CCNA 2 v7 Modules 10 - 13: L2 Security and WLANs Exam Answers
A network administrator is required to upgrade wireless access to end users in a building. To provide data rates up to 1.3 Gb/s and still be backward compatible with older devices, which wireless standard should be implemented?
802.11ac
What two IEEE 802.11 wireless standards operate only in the 5 GHz range? (Choose two.)
802.11ac 802.11a
On a Cisco 3504 WLC dashboard, which option provides access to the full menu of features?
Advanced
What is the function provided by CAPWAP protocol in a corporate wireless network?
CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access point and a wireless LAN controller.
Which step is required before creating a new WLAN on a Cisco 3500 series WLC?
Create a new VLAN interface.
What are three techniques for mitigating VLAN attacks? (Choose three.)
Enable trunking automatically Disable DTP set the native VLAN to an unused VLAN
A network administrator enters the following commands on the switch SW1. SW1(config)# interface range fa0/5 - 10 SW1(config-if)# ip dhcp snooping limit rate 6 What is the effect after these commands are entered?
FastEthernet ports 5 through 10 can receive up to 6 DHCP discovery messages per second.
A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?
It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
A network administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The configuration requires a shared secret password. What is the purpose for the shared secret password?
It is used to encrypt the messages between the WLC and the RADIUS server.
Which statement describes the behavior of a switch when the MAC address table is full?
It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.
What is the result of a DHCP starvation attack?
Legitimate clients are unable to lease IP addresses.
Which two commands can be used to enable BPDU guard on a switch? (Choose two.)
S1(config-if)# spanning-tree bpduguard enable S1(config)# spanning-tree portfast bpduguard default
What are two protocols that are used by AAA to authenticate users against a central database of usernames and password? (Choose two.)
TACACS+ RADIUS
A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?
The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.
Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?
VLAN double-tagging1
A network administrator is configuring port security on a Cisco switch. The company security policy specifies that when a violation occurs, packets with unknown source addresses should be dropped and no notification should be sent. Which violation mode should be configured on the interfaces?
WLANs
While attending a conference, participants are using laptops for network connectivity. When a guest speaker attempts to connect to the network, the laptop fails to display any available wireless networks. The access point must be operating in which mode?
active
Which type of management frame may regularly be broadcast by an AP?
beacon
Which wireless network topology would be used by network engineers to provide a wireless network for an entire college building?
infrastructure
Which authentication method stores usernames and passwords in the router and is ideal for small networks?
local AAA
What type of wireless antenna is best suited for providing coverage in large open spaces, such as hallways or large conference rooms?
omnidirectional
Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.)
port security DCHP snooping
A network administrator is configuring port security on a Cisco switch. The company security policy specifies that when a violation occurs, packets with unknown source addresses should be dropped and no notification should be sent. Which violation mode should be configured on the interfaces?
protect
What are the two methods that are used by a wireless NIC to discover an AP? (Choose two.)
receiving a broadcast beacon frame transmitting a probe request
An IT security specialist enables port security on a switch port of a Cisco switch. What is the default violation mode in use until the switch port is configured to use a different violation mode?
shutdown
As part of the new security policy, all switches on the network are configured to automatically learn MAC addresses for each port. All running configurations are saved at the start and close of every business day. A severe thunderstorm causes an extended power outage several hours after the close of business. When the switches are brought back online, the dynamically learned MAC addresses are retained. Which port security configuration enabled this?
sticky secure MAC addresses
What device is considered a supplicant during the 802.1X authentication process?
the client that is requesting authentication
Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks
the native VLAN of the trunking port being the same as a user VLAN
A technician is configuring the channel on a wireless router to either 1, 6, or 11. What is the purpose of adjusting the channel?
to avoid interference from nearby wireless devices
Which type of wireless network is based on the 802.11 standard and a 2.4-GHz or 5-GHz radio frequency?
wireless local-area network