Ch. 10-13 knowledge checks
If three 802.11b access points need to be deployed in close proximity, which three frequency channels should be used? (Choose three.)
1.) 11 2.) 1 3.) 6
What UDP ports and IP protocols are used by CAPWAP for IPV6? (Choose three.)
1.) 136 2.) 5246 3.) 5247
What UDP ports and IP protocols are used by CAPWAP for IPV4? (Choose three.)
1.) 17 2.) 5246 3.) 5247
Which 802.11 standards exclusively use the 5 GHz radio frequency? (Choose 2)
1.) 802.11a 2.) 802.11ac
Which of the following components are integrated in a wireless home router? (Choose three.)
1.) Access point 2.) Switch 3.) Router
5. In the split MAC architecture for CAPWAP which of the following are the responsibility of the WLC? (Choose four.)
1.) Authentication 2.) Association and re-association of roaming clients 3.) Termination of 802 11 traffic on a wired interface 4.) Frame translation to other protocols
What are the best ways to secure WLANS? (Choose two.)
1.) Authentication 2.) Encryption
Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.)
1.) DHCP snooping 2.) port security
What type of attack is an "evil twin AP" attack?
1.) MITM
In the split MAC architecture for CAPWAP, which of the following are the responsibility of the AP? (Choose four.)
1.) Packet acknowledgments and retransmissions 2.) Beacons and probe responses 3.) MAC layer data encryption and decryption 4.) Frame queueing and packet prioritization
What two protocols are supported on Cisco devices for AAA communications? (Choose two.)
1.) RADIUS 2.) TACACS+
Which two commands can be used to enable PortFast on a switch? (Choose two.)
1.) S1(config-if)# spanning-tree portfast 2.) S1(config)# spanning-tree portfast default
Which protocol and port numbers are used by both IPV4 and IPV6 CAPWAP tunnels? (Choose two.)
1.) UDP 2.) 5246 and 5247
Which of the following mitigation techniques are used to protect Layer 3 through Layer 7 of the OSI Model? (Choose three.)
1.) VPN 2.) Firewalls 3.) IPS devices
Which devices are specifically designed for network security? (Choose three)
1.) VPN-enabled router 2.) NGFW 3.) NAC
Which of the following authentication methods has the user enter a pre-shared password? (Choose two)
1.) WPA Personal 2.) WPA2 Personal
Which three Cisco products focus on endpoint security solutions? (Choose three.)
1.) Web Security Appliance 2.) Email Security Appliance 3.) NAC Appliance
Which two roles are typically performed by a wireless router that is used in a home or small business? (Choose two.)
1.) access point 2.) Ethernet switch
What three services are provided by the AAA framework? (Choose three )
1.) authentication 2.) accounting 3.) authorization
Which of the following statements are true about modes of operation for a FlexConnect AP? (Choose two )
1.) in standalone mode, the WLC is unreachable and the AP switches local traffic and performs client authentication locally 2.) In connect mode, the WLC is reachable and performs all its CAPWAP functions
What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.)
1.) untrusted port 2.) trusted DHCP port
How many channels are available for the 2.4 GHz band in Europe?
13
How many channels are available for the 5 GHz band?
24
How many address fields are in the 802.11 wireless frame?
4
Which IEEE standard operates at wireless frequencies in both the 5 GHz and 2.4 GHz ranges?
802.11n
What is involved in an IP address spoofing attack?
A legitimate network IP address is hijacked by a rogue node.
Which of the following encryption methods uses CCMP to recognize if the encrypted and non-encrypted bits have been altered?
AES
A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor's device is the default gateway What type of attack is this?
ARP spoofing
Which AAA component is responsible for collecting and reporting usage data for auditing and billing purposes?
Accounting
What is the term for an AP that does not send a beacon, but waits for clients to send probes?
Active
Which wireless topology mode is used by two devices to connect in a peer-to- peer network?
Ad hoc
A threat actor changes the MAC address of the threat actor's device to the MAC address of the default gateway. What type of attack is this?
Address spoofing
What is a recommended best practice when dealing with the native VLAN?
Assign it to an unused VLAN.
Which AAA component is responsible for controlling who is permitted to access the network?
Authentication
In an 802.1X implementation, which device is responsible for relaying responses?
Authenticator
Which AAA component is responsible for determining what the user can access?
Authorization
Which of the following is a standalone device, like a home router, where the entire WLAN configuration resides on the device?
Autonomous AP
Which of the following is an IEEE 802.15 WPAN standard that uses a device- pairing process to communicate?
Bluetooth
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?
CDP
A threat actor discovers the IOS version and IP addresses of the local switch What type of attack is this?
