TestOut CH7
Which of the following BEST describes an ARP spoofing attack?
An attack that associates an attacker's MAC address with the IP address of a victim's device.
Which of the following protocols prescribes what to do when a data channel is in use on a half-duplex device?
CSMA/CD
Your organization's management wants to monitor all the customer services calls. The calls are taken on VoIP phones. Which of the following configurations would BEST help you set up a way to monitor the calls?
Port mirroring
Which of the following switch features allows you to configure how the switch's MAC address table is filled?
Port security
What is the main difference between RIP and RIPv2?
RIP is a classful protocol, while RIPv2 is a classless protocol.
Which of the following BEST describes dynamic routing?
Routers learn about networks by sharing routing information with each other.
In which type of device is a MAC address table stored?
Switch
Which of the following is NOT one of the IP address ranges defined in RFC 1918 that are commonly used behind a NAT server?
169.254.0.1 to 169.254.255.254
Which of the following is the open standard for tagging Layer 2 frames?
802.1q
Which of the following must each device's MTU be set to for jumbo frames to transverse the network without risk of fragmentation?
9,000
Which of the following BEST describes Ethernet flow control?
A configuration that sends a pause frame to the transmitting device when the receiving device cannot keep up with the volume of data being sent.
Which of the following best describes DHCP scope exhaustion?
A denial of service from a lack of IP addresses in a DHCP server's pool.
Which of the following do hosts on a private network share if the network utilizes a NAT router?
A physical IP address
Drag each description on the left to the appropriate switch attack type on the right.
ARP spoofing/poisoning - The source device sends frames to the attacker's MAC address instead of to the correct device. Dynamic Trunking Protocol - Should be disabled on the switch's end user (access) ports before implementing the switch configuration in to the network. MAC flooding - Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called fail open mode. MAC spoofing - Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
Under which of the following circumstances might you implement BGP on your company network and share routes with internet routers?
If the network is connected to the internet using multiple ISPs.
Which of the following is true about an unmanaged switch?
It can connect to all devices in a small area.
Which of the following are true of the IS-IS routing protocol? (Select two.)
It supports IPv6 routing., It divides large networks into areas.
Which of the following is true about Network Address Translation?
It supports up to 5,000 concurrent connections.
As a network administrator, you have 10 VLANs on your network that need to communicate with each other. Which of the following network devices is the BEST choice for allowing communication between 10 VLANs?
Layer 3 switch
On your network, you have a VLAN for the sales staff and a VLAN for the production staff. Both need to be able to communicate over the network. Which of the following devices would work BEST for communication between VLANs?
Layer 3 switch
An attacker hides his computer's identity by impersonating another device on a network. Which of the following attacks did the attacker MOST likely perform?
MAC spoofing attack
Which of the following BEST describes port aggregation?
Multiple ports linked together and used as a single logical port.
Which of the following is a method that allows you to connect a private network to the internet without obtaining registered addresses for every host?
NAT
Which of the following is the protocol used for address resolution when you switch from IPv4 to IPv6?
NDP
You are configuring a switch so that you can manage it using PuTTY from the same network segment. On the switch, you enter the following commands: switch#config terminalswitch(config)#interface vlan 1switch(config-if)#ip address 192.168.1.10 255.255.255.0 Will this configuration work?
No. The no shutdown command needs to be entered.
What are the main differences between the OSPF and IS-IS routing protocols?
OSPF requires an area 0, while IS-IS does not.
Which of the following is required to establish a new network switch and configure its IP address for the first time?
Out-of-band management
Which of the following methods is best to have when a network goes down?
Out-of-band management
You have a large Power over Ethernet flat screen that you are installing in a conference room that requires 70 watts of power. Which of the following IEEE standards does your PoE switch need to provide power for the flat screen?
PoE++ Type 4
Which statements accurately describe the port states of both bridges and switches? (Select two.)
Ports in a blocked state still receive BPDUs., In the learning state, the MAC address table can be populated, but frames are not forwarded.
You are unsure if the gateway address is correct for one of your subnetworks because traffic is not leaving the network. Which of the following tables could you look at to check if the gateway address is correct?
Routing table
You manage a single subnet with three switches. The switches are connected to provide redundant paths between themselves. Which feature prevents switching loops and ensures that there is only a single active path between any two switches?
Spanning Tree
You are the network administrator for a small company that implements NAT to access the internet. However, you recently acquired five servers that must be accessible from outside your network. Your ISP has provided you with five additional registered IP addresses to support these new servers, but you don't want the public to access these servers directly. You want to place these servers behind your firewall on the inside network, yet still allow them to be accessible to the public from the outside. Which method of NAT translation should you implement for these servers?
