5.11.12 Practice Questions
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were on separate networks. Devices on the same network logically grouped as if they were on separate networks.
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning ARP spoofing/poisoning associates the attacker's MAC address with the IP address of the victim. MAC spoofing is changing the source MAC address on frames sent by the attacker. DNS poisoning occurs when a name server receives malicious or misleading data that incorrectly maps host names and IP addresses. Cross-site scripting (XSS) attacks are a type of injection attack where malicious code is saved onto an otherwise benign site.
Drag each description on the left to the appropriate switch attack type on the right.
ARP spoofing/poisoning The source device sends frames to the attacker's MAC address instead of to the correct device. Dynamic Trunking Protocol Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network. MAC flooding Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called Fail Open Mode. MAC spoofing Can be used to hide the identity of the attacker's computer or impersonate another device on the network. MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub. > The attacker floods the switch with packets, each containing a different source MAC address. > The flood of packets fills up the forwarding table and consumes so much of the memory in the switch that it causes the switch to enter into fail open mode. While in this mode, all incoming packets are broadcast out of all ports (as with a hub) instead of just to the correct ports, as per normal operation. > The attacker captures all the traffic with a protocol analyzer/sniffer. ARP spoofing/poisoning associates the attacker's MAC address with the IP address of victim devices. > When computers send an ARP request for the MAC address of a known IP address, the attacker's system responds with its own MAC address. > The source device sends frames to the attacker's MAC address instead of to the correct device. > Switches are indirectly involved in the attack because they do not verify the MAC address/IP address association. MAC spoofing changes the source MAC address on frames sent by the attacker. > MAC spoofing is typically used to bypass 802.1x port-based security. > MAC spoofing can be used to bypass wireless MAC filtering. > MAC spoofing can be used to hide the identity of the attacker's computer or to impersonate another device on the network. > Dynamic Trunking Protocol (DTP) switches have the ability to automatically detect trunk ports and negotiate the trunking protocol used between devices. DTP is not secure and allows unauthorized devices to possibly modify configuration information. You should disable the DTP services on the switch's end user (access) ports before implementing the switch configuration into the network.
Which of the following is a typical goal of MAC spoofing?
Bypass 802.1x port-based security MAC spoofing is changing the source MAC address on frames sent by the attacker. It is typically used to bypass 802.1x port-based security, to bypass wireless MAC filtering or hide the identity of the attacker's computer. MAC flooding causes a switch to enter fail open mode, which causes incoming packets to be broadcast out to all ports. ARP spoofing/poisoning associates the attacker's MAC address with the IP address of the victim.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch. Configuring port security on the switch can restrict access so that only specific MAC addresses can connect to the configured switch port. This would prevent the laptop computers from being permitted connectivity. Placing each library computer on its own access port would have no effect. VLANs are used to group broadcast traffic and do not restrict connectivity of devices as needed in this scenario.
Which of the following scenarios would typically utilize 802.1x authentication?
Controlling access through a switch 802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for port authentication on switches and requires an authentication server for validating user credentials. This server is typically a RADIUS server. Remote access authentication is handled by remote access servers or a combination of remote access servers and a RADIUS server for centralized authentication. VPN connections can be controlled by remote access servers or by a special device called a VPN concentrator.
Which protocol should you disable on the user access ports of a switch?
DTP Switches have the ability to automatically detect ports that are trunk ports and to negotiate the trunking protocol used between devices. DTP is not secure and allows unauthorized devices to possibly modify configuration information. You should disable DTP services on the switch's end user (access) ports.
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub. The attacker floods the switch with packets, each containing different source MAC addresses. The flood of packets fills up the forwarding table and consumes so much of the memory in the switch that it causes the switch to enter a state called fail open mode. While in this mode, all incoming packets are broadcast out of all ports (as with a hub), instead of just to the correct ports, as per normal operation. ARP poisoning associates the attacker's MAC address with the IP address of victim devices. When computers send an ARP request to get the MAC address of a known IP address, the attacker's system responds with its own MAC address. MAC spoofing is changing the source MAC address on frames sent by the attacker. In a replay attack, the attacker uses a protocol analyzer or sniffer to capture authentication information going from the client to the server. The attacker then uses this information to connect at a later time and pretend to be the client.
You manage a single subnet with three switches. They are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning Tree Protocol Spanning Tree Protocol is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. Spanning Tree Protocol runs on each switch and is used to select a single path between any two switches. > Without Spanning Tree Protocol, switches that are connected together with multiple links would form a switching loop where frames are passed back and forth continuously. > Spanning Tree Protocol provides only a single active path between switches. Switch ports that are part of that path are placed in a forwarding state. > Switch ports that are part of redundant but unused paths are placed in a blocking (non-forwarding) state. > When an active path goes down, Spanning Tree Protocol automatically recovers and activates the backup ports necessary to provide continued connection between devices. > Bonding does the opposite of Spanning Tree Protocol. Bonding allows multiple switch ports to be used at the same time to reach a specific destination. 802.1x is an authentication protocol used with port security (or port authentication). Power over Ethernet (PoE) supplies power to end devices through the RJ-45 Ethernet switch port. Trunking identifies ports that are used to carry VLAN traffic between switches. A trunk port is a member of all VLANs defined on all switches.
When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch?
Trunk ports A trunk port is a member of all VLANs defined on a switch and carries traffic between the switches. When trunking is used, frames that are sent over a trunk port are tagged by the first switch with the VLAN ID so that the receiving switch knows to which VLAN the frame belongs. Typically, uplink ports (which are faster than the other switch ports) are used for trunk ports, although any port can be designated as a trunk port. On an unconfigured switch, ports are members of a default VLAN (often designated VLAN 1). When you remove the VLAN membership of a port, it is reassigned back to the default VLAN. Therefore, the port is always a member of at least one VLAN.