Switching, Routing, and Wireless Essentials - Chapter 11 questions
What is a recommended best practice when dealing with the native VLAN?
Assign it to an unused VLAN
Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks?
DHCP snooping Port security
What is the best way to prevent a VLAN hopping attack?
Disable trunk negotition for trunk ports and statically set nontrunk ports as access ports
Which procedure is recommended to mitigate the chances of ARP spoofing?
Enable DHCP snooping on selecgted VLANs
An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation?
Issue the "Shut" command followed by the "no shut" command on the int.
Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?
Port Security
Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?
RAM
Which two commands can be used to enable PortFast on a switch?
S1(config)# Spanning-tree portfast default S1(config)# Spanning-tree portfast
VLAN Hopping Mitigation Steps
Step 1: Disable DTP (auto trunking) negotiations on non-trunking ports by using the switchport mode access interface configuration command. Step 2: Disable unused ports and put them in an unused VLAN. Step 3: Manually enable the trunk link on a trunking port by using the switchport mode trunk command. Step 4: Disable DTP (auto trunking) negotiations on trunking ports by using the switchport nonegotiate command. Step 5: Set the native VLAN to a VLAN other than VLAN 1 by using the switchport trunk native vlan vlan_number command
What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?
VLAN hopping
On what switch ports should PortFast be enabled to enhance STP stability?
all end-user ports
A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?
ip arp inspection trust
A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first?
ip dhcp snooping
A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command?
to check the estination MAC address iun the Ethernet header against the TARGET MAC address in ARP body
What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks?
trusted DHCP port untrusted port
Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?
"shut"
