CORRECT TEXT
SWITCH.com is an IT company that has an existing enterprise network comprised of two layer 2 only switches; DSW1 and ASW1. The topology diagram indicates
their layer 2 mapping. VLAN 20 is a new VLAN that will be used to provide the shipping personnel access to the server. Corporate polices do not allow layer 3
functionality to be enabled on the switches. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:
· Users connecting to VLAN 20 via portfO/1 on ASW1 must be authenticated before they are given access to the network. Authentication is to be done via a Radius
server:
· Radius server host: 172.120.40.46
· Radius key: rad123
· Authentication should be implemented as close to the host as possible.
· Devices on VLAN 20 are restricted to the subnet of 172.120.40.0/24.
· Packets from devices in the subnet of 172.120.40.0/24 should be allowed on VLAN 20.
· Packets from devices in any other address range should be dropped on VLAN 20.
· Filtering should be implemented as close to the serverfarm as possible.

The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to
installing the servers. You must use the available IOS switch features.

When you configure a private VLAN, which type of port must you configure the gateway router port as?

When you configure private VLANs on a switch, which port type connects the switch to the gateway router?

On which interface can port security be configured?

Which feature describes MAC addresses that are dynamically learned or manually configured, stored in the address table, and added to the running configuration?

A network engineer configures port security and 802.1x on the same interface. Which option describes what this configuration allows?

Which command would a network engineer apply to error-disable a switchport when a packet- storm is detected?

Which switch feature prevents traffic on a LAN from being overwhelmed by continuous multicast or broadcast traffic?

When IP Source Guard with source IP filtering is enabled on an interface, which feature must be enabled on the access VLAN for that interface?

Which database is used to determine the validity of an ARP packet based on a valid IP-to-MAC address binding?