CCNA 2: Part 2 - Switching, Routing, and Wireless Essentials
If three 802.11b access points need to be deployed in close proximity, which three frequency channels should be used? (Choose three.) - 1 - 8 - 3 - 5 - 6 - 11
- 1 - 6 - 11
How many channels are available for the 2.4 GHz band in Europe? - 11 - 13 - 14 - 24
- 13
What UDP ports and IP protocols are used by CAPWAP for IPv6? (Choose three.) - 17 - 136 - 5246 - 5247 - 802.11
- 136 - 5246 - 5247
What UDP ports and IP protocols are used by CAPWAP for IPv4? (Choose three.) - 17 - 136 - 5246 - 5247 - 802.11
- 17 - 5246 - 5247
How many channels are available for the 5 GHz band? - 11 - 13 - 14 - 24
- 24
How many address fields are in the 802.11 wireless frame? - 2 - 3 - 4 - 5
- 4
True or False: Laptops that do not have an integrated wireless NIC can only be attached to the network through a wired connection. - True - False
- False
Which of the following authentication methods does not use a password shared between the wireless client and the AP? - WEP - WPA - WPA2 - WPA3 - Open
- Open
Which method of wireless authentication is currently considered to be the strongest? - WEP - Open - WPA - WPA2 - Shared key
- WPA2
Which device monitors SMTP traffic to block threats and encrypt outgoing messages to prevent data loss? - NGFW - ESA - NAC - WSA
ESA
True or False: A rogue AP is a misconfigured AP connected to the network and a possible source of DoS attacks. True False
False
A threat actor sends a BPDU message with priority 0. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping
STP Attack
Which protocol and port numbers are used by both IPv4 and IPv6 CAPWAP tunnels? (Choose two.) - 5246 and 5247 - UDP - ICMP - 17 and 163 - TCP
- 5246 and 5247 - UDP
Which 802.11 standards exclusively use the 5 GHz radio frequency? (Choose 2) - 802.11a - 802.11g - 802.11n - 802.11ac - 802.11ax
- 802.11a - 802.11ac
Which IEEE standard operates at wireless frequencies in both the 5 GHz and 2.4 GHz ranges? - 802.11g - 801.11b - 802.11n - 802.11a
- 802.11n
What is involved in an IP address spoofing attack? - A legitimate network IP address is hijacked by a rouge node - Bogus DHCPDISCOVER Messages are sent to consume all the available IP address on a DHCP clients - A rouge DHCP server provides false IP configuration parameters to legitimate DHCP clients
- A legitimate network IP address is hijacked by a rouge node
Which of the following encryption methods uses CCMP to recognize if the encrypted and non-encrypted bits have been altered? - RC4 - TKIP - AES
- AES
Which of the following components are integrated in a wireless home router? (Choose three.) - Access point - Switch - Router - Range extender
- Access point - Switch - Router
Which two roles are typically performed by a wireless router that is used in a home or small business? (Choose two.) - Access point - WLAN controller - RADIUS authentication server - Ethernet switch - Repeater
- Access point - Ethernet switch
What three services are provided by the AAA framework? (Choose three.) - Accounting - Automation - Autoconfiguration - Autobalancing - Authorization - Authentication
- Accounting - Authorization - Authentication
What is the term for an AP that does not send a beacon, but waits for clients to send probes? - Active - Infrastructure - Ad hoc - Passive
- Active
Which wireless network topology is being configured by a technician who is installing a keyboard, a mouse, and headphones, each of which uses Bluetooth? - Infrastructure mode - Ad Hoc mode - Mixed mode - Hotspot
- Ad Hoc mode
Which wireless topology mode is used by two devices to connect in a peer-to-peer network? - Ad hoc - Infrastructure - Tethering
- Ad hoc
On what switch ports should PortFast be enabled to enhance STP stability? - All trunk ports that are not root ports - All end-users ports - Only ports that are elected as designated ports - Only ports that attach to a neighboring switch
- All end-users ports
What is a recommended best practice when dealing with the native VLAN? - Assign the same VLAN number as the management VLAN - Assign it to an unused VLAN - Use port security - Turn off DTP
- Assign it to an unused VLAN
What are the best ways to secure WLANs? (Choose two.) - Authentication - SSID cloaking - Encryption - MAC addresss filtering
- Authentication - Encryption
In the split MAC architecture for CAPWAP, which of the following are the responsibility of the WLC? (Choose four.) - Authentication - Packet acknowledgments and retransmissions - Beacons and probe responses - Association and re-association of roaming clients - MAC layer data encryption and decryption - Termination of 802.11 traffic on a wired interface - Frame translation to other protocols - Frame queuing and packet prioritization
- Authentication - Association and re-association of roaming clients - Termination of 802.11 traffic on a wired interface - Frame translation to other protocols
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? - Authentication - Accessibility - Authorization - Accounting - Auditing
