on the new network switch port connecting to the PC, but the port keeps going back into err-disabled mode.
Which two factors are possible causes of this issue? (Choose two)

A. Port security sticky exists on the new network switch port.
B. Port security sticky is disabled on the new network switch port.
C. Port security must be disabled on all access ports.
D. Port security is still enabled on the older network switch port.
E. Port security sticky is still enabled on the older network switch port.

Answer: AE

QUESTION 168
On which interface can port security be configured?

A. static trunk ports
B. destination port for SPAN
C. EtherChannel port group
D. dynamic access point

Answer: A
Explanation:
Port Security and Port Types
You can configure port security only on Layer 2 interfaces. Details about port security and different types of interfaces or ports are as follows:
Access ports–You can configure port security on interfaces that you have configured as Layer 2 access ports. On an access port, port security applies only to the access VLAN. Trunk ports–You can configure port security on interfaces that you have configured as Layer 2 trunk ports. VLAN maximums are not useful for access ports. The device allows VLAN maximums only for VLANs associated with the trunk port.
SPAN ports–You can configure port security on SPAN source ports but not on SPAN destination ports.
Ethernet Port Channels–Port security is not supported on Ethernet port channels.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_portsec.html

QUESTION 169
Based on the show spanning-tree vlan 200 output shown in the exhibit, which two statements about the STP process for VLAN 200 are true? (Choose two.)

A. BPDUs will be sent out every two seconds.
B. The time spent in the listening state will be 30 seconds.
C. The time spent in the learning state will be 15 seconds.
D. The maximum length of time that the BPDU information will be saved is 30 seconds.
E. This switch is the root bridge for VLAN 200.
F. BPDUs will be sent out every 10 seconds.

Answer: BF

QUESTION 170
Which three statements are correct with regard to the IEEE 802.1Q standard? (Choose three)

A. The IEEE 802.1Q frame format adds a 4 byte field to a Ethernet frame
B. The packet is encapsulated with a 26 byte header and a 4 byte FCS
C. The protocol uses point-to-multipoint connectivity
D. The protocol uses point-to-point connectivity
E. The IEEE 802.1Q frame uses multicast destination of 0x01-00-0c-00-00
F. The IEEE 802.1Q frame retains the original MAC destination address

Answer: ADF


!!!RECOMMEND!!!

1.|2017 New 300-115 Exam Dumps (PDF & VCE) 478Q&As Download:
https://www.braindump2go.com/300-115.html

2.|2017 New 300-115 Study Guide Video:
https://youtu.be/mzIgwoqlU20