Free Cisco 300-115 Practice Test & Real Exam Questions

Exam Code/Number: 300-115
Exam Name/Title: Implementing Cisco IP Switched Networks
Certification Provider: Cisco
Corresponding Certification: CCNP

Exam Questions: 162
Updated On: Jun 08, 2026

Question #1

After you connected a host to switch port GO/1, the port error disabled. Which command can you enter to determine the reason?

A. show log

B. show interfaces g0/1 status

C. Show run interface g0/1

D. show ip interface brief

Discussion 0

Correct Answer: C Vote an answer

Question #2

Which three features of AAA with TACACS+ are true? (Choose three.)

A. It separates authorization and authentication functions.

B. It encrypts the entire transmission.

C. It secures access to endpoint devices.

D. It integrates authorization and authentication functions.

E. It encrypts the password for transmission.

F. It secures access to network devices.

Discussion 0

Correct Answer: A,B,F Vote an answer

Question #3

You move a switch from a network where it performed Layer 2 switching only to a network where it performs layer 2 switching and Layer 3 routing. You notice that the switch is showing high CPU usage and significantly degraded routing performance. Which command sequence do you use lo trouble-shoot and fix the problem?

A. #shown sdm prefer (Config)# prefer routing

B. #shown sdm prefer (Config) #sdm prefer default

C. #show running-config (config)#ip rouing

D. #shown sdm prefer (config) #sdm prefer vlan

Discussion 0

Correct Answer: B Vote an answer

Question #4

You want to configure port security on an interface. Which two tasks must you perform? (Choose two)

A. Configure a static secure MAC address on the interface

B. Reset the maximum number of secure MAC addresses on the interface to the default setting.

C. Verify that the interface is not a SPAN destination

D. Enable port security on the interface

E. Verify that the interface is not configured for private VLANs

Discussion 0

Correct Answer: A,D Vote an answer

Question #5

Which command displays information about isolated VLANs without associated interfaces?

A. show vlan brief

B. show vlan private-vlan type

C. show vlan summary

D. show private-vlan association

Discussion 0

Correct Answer: D Vote an answer

Question #6

RSPAN has been configured on a Cisco Catalyst switch; however, traffic is not being replicated to the remote switch. Which type of misconfiguration is a cause?

A. The local and remote RSPAN switches are configured using different session IDs.

B. The RSPAN designated VLAN is missing the remote span command.

C. The local switch is overloaded with the amount of sourced traffic that must be replicated to the remote switch.

D. The local RSPAN switch is replicating only Rx traffic to the remote switch.

Discussion 0

Correct Answer: B Vote an answer

Question #7

Which two statements about HSRP, GLBP, and VRRP are true? (Choose two.)

A. HSRP supports up to 255 groups on the same switch or router.

B. GLBP allows for a maximum of four MAC addresses per group.

C. VRRP has one master router, one standby router, and many listening routers.

D. HSRP is the preferred protocol to be used on multivendor environments.

E. VRRP is a Cisco proprietary protocol.

Discussion 0

Correct Answer: A,B Vote an answer

Question #8

You are configuring dynamic ARP inspection on two switches that connect two hosts on the same VLAN.
You want to enable the two hosts to communicate without compromising security. Which two tasks must you perform? (Choose two )

A. Enable dynamic ARP inspection on the VLAN on which the hosts reside

B. Configure the ip verify source vlan dhcp-snooping command on the device

C. Configure as trusted the interface at each end of the link between the switches

D. Configure an ACL on the device to allow ARP traffic only

E. Configure the ip arp inspection validate ip command on the device

Discussion 0

Correct Answer: C,E Vote an answer

Question #9

SWITCH.com is an IT company that has an existing enterprise network comprised of two layer 2 only switches; DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 20 is a new VLAN that will be used to provide the shipping personnel access to the server. Corporate polices do not allow layer 3 functionality to be enabled on the switches. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:
* Users connecting to VLAN 20 via portfO/1 on ASW1 must be authenticated before they are given access to the network. Authentication is to be done via a Radius server:
* Radius server host: 172.120.40.46
* Radius key: rad123
* Authentication should be implemented as close to the host as possible.
* Devices on VLAN 20 are restricted to the subnet of 172.120.40.0/24.
* Packets from devices in the subnet of 172.120.40.0/24 should be allowed on VLAN 20.
* Packets from devices in any other address range should be dropped on VLAN 20.
* Filtering should be implemented as close to the serverfarm as possible.
The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features.

Discussion 0

Correct Answer:

The configuration:
Step1: Console to ASW1 from PC console 1
ASW1(config)#aaa new-model
ASW1(config)#radius-server host 172.120.39.46 key rad123
ASW1(config)#aaa authentication dot1x default group radius
ASW1(config)#dot1x system-auth-control
ASW1(config)#inter fastEthernet 0/1
ASW1(config-if)#switchport mode access
ASW1(config-if)#dot1x port-control auto
ASW1(config-if)#exit
ASW1#copy run start
Step2: Console to DSW1 from PC console 2
DSW1(config)#ip access-list standard 10
DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-ext-nacl)#exit
DSW1(config)#vlan access-map PASS 10
DSW1(config-access-map)#match ip address 10
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit
DSW1(config)#vlan access-map PASS 20
DSW1(config-access-map)#action drop
DSW1(config-access-map)#exit
DSW1(config)#vlan filter PASS vlan-list 20
DSW1#copy run start

Question #10

Which two operational attributes can be checked for EtherChannel ports that are in err-disabled state? (Choose two.)

A. Port cost

B. Duplex

C. Port mode

D. DTP

E. VLAN

Discussion 0

Correct Answer: C,E Vote an answer

Question #11

Which two limitations of IP Source Guard are true? (Choose two )

A. It is supported only on egress Layer 3 ports

B. It is supported only on ingress Layer 2 ports

C. It is supported only on PAgP EtherChannels

D. It is supported only on ingress Layer 3 ports.

E. It is supported only on packets switched in hardware

Discussion 0

Correct Answer: B,E Vote an answer

Download Free Cisco 300-115 Demo

Simply submit your e-mail address below to get started with our free demo of your Cisco 300-115 exam.