Security 6.5 Switch Security
When configuring VLANs on a switch, what is used to identify which VLAN a device belongs to?
MAC address Switch port Host name
Which of the following solutions would you implement to eliminate switching loops?
Auto-duplex CSMA/CD Spanning tree Run the spanning tree protocol to prevent switching loops. A switching loop occurs when there are multiple active paths between switches. The spanning tree protocol runs on each switch and is used to select a single path between any two switches.
Which of the following applications typically use 802.1x authentication? (Select two.)
Controlling access through a wireless access point Authenticating remote access clients Controlling access through a router Controlling access through a switch
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the Internet. What can you do?
Create a VLAN for each group of four computers. Configure port security on the switch. Create static MAC addresses for each computer and associate it with a VLAN. Configuring port security on the switch can restrict access so that only specific MAC addresses can connect to the configured switch port.
Which of the following best describes the concept of a virtual LAN?
Devices connected by a transmission medium other than cable (i.e. microwave, radio transmissions) Devices connected through the Internet that can communicate without using a network address Devices on the same network logically grouped as if they were on separate networks
A virtual LAN can be created using which of the following?
Hub Router Switch Use a switch to create virtual LANs (VLANs). The various ports on a switch can be assigned to a specific VLAN to create logically distinct networks on the same physical network topology.
You manage a single subnet with three switches. The switches are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?
PoE Spanning tree 802.1x Trunking
You want to increase the security of your network by allowing only authenticated users to access network devices through a switch. Which of the following should you implement?
Port security 802.1x Spanning tree 802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for port authentication on switches and authentication to wireless access points.
Your company is a small start-up company that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?
Port security VLAN VPN
You manage a network that uses multiple switches. You want to provide multiple paths between switches so that if one link goes down, an alternate path is available. Which feature should your switch support?
Spanning tree Trunking Mirroring
When configuring VLANs on a switch, what type of switch ports are members of all VLANs defined on the switch?
Trunk ports Gigabit and higher Ethernet ports Any port not assigned to a VLAN A trunk port is a member of all VLANs defined on a switch, and carries traffic between the switches. When trunking is used, frames that are sent over a trunk port are tagged by the first switch with the VLAN ID so that the receiving switch knows to which VLAN the frame belongs.
You manage a network that uses switches. In the lobby of your building are three RJ-45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?
VLANs Bonding Port authentication Spanning tree Use port authentication to prevent unauthorized access through switch ports. Port authentication is provided by the 802.1x protocol, and allows only authenticated devices to connect to the LAN through the switch.
You manage a network that uses a single switch. All ports within your building connect through the single switch. In the lobby of your building are three RJ-45 ports connected to the switch. You want to allow visitors to plug into these ports to gain Internet access, but they should not have access to any other devices on your private network. Employees connected throughout the rest of your building should have both private and Internet access. Which feature should you implement?
VLANs NAT Port authentication Use VLANs to segregate hosts based on switch ports. You could define two VLANs: one for employees connected throughout the building, and another for the ports in the lobby.
You run a small network for your business that has a single router connected to the Internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?
VPN VLAN Spanning tree
In which of the following situations would you use port security?
You want to restrict the devices that could connect through a switch port. You want to prevent MAC address spoofing. You want to control the packets sent and received by a router. Use port security on a switch to restrict the devices that can connect to a switch. Port security uses the MAC address to identify allowed and denied devices.