- Authorization
Which of the following is a standalone device, like a home router, where the entire WLAN configuration resides on the device? - Range extender - Autonomous AP - Controller-based AP - USB Wireless NIC
- Autonomous AP
Which of the following is an IEEE 802.15 WPAN standard that uses a device-pairing process to communicate? - Cellular - WiMAX - Wi-Fi - Bluetooth
- Bluetooth
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? - CDP - HTTP - FTP - LLDP
- CDP
In the context of mobile devices, what does the term tethering involve? - Connecting a mobile device to a USB port on computer in order to charge the mobile device - Connecting a mobile device to a hands free device - Connecting a mobile device to another mobile device or computer to share a network connection - Connecting a mobile device to a 4G cellular network
- Connecting a mobile device to another mobile device or computer to share a network connection
Which Layer 2 attack will result in legitimate users not getting valid IP addresses? - IP Address Spoofing - ARP Spoofing - DHCP Starvation - MAC Address Flooding
- DHCP Starvation
Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.) - DHCP snooping - Strong password on DHCP servers - Port Security - DHCP server failover - Extended ACL
- DHCP snooping - Port Security
Which of the following modulation techniques spreads a signal over a larger frequency band? - DSSS - FHSS - OFDM -OFDMA
- DSSS
What is the best way to prevent a VLAN hopping attack? - Use VLAN 1 as the native VLAN on trunk ports - Disable STP on all nontrunk ports - Use ISL encapsulation on all trunk links - Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports
- Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports
Which type of wireless topology is created when two or more Basic Service Sets are interconnected by Ethernet? - ESS - IBISS - Ad hoc WLAN - BSS - WiFi Direct
- ESS
Which procedure is recommended to mitigate the chances of ARP spoofing? - Enable port security globally - Enable DAI on the management VLAN - Enable IP Source Guard on trusted ports - Enable DHCP snooping on selected VLANs
- Enable DHCP snooping on selected VLANs
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow? - Disable STP - Disable DTP - Place unused ports in a an unused VLAN - Enable port security
- Enable port security
Which of the following modulation techniques rapidly switches a signal among frequency channels? - DSSS - FHSS - OFDM -OFDMA
- FHSS
True or False: DTLS is enabled by default on the control and data CAPWAP tunnels. - True - False
- False
True or False: When you need to expand the coverage of a small network, the best solution is to use a range extender. - True - False
- False
Which Cisco solution helps prevent MAC and IP address spoofing attacks? - IP Source Guard - DHCP Snooping - Dynamic ARP Inspection - Port Security
- IP Source Guard
What IP versions does CAPWAP support? - IPv4 only - IPv6 only - IPv4 by default, but can configure IPv6 - IPv6 by default, but can configure IPv4
- IPv4 by default, but cam configure IPv6
Which standards organization is responsible for allocating radio frequencies? - IEEE - ITU-R - Wi-Fi Alliance
- ITU-R
Which of the following statements are true about modes of operation for a FlexConnect AP? (Choose two.) - In connect mode, the WLC is unreachable and the AP switches local traffic and performs client authentication locally - In standalone mode, the WLC is unreachable and the AP switches local traffic and performs client authentication locally - In connect mode, the WLC is reachable and performs all it CAPWAP functions - In standalone mode, the WLC is reachable and performs all its CAPWAP functions
- In standalone mode, the WLC is unreachable and the AP switches local traffic and performs client authentication locally - In connect mode, the WLC is reachable and performs all it CAPWAP functions
An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation? - issue the "no switchport-security" command, the re-enable port security - Issue the "no switchport-security violation shutdown" command on the interface - Issue the "shutdown" command followed by the "no shutdown" command on the interface - Reboot the switch
- Issue the "shutdown" command followed by the "no shutdown" command on the interface
Which statement describes an autonomous access point? - It is server-dependent - It is used for networks that require a large number of access points - it is managed by a WLAN controller - It is a standalone access point
- It is a standalone access point
Why is authentication with AAA preferred over a local database method? - It provides a fallback authentication method if the administrator forgets the username or password - It requires a login and password combination on the console, vty lines, and aux ports. - It uses less network bandwidth. - It specifies a different password for each line or port
