CCNA 2 Module 10-13
It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?
Split the traffic between the 2.4 GHz and 5 GHz frequency bands.
A company has recently implemented an 802.11n wireless network. Some users are complaining that the wireless network is too slow. Which solution is the best method to enhance the performance of the wireless network?
NAT - The wireless router will use a service called Network Address Translation (NAT) to convert private IPv4 addresses to internet-routable IPv4 addresses for wireless devices to gain access to the internet.
A network administrator deploys a wireless router in a small law firm. Employee laptops join the WLAN and receive IP addresses in the 10.0.10.0/24 network. Which service is used on the wireless router to allow the employee laptops to access the internet?
It is used to encrypt the messages between the WLC and the RADIUS server.
A network administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The configuration requires a shared secret password. What is the purpose for the shared secret password?
protect
A network administrator is configuring port security on a Cisco switch. The company security policy specifies that when a violation occurs, packets with unknown source addresses should be dropped and no notification should be sent. Which violation mode should be configured on the interfaces?
802.11ac
A network administrator is required to upgrade wireless access to end users in a building. To provide data rates up to 1.3 Gb/s and still be backward compatible with older devices, which wireless standard should be implemented?
Make sure that different SSIDs are used for the 2.4 GHz and 5 GHz bands.
A network administrator is working to improve WLAN performance on a dual-band wireless router. What is a simple way to achieve a split-the-traffic result?
RADIUS
A network administrator of a college is configuring the WLAN user authentication process. Wireless users are required to enter username and password credentials that will be verified by a server. Which server would provide such service?
The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.
A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?
Change the default user-name and password of the wireless router.
A technician is about to install and configure a wireless network at a small branch office. What is the first security measure the technician should apply immediately upon powering up the wireless router?
Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band.
A technician is troubleshooting a slow WLAN that consists of 802.11b and 802.11g devices . A new 802.11n/ac dual-band router has been deployed on the network to replace the old 802.11g router. What can the technician do to address the slow wireless speed?
Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made.
Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action will occur when PC1 is attached to switch S1 with the applied configuration?
The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.
Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown?
The port violation mode is the default for any port that has port security enabled.
Refer to the exhibit. What can be determined about port security from the information that is shown?
accidental interference
The company handbook states that employees cannot have microwave ovens in their offices. Instead, all employees must use the microwave ovens located in the employee cafeteria. What wireless security risk is the company trying to avoid?
Packets with unknown source addresses will be dropped. If there is a violation, interface Fa0/1 will drop packets with unknown MAC addresses.
The switch S1 interface Fa0/1 has been configured with the following command: `switchport port-security violation protect` Which event will take place if there is a port security violation on switch S1 interface Fa0/1?
- Disable DTP. - Enable trunking manually. - Set the native VLAN to an unused VLAN.
What are three techniques for mitigating VLAN attacks? (Choose three.)
enterprise
What is a wireless security mode that requires a RADIUS server to authenticate wireless users?
Clients will have to manually identify the SSID to connect to the network.
What is an advantage of SSID cloaking?
It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.
What is the behavior of a switch when the MAC address table is full?
CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access point and a wireless LAN controller.
What is the function provided by CAPWAP protocol in a corporate wireless network?
Legitimate clients are unable to lease IP addresses.
What is the result of a DHCP starvation attack?
preventing rogue switches from being added to the network
What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?
authentication
Which AAA component proves users are who they say they are?
authorization
Which access control component, implementation, or protocol controls what users can do on the network?
local AAA
Which authentication method stores usernames and passwords in the router and is ideal for small networks?
accounting
Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?
the native VLAN of the trunking port being the same as a user VLAN
Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks?
- SSID - AP password - wireless network password
Which three parameters would need to be changed if best practices are being implemented for a home wireless AP? (Choose three.)
- Port Security - DHCP Snooping
Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.)
- S1(config-if)# spanning-tree bpduguard enable - S1(config)# spanning-tree portfast bpduguard default
Which two commands can be used to enable BPDU guard on a switch? (Choose two.)
beacon - Beacons are the only management frame that may regularly be broadcast by an AP.
Which type of management frame may regularly be broadcast by an AP?
wireless local-area network
Which type of wireless network is based on the 802.11 standard and a 2.4-GHz or 5-GHz radio frequency?