Static
Which of the following NAT implementations maps a single private IP address to a single public IP address on the NAT router?
Static NAT
Which of the following has the least default administrative distance?
Static route to an IP address
You have only one physical interface but want to connect two IP networks. Which of the following would allow you to do so?
Subinterfaces
Which of the following is a communication device that connects other network devices through cables and receives and forwards data to a specified destination within a LAN?
Switch
Which of the following switch attacks bypasses the normal functions of a router to communicate between VLANs and gain unauthorized access to traffic on another VLAN?
Switch spoofing
Which of the following can cause broadcast storms?
Switching loops
A switch receives a frame with a destination MAC address that is not found in its MAC address table. What happens next?
The frame is replicated and sent to every active port on the switch except the source port.
In which of the following tables does a NAT router store port numbers and their associated private IP addresses?
Translation table
You manage a network with two switches. The switches are connected together through their Gigabit Ethernet uplink ports. You define VLAN 1 and VLAN 2 on each switch. A device on the first switch in VLAN 1 needs to communicate with a device on the second switch in VLAN 1. What should you configure to allow communication between these two devices through the switches?
Trunking
You have two switches connected together as shown in the following diagram. How many broadcast domains are in the network?
Two
Kate, a network administrator, has been tasked with staying within the company budget. She has a large network and doesn't want to spend more than she needs to on purchasing and registering multiple public IP addresses for each of the hosts on her network. Which of the following methods could help her provide internet access but also keep costs low and limit the number of registered IP addresses her organization needs to purchase?
Use Network Address Translation.
Which of the following scenarios would cause a problem in asymmetric routing?
Using two stateful firewalls in the traffic flow.
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. What should you use for this situation?
VLAN
You run a small network for your business that has a single router connected to the internet and a single switch. You keep sensitive documents on a computer that you would like to keep isolated from other computers on the network. Other hosts on the network should not be able to communicate with this computer through the switch, but you still need to access the network through the computer. Which of the following should you use in this situation?
VLAN
Which of the following attacks manipulates a switch's auto-negotiation setting to access a virtual local area network that's connected to the same switch as the attacker's virtual local area network?
VLAN spoofing
For which of the following devices does a voice VLAN prioritize traffic?
VoIP phone
A router is connected to network 192.168.1.0/24 and network 192.168.2.0/24. The router is configured to use RIP and has learned both networks. The next hop router for network 192.168.3.0 has changed. You need to make the change with the least amount of effort possible. What should you do?
Wait for convergence to take place.
Which command would you use on a switch to enable management from a remote network?
ip default-gateway 192.168.10.185
Which of the following utilities would you use to view the routing table?
route
A workstation's network board is currently configured as follows: Network Speed = Auto Duplexing = Auto The workstation is experiencing poor network performance, and you suspect that the network board is incorrectly detecting the network speed and duplex settings. Upon investigation, you find that it's running at 10 Mbps half-duplex. You know that your network switch is capable of much faster throughput. To fix this issue, you decide to manually configure these settings on the workstation. Before you do so, you need to verify the switch port configuration for the connected workstation. Given that it's a Cisco switch, which commands can you use on the switch to show a list of all switch ports and their current settings? (Select two.)
show interface, show running-config interface
You have just connected four switches as shown in the Exhibit. Assuming the default switch configuration, how can you force switch C to become the root bridge?
Configure a priority number of 4096 for switch C.
Which level of the OSI model does a Layer 2 switch operate at?
Data Link layer
As a network administrator, you are setting up a new switch, and you need to configure trunking. You need to secure access to your switch, which is still configured with the default settings. In this lab, your task is to complete the following: From Google Chrome, access the switch console using the following:Site: 192.168.0.2Username: ciscoPassword: cisco Examine the default settings of all your ports.Answer Question 1. Set ports GE1 - GE26 to Access Mode. Set ports GE27 and GE28 to a port VLAN ID (PVID) of 2. Add VLANs 22, 44, and 67 to ports GE27 and GE28. Save the changes to the switch's startup configuration file.
