IT-341 Module-11 Chapter-11 (Cisco)

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/14

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

15 Terms

1
New cards

What is a recommended best practice when dealing with the native VLAN?

a. Turn off DTP.

b. Use port security.

c. Assign it to an unused VLAN.

d. Assign the same VLAN number as the management VLAN.

c. Assign it to an unused VLAN.

2
New cards

On what switch ports should PortFast be enabled to enhance STP stability?

a. All end-user ports

b. Only ports that attach to a neighboring switch

c. All trunk ports that are not root ports

d. Only ports that are elected as designated ports

a. All end-user ports

3
New cards

Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?

a. shutdown

b. ip dhcp snooping

c. switchport port-security mac-address sticky

d. switchport port-security violation shutdown

e. switchport port-security mac-address sticky mac-address

a. shutdown

4
New cards

Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.)

a. Port security

b. Extended ACL

c. DHCP snooping

d. DHCP server failover

e. Strong password on DHCP servers

a. Port security

c. DHCP snooping

5
New cards

What is the best way to prevent a VLAN hopping attack?

a. Disable STP on all nontrunk ports.

b. Use ISL encapsulation on all trunk links.

c. Use VLAN 1 as the native VLAN on trunk ports.

d. Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.

d. Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.

6
New cards

Which procedure is recommended to mitigate the chances of ARP spoofing?

a. Enable port security globally.

b. Enable DHCP snooping on selected VLANs.

c. Enable DAI on the management VLAN.

d. Enable IP Source Guard on trusted ports.

b. Enable DHCP snooping on selected VLANs.

7
New cards

What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.)

a. Unknown port

b. Untrusted port

c. Unauthorized port

d. Trusted DHCP port

e. Authorized DHCP port

f. Established DHCP port

b. Untrusted port

d. Trusted DHCP port

8
New cards

Which two commands can be used to enable PortFast on a switch? (Choose two.)

a. S1(config-if)# spanning-tree portfast

b. S1(config-line)# spanning-tree portfast

c. S1(config)# spanning-tree portfast default

d. S1(config-if)# enable spanning-tree portfast

e. S1(config)# enable spanning-tree portfast default

a. S1(config-if)# spanning-tree portfast

c. S1(config)# spanning-tree portfast default

9
New cards

An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation?

a. Reboot the switch.

b. Issue the shutdown command followed by the no shutdown command on the interface.

c. Issue the no switchport port-security command, then re-enable port security.

d. Issue the no switchport port-security violation shutdown command on the interface.

b. Issue the shutdown command followed by the no shutdown command on the interface.

10
New cards

A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first?

a. ip dhcp snooping

b. ip dhcp snooping vlan

c. ip dhcp snooping trust

d. ip dhcp snooping limit rate

a. ip dhcp snooping

11
New cards

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command?

a. To check the destination MAC address in the Ethernet header against the MAC address table

b. To check the destination MAC address in the Ethernet header against the user-configured ARP ACLs

c. To check the destination MAC address in the Ethernet header against the target MAC address in the ARP body

d. To check the destination MAC address in the Ethernet header against the source MAC address in the ARP body

c. To check the destination MAC address in the Ethernet header against the target MAC address in the ARP body

12
New cards

Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?

a. BPDU filter

b. Port security

c. Storm control

d. Root guard

b. Port security

13
New cards

What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?

a. VLAN hopping

b. DHCP spoofing

c. ARP poisoning

d. ARP spoofing

a. VLAN hopping

14
New cards

A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?

a. ip arp inspection vlan

b. ip arp inspection trust

c. ip dhcp snooping

d. spanning-tree portfast

b. ip arp inspection trust

15
New cards

Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?

a. ROM

b. RAM

c. NVRAM

d. Flash

b. RAM

Explore top notes

Explore top flashcards