- It provides a fallback authentication method if the administrator forgets the username or password
When security is a concern, which OSI Layer is considered to be the weakest link in a network system? - Layer 7 - Layer 3 - Layer 2 - Layer 4
- Layer 2
Which Layer 2 attack will result in a switch flooding incoming frames to all ports? - ARP poising - IP Address Spoofing - MAC Address Overflow - Spanning Tree Protocol Manipulation
- MAC Address Overflow
Which feature of 802.11n wireless access points allows them to transmit data at faster speeds than previous versions of 802.11 Wi-Fi standards did? - WPS - SPS - MITM - MIMO
- MIMO
What type of attack is an "evil twin AP" attack? - DoS - MITM - Wireless intruder - Radio interference
- MITM
Which characteristic describes a wireless client operating in active mode? - Broadcast probes that request the SSID - Must be configured for security before attaching to an AP - Must know the SSID to connect to an AP - Ability to dynamically change channels
- Must know the SSID to connect to an AP
Which three Cisco products focus on endpoint security solutions? (Choose three.) - NAC Appliance - SSL/IPsec VPN Appliance - Adaptive Security Appliance - Web Security Appliance - IPS Sensor Appliance - Email Security Appliance
- NAC Appliance - Web Security Appliance - Email Security Appliance
Which of the following antennas provide 360 degrees of coverage? - Wireless NIC - Directional - Omnidirectional - MiMO
- Omnidirectional
In the split MAC architecture for CAPWAP, which of the following are the responsibility of the AP? (Choose four.) - Authentication - Packet acknowledgments and retransmissions - Beacons and probe responses - Association and re-association of roaming clients - MAC layer data encryption and decryption - Termination of 802.11 traffic on a wired interface - Frame translation to other protocols - Frame queuing and packet prioritization
- Packet acknowledgments and retransmissions - Beacons and probe responses - MAC layer data encryption and decryption - Frame queuing and packet prioritization
What is the term for an AP that openly advertises its service periodically? - Active - Infrastructure - Ad hoc - Passive
- Passive
In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server? - 802.1x - TACACS - SSH - RADIUS
- RADIUS
What two protocols are supported on Cisco devices for AAA communications? (Choose two.) - LLDP - RADIUS - HSRP - VTP - TACACS+
- RADIUS - TACACS+
Which encryption method is used by the original 802.11 specification? - AES - TKIP - AES or TKIP - RC4
- RC4
Which of the following is most likely NOT the source of a wireless DoS attack? - Radio Interference - Improperly configured devices - Rouge AP - Malicious User
- Rouge AP
Which two commands can be used to enable PortFast on a switch? (Choose two.) - S1(config)# spanning-tree portfast default - S1(config-if)# spanning-tree portfast - S1(config-if)# enable spanning-tree portfast - S1(config-line)# spanning-tree portfast - S1(config)# enable spanning-tree portfast default
- S1(config)# spanning-tree portfast default - S1(config-if)# spanning-tree portfast
Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured? - SSID - ESS - Ad hoc - BESS
- SSID
Which type of telecommunication technology is used to provide Internet access to vessels at sea? - Municipal WiFi - WiMax - Cellular - Satellite
- Satellite
A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command? - To check the destination MAC address in the Ethernet header against the target MAC address in the ARP body - To check the destination MAC address in the Ethernet header against the source MAC address in the ARP body - To check the destination MAC address in the Ethernet header against the user-configured ARP ACLs - To check the destination MAC address in the Ethernet header against the MAC addresss table
- To check the destination MAC address in the Ethernet header against the target MAC address in the ARP body
What is the purpose of AAA accounting? - To collect and report application usage - To determine which operations the user can perform - To determine which resources the user can access - To prove users are who they say they are
- To collect and report application usage
True or False: An ESS is created when two or more BSSs need to be joined to support roaming clients. - True - False
- True
What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol? - VLAN hopping - ARP spoofing - DHCP spoofing - ARP poisoning
- VLAN hopping
Which of the following mitigation techniques are used to protect Layer 3 through Layer 7 of the OSI Model? (Choose three.) - DHCP Snooping - VPN - Firewalls - IPSG - IPS Devices
- VPN - Firewalls - IPS Devices
Which devices are specifically designed for network security? (Choose three) - VPN-enabled Router - NGFW - Switch - WLC - NAC
- VPN-enabled Router - NGFW - NAC
Which of the following authentication methods has the user enter a pre-shared password? (Choose two) - Open - WPA Personal - WPA Enterprise - WPA2 Personal - WPA2 Enterprise
- WPA