CDP reconnaissance
Which of the following mitigation techniques prevents ARP spoofing and ARP poisoning attacks?
DAI
Which of the following mitigation techniques prevents DHCP starvation and DHCP spoofing attacks?
DHCP snooping
3. A threat actor leases all the available IP addresses on a subnet. What type of attack is this?
DHCP starvation
Which Layer 2 attack will result in legitimate users not getting valid IP addresses?
DHCP starvation
Which of the following modulation techniques spreads a signal over a larger frequency band?
DSSS
What is the best way to prevent a VLAN hopping attack?
Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.
Which device monitors SMTP traffic to block threats and encrypt outgoing messages to prevent data loss?
ESA
Which procedure is recommended to mitigate the chances of ARP spoofing?
Enable DHCP snooping on selected VLANS.
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
Enable port security.
Which of the following modulation techniques rapidly switches a signal among frequency channels?
FHSS
True or False: A rogue AP is a misconfigured AP connected to the network and a possible source of DoS attacks
False
True or False: Laptops that do not have an integrated wireless NIC can only be attached to the network through a wired comection.
False
True or False: When you need to expand the coverage of a small network, the best solution is to use a range extender.
False
Which Cisco solution helps prevent MAC and IP address spoofing attacks?
IP Source Guard
Which of the following mitigation techniques prevents MAC and IP address spoofing?
IPSG
What IP versions does CAPWAP support?
IPV4 by default, but can configure IPV6
Which standards organization is responsible for allocating radio frequencies?
ITU-R
An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation?
Issue the shutdown command followed by the no shutdown command on the interface.
Which statement describes an autonomous access point?
It is a standalone access point.
Why is authentication with AAA preferred over a local database method?
It provides a fallback authentication method if the administrator forgets the username or password.
When security is a concern, which OSI Layer is considered to be the weakest link in a network system?
Layer 2
Which Layer 2 attack will result in a switch flooding incoming frames to all ports?
MAC address overflow
Which feature of 802.11n wireless access points allows them to transmit data at faster speeds than previous versions of 802.11 Wi-Fi standards did?
MIMO
Which of the following modulation techniques is used in the new 802 11ax standard?
OFDMA
Which of the following antennas provide 360 degrees of coverage?
Omnidirectional
Which of the following authentication methods does not use a password shared between the wireless client and the AP?
Open
What is the term for an AP that openly advertises its service periodically?
Passive
What mitigation technique must be implemented to prevent MAC address overflow attacks?
Port security
Which of the following mitigation techniques prevents many types of attacks including MAC address table overflow and DHCP starvation attacks?
Port security
In a server-based AAA implementation, which protocol will allow the router to successfully communicate woth the AAA server?
RADIUS
Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?
RAM
Which encryption method is used by the original 802.11 specification?
RC4
Which attack encrypts the data on hosts in an attempt to extract a monetary payment from the victim?
Ransomware
Which of the following is most likely NOT the source of a wireless DoS attack?
Rogue AP
Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured?
SSID
A threat actor sends a BPDU message with priority 0. What type of attack is this?
STP attack
What would be the primary reason a threat actor would launch a MAC address overflow attack?
So that the threat actor can see frames that are destined for other devices
What is the behavior of a switch as a result of a successful MAC address table attack?
The switch will forward all received frames to all other ports within the VLAN.
True or False: An ESS is created when two or more BSSS need to be joined to support roaming clients.
True
True or False? In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.
True
A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch, What type of attack is this?
VLAN hopping
What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?
VLAN hopping
standards for the 2.4 GHz and 5 GHz radio frequencies? Which of the following wireless networks are specified in the IEEE 802.11
WLAN
Which method of wireless authentication is currently considered to be the strongest?
WPA2
Which of the following wireless networks typically uses lower powered transmitters for short ranges?
WPAN
Which device monitors HTTP traffic to block access to risky sites and encrypt outgoing messages?
WSA
Which wireless network topology is being configured by a technician who is installing a keyboard, a mouse, and headphones, each of which uses Bluetooth?
ad hoc mode
On what switch ports should PortFast be enabled to enhance STP stability?
all end-user ports
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
authorization
In the context of mobile devices, what does the term tethering involve?
connecting a mobile device to another mobile device or computer to share a network connection
A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?
ip arp inspection trust
A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first?
ip dhcp snooping
Which characteristic describes a wireless client operating in active mode?
must know the SSID to connect to an AP
Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?
port security
Which type of telecommunication technology is used to provide Internet access to vessels at sea?
satellite
Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?
shutdown
A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command?
to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body
What is the purpose of AAA accounting?
to collect and report application usage
