14.3.9 - Practice Questions
You have a company network with a single switch. ll devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of you solution? (Select two.) - Honeypot - DMZ - 802.1x authentication - Extranet - Remediation servers
- 802.1x authentication - Remediation servers
Match the port security MAC address type on the left with its description on the right. Drag - SecureConfigured - SecureDynamic - SecureSticky Drop - A MAC address manually identified as an allowed address. - A MAC address that has been learned and allowed by the switch. - A MAC address that is manually configured or dynamically learned that is saved in the config file.
A MAC address manually identified as an allowed address. - SecureConfigured A MAC address that has been learned and allowed by the switch. - SecureDynamic A MAC address that is manually configured or dynamically learned that is saved in the config file. - SecureSticky
You are the network administrator for a city library. Throughout the library, there are several groups of computers that provide public access ot the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into he library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do to fix this problem? - Create a VLAN for each group of four computers. - Remove the hub and place each library computer on its own access port. - Create static MAC addresses for each computer and associate them with a VLAN. - Configure port security on the switch.
Configure port security on the switch.
A network switch detects a DHCP frame on the LAN that appears to have come from a DHCP server that is not located on the local network. In fact, it appears to have originated from outside the organization's firewall. As a result, the switch drops the DHCP message from that server. Which security feature was enabled on the switch to accomplish this? - DHCP snooping - Dynamic ARP inspection - IGMP snooping - Port security
DHCP snooping
Which of the following actions should you take to reduce the attack surface of a server? - Install anti-malware software. - Install a host-based IDS. - Disable unused services. - Install the latest patches and hotfixes.
Disable unused services.
A network switch is configured to perform the following validation checks on its ports: - All ARP requests and responses are intercepted. - Each intercepted request is verified to ensure that it has a valid IP-to-MAC address binding. - If the packet has a valid binding, the switch forwards the packet to the appropriate destination. - If the packet has an invalid binding, the switch drops the ARP packet. Which security feature was enabled on the switch to accomplish this task? - Dynamic ARP Inspection - IGMP snooping - DHCP snooping - Port security
Dynamic ARP Inspection
Match the network access protection (NAP) component on the left with its description on the right. Drag - NAP client - NAP server - Enforcement server (ES) - Remediation server Drop - Generates a statement of health (SoH) that reports the client configuration for health requirements. - Runes the System Health Validator (SHV) program. - Is clients' connection point to the network. - Contain resources accessible to non-compliant computers on the limited-access network.
Generates a statement of health (SoH) that reports the client configuration for health requirements. - NAP client Runs the System Health Validator (SHV) program. - NAP server Is clients' connection point to the network. - Enforcement server (ES) Contain resources accessible to non-compliant computers on the limited-access network - Remediation server
Members of the sales team use laptops to connect to the company network. While traveling, they connect their laptops to the internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connection to your network unless anti-virus software and the latest operating system patches have been installed. Which solution should you use? - VLAN - NAC - NIDS - DMZ - NAT
NAC
You manage a network that uses switches. In the lobby of your building are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers into the free network jacks and connect tot he network, but you want employees who plug into those same jacks should be able to connect to the network. What feature should you configure? - Bonding - Mirroring - VLANs - Port authentication - Spanning tree
Port authentication
Which type of security uses MAC addresses to identity devices that are allowed or denied a connection to a switch? - Port security - Traffic shaping - MAC spoofing - Secure Sockets Layer
Port security
A network utilizes a network access control (NAC) solution to protect against malware. When a wired or wireless host tries to connect to the network, a NAC agent on the host checks it to make sure it has all of the latest operating system updates installed and that the latest antivirus definitions have been applied. What is this process called? - Posture assessment - Remediation - Quarantine - Port security
Posture assessment
Your company is a small start-up that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented. - Spanning tree - Port security - VPN - VLAN
VLAN
In which of the following situations would you use port security? - You want to control the packets sent and received by a router. - You want to restrict the devices that could connect through a switch port. - You want to prevent MAC address spoofing. - You want to prevent sniffing attacks on the network.
You want to restrict the devices that could connect through a switch port.