Answer: Trunk Complete this lab as follows: Log in to the CISCO switch.From the taskbar, select Google Chrome.In the URL field, enter 192.168.0.2 and press Enter.Maximize the window for better viewing.In the Username and Password fields, enter cisco (the password is case sensitive).Select Log In. Examine the switch port defaults.From the left navigation bar, expand and select VLAN Management > Interface Settings.Using the interface shown in the right pane, examine the settings for all ports.For a detailed view of a single port, you can select Edit.From the upper right, select Answer Questions.Answer Question 1.Minimize the Lab Questions dialog. Set ports GE1 through GE26 to Access Mode.From the Interface Settings pane, select GE1.Select Edit.Maximize the window for better viewing.For Interface VLAN Mode, select Access.Select Apply and then select Close.With GE1 still selected, click Copy Settings.In the to field, type 2-26 and then select Apply.Notice that under the Interface VLAN Mode column, ports GE1-GE26 are now set to Access. Set the port VLAN ID (PVID) for ports GE27-GE28 to the value of 2.Select the desired port and then select Edit.For the Administrative PVID, enter 2.Select Apply and then Close.Repeat steps 4a - 4c for the second port. Add VLANs 22, 44, and 67 to ports GE27 and GE28.From the left pane, under VLAN Management, select Port VLAN Membership.Select port GE27 and then select Join VLAN.From the new window, hold down the Shift key and select VLANs 22, 44, and 67; then select the > button to assign the VLANs.Select Apply and then select Close.Repeat steps 5b - 5d for port GE28. Save the changes to the switch's startup configuration file.From the top of the switch window, select Save.For Source File Name, make sure Running configuration is selected.For Destination File Name, make sure Startup configuration is selected.Select Apply.Select OK.Select Done. Score the lab.From the upper right, select Answer Questions.Select Score Lab.
Match each type of switch on the left with its corresponding characteristics on the right. Each switch type may be used once, more than once, or not at all.
Commonly sold at retail stores. - Unmanaged switch Provides port security features. - Managed switch Supports VLANs. - Managed switch Provides very few configuration options. - Unmanaged switch Can be configured over a network connection. - Managed switch Can be configured over a dedicated communication channel. - Managed switch
Match each switch management method on the left with its corresponding characteristics on the right. Each method may be used once, more than once, or not at all.
Competes with normal network traffic for bandwidth. - In-Band Management Uses a dedicated communication channel. - Out-of-band management Must be encrypted to protect communications from sniffing. - In-band management Does not compete with normal network traffic for bandwidth. - Out-of-band management Affected by network outages. - In-band management
You just installed a new switch, and you want to manage the switch from a remote location. In this lab, your task is to set up remote management for the switch as follows: Configure the IP address and subnet mask for the VLAN 1 interface:IP address: 192.168.11.250Subnet mask: 255.255.255.0 Configure the switch to use the default gateways of 192.168.11.254 Verify the configurations using the show run command. Save your changes to the startup-config file.
Complete this lab as follows: Configure the IP address and subnet mask for the VLAN 1 interface.Select Switch.From the switch terminal, press Enter to get started.At the Switch> prompt, type enable and press Enter.At the Switch# prompt, type configure terminal and press Enter.At the Switch(config)# prompt, type interface vlan1 and press Enter.At the Switch(config-if)# prompt, type ip address 192.168.11.250 255.255.255.0 and press Enter.Type exit and press Enter. Configure the default gateway.At the Switch(config)# prompt, type ip default-gateway 192.168.11.254 and press Enter.At the prompt, type exit and press Enter. Verify the configuration changes.At the prompt, type show run and press Enter.Press the space bar as needed to verify that the correct changes were made.Type any key to exit show command. Save your changes to the startup-config file.At the Switch# prompt, type copy run start and press Enter.Press Enter to begin building the configuration.Press Enter to return to the prompt.
You are the IT security administrator for a small corporate network. You need to secure access to your switch, which is still configured with the default settings. Access the switch management console through Chrome on http://192.168.0.2 with the username cisco and password cisco. In this lab, your task is to: Create a new user account with the following settings: Username: ITSwitchAdmin Password: Admin$only1844 User Level: Read/Write Management Access (15) Edit the default user account as follows: Username: cisco Password: CLI$only1958 User Level: Read-Only CLI Access (1) Save the changes to the switch's startup configuration file
Complete this lab as follows: Log in to the CISCO switch. From the taskbar, select Google Chrome. In the URL field, enter 192.168.0.2 and press Enter. Maximize the window for easier viewing. In the Username and Password fields, enter cisco (case sensitive). Select Log In. Create a new user account. Under Quick Access on the Getting Started menu, select Change Device Password. Select Add. For the username, enter ITSwitchAdmin (case sensitive). For the password, enter Admin$only1844 (case sensitive). For Confirm Password, enter Admin$only1844. For User Level, make sure Read/Write Management Access (15) is selected. Select Apply. Select Close. Edit the default user account. Under the User Accounts table, select cisco (the default user) and then select Edit. For Password, enter CLI$only1958. For Confirm Password, enter CLI$only1958. For User Level, select Read-Only CLI Access (1). Select Apply. Save the changes to the switch's startup configuration file. From the top of the switch window, select Save. Under Source File Name, make sure Running configuration is selected. Under Destination File Name, make sure Startup configuration is selected. Select Apply. Select OK. Select Done.
After installing your Cisco switch, you would like to assign it a static IPv4 address and change the default VLAN used. In this lab, your task is to: Access the switch console using Google Chrome and the following information: Site: 192.168.0.2 Username: cisco Password: cisco (case-sensitive) Configure an IPv4 static IP address for VLAN 1 using the following: IP address: 192.168.45.72 Network mask: 255.255.255.0 Administrative default gateway: 192.168.45.1 Change the switch's default VLAN ID to 16. Save the changes to the switch's startup configuration file. Reboot the switch.
Complete this lab as follows: Log in to the Cisco switch. In the Google Chrome URL field, type 192.168.0.2 and press Enter. Maximize the window for better viewing. In the Username and Password fields, enter cisco (case-sensitive). Select Log In. Assign a static IPv4 address to VLAN 1. From the left navigation pane, expand and select Administration > Management Interface > IPv4 Interface. From the right pane, for IP Address Type, select Static. Configure the IPv4 interface as follows: IP address: 192.168.45.72 Mask: 255.255.255.0 Administrative Default Gateway: 192.168.45.1 Select Apply. Select OK. The switch will automatically log you out. Log in to the Cisco switch. In the Username and Password fields, enter cisco (case-sensitive). Select Log In. Change the default VLAN ID for the switch to VLAN 16. From the left pane, expand and select VLAN Management > Default VLAN Settings. Set Default VLAN ID After Reboot to 16. Select Apply and then select OK. Save the changes to the switch's startup configuration file. From the upper right of the switch window, select Save. For Source File Name, make sure Running configuration is selected. For Destination File Name, make sure Startup configuration is selected. Select Apply. Select OK. Select Done. Reboot the switch for changes to take effect. From the left pane, expand and select Administration > Reboot. From the right pane, select Reboot. Select OK. Wait for the switch to restart. From the upper right, select Score Lab.
You are the IT security administrator for a small corporate network. You need to increase the Networking Closet's security by implementing a CCTV system with IP cameras. As part of this task, you need to separate the CCTV data traffic on the network using a separate VLAN on the switch. The patch panel connections for the Networking Closet, Lobby, and IT Administration office are installed and ready for use (ports 18-20). A DHCP server is already configured to provide the IP cameras and the laptop in the IT Administration office with the correct TCP/IP settings (port 21). For an easier implementation, create the logical VLAN first and then establish the physical connections for the IP cameras and the laptop. In this lab, your task is to: Access the switch management console from ITAdmin using the following credentials: Address: http://192.168.0.2Username: cisco (case-sensitive)Password: cisco (case-sensitive) Create and configure a VLAN on the switch as follows: VLAN ID: 2 VLAN name: IPCameras Configure ports GE18, GE19, GE20, GE21 as untagged. Port 18 is connected to the network jack next to the laptop in the IT Administration office. Port 19 is connected to the camera mount in the Lobby
Complete this lab as follows: Log in to the Cisco switch. In the Username and Password fields for the Cisco switch, enter cisco (case-sensitive). Select Log In. Create the IPCameras VLAN. From the Getting Started pane (right), under Initial Setup, select Create VLAN. Select Add. For VLAN ID, enter 2. For VLAN Name, enter IPCameras. Select Apply. Select Close. Configure the IPCameras VLAN ports. From the left pane, under VLAN Management, select Port to VLAN. Using the VLAN ID equals to drop-down menu, select 2. Select Go. For ports GE18 through GE21, use the drop-down menus to select Untagged. Select Apply. Connect the IP camera in the lobby to the VLAN and mount the IP cameras. From the top left, select Floor 1. Under Lobby, select Hardware. Under Shelf, expand CCTV Cameras. Drag the IP Camera (Lobby) to the workspace. Under Workspace, for the IP camera, select Back to switch to the back view of the IP camera. Under Shelf, expand Cables and then select the Cat5e Cable, RJ45 cable. From the Selected Component pane: Drag an RJ45 Connector to the RJ-45 port on the IP camera wall mount plate. Drag the unconnected RJ45 Connector to the RJ-45 port on the back of the IP camera. Drag the IP camera to the IP camera wall plate. Connect the IP camera in the Networking Closet to the VLAN and mount the IP cameras. From the top left, select Floor 1. Under Networking Closet, select Hardware. Under Shelf, expand CCTV Cameras. Drag the IP Camera (Networking Closet) to the workspace. Under Workspace for the IP camera, select Back to switch to the back view of the IP camera. Under Shelf, expand Cables and then select the Cat5e Cable, RJ45 cable. From the Selected Component pane: Drag an RJ45 Connector to the RJ-45 port on the IP camera mount wall plate. Drag the unconnected RJ45 cable to the RJ-45 port on the back of the IP camera. Drag the IP camera to the IP camera wall plate to mount the IP camera. Connect the DHCP server and laptop to the VLAN. From the Networking Closet, under Shelf, select Cat5e Cable, RJ45. From the Selected Component pane: Drag an RJ45 Connector to port 21 on the switch. Drag the unconnected RJ45 Connector to port 21 on the patch panel. Connect IT-Laptop2 to the VLAN. From the top menu, select Floor 1.
Computers A and B are on the same VLAN and are separated by two switches as shown in the exhibit. Computer A sends a frame to Computer B. Which of the following BEST describes the frame's composition as it travels from A to B?
Computer A sends a normal frame. The first switch appends a VLAN ID to the frame. The second switch removes the VLAN ID before forwarding it to Computer B.
What does the ip address dhcp command allow you to do?
Configure a switch to obtain an IP address from a DHCP server.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that's connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch.
Which of the following scenarios would typically utilize 802.1x authentication?
Controlling access through a switch.
You are in the process of configuring the Branch1 switch. In this lab, your task is to: Find the IP address assigned to the FastEthernet0/0 interface on router SFO.Use the show cdp neighbors detail command.Answer the question. Configure the switch with the following parameters:Interface: vlan1IP address: 192.168.11.250Subnet mask: 255.255.255.0 Configure the switch to use the FastEthernet0/0 interface on the SFO router as the default gateway. Save your changes to the startup-config file.
Correct answer:192.168.11.254 Find the IP address assigned to the FastEthernet0/0 interface on the SFO router.Select the Branch1 switch.From the Terminal, press Enter to get started.Type enable and press Enter to change to the EXEC or Global Configuration mode.Type show cdp neighbors detail and press Enter.Find the IP address for the SFO router.From the top right, select Answer Questions.Answer the question.Move the question dialog to the side and keep working. Configure the IP address and subnet mask for the Branch1 switch.At the Branch1# prompt, type config t and press Enter.At the Branch1(config)# prompt, type interface vlan1 and press Enter.At the Branch1(config-if)# prompt, type ip address 192.168.11.250 255.255.255.0 and press Enter.At the Branch1(config-if)# prompt, type exit and press Enter. Configure the switch to use the FastEthernet0/0 interface on the SFO router as the default gateway.At the Branch1(config)# prompt, type ip default-gateway routers_IP_address and press Enter.At the Branch1(config)# prompt, type exit and press Enter. Save your changes to the startup-config file.At the Branch1# prompt, type copy run start and press Enter.Press Enter to begin building the configuration.When you see OK, press Enter.From the question dialog, select Score Lab.
Which of the following allows incoming traffic addressed to a specific port to move through the firewall and be transparently forwarded to a specific host on the private network?
DNAT
You have just connected a new computer to your network. The network uses static IP addressing. You find that the computer can communicate with hosts on the same subnet, but not with hosts on a different subnet. No other computers are having issues. Which of the following configuration values would you MOST likely need to change?
Default gateway
Which device is NAT typically implemented on?
Default gateway router
Which of the following is a method of VLAN hopping?
Double tagging
Which of the following routing protocols is a hybrid that uses a composite number for its metric based on bandwidth and delay?
EIGRP
You manage a network with multiple switches. You find that your switches are experiencing heavy broadcast storms. Which of the following will help reduce the effects of these broadcast storms?
Enable Spanning Tree on the switches.
Jake is a network administrator for a hospital. There is medical equipment that relies on having uninterrupted internet connectivity. Which of the following types of routing protocols should Jake focus on to ensure that the hospital's network connectivity remains reliable?
Exterior dynamic routing protocols
Which of the following is a device that can send and receive data simultaneously?
Full-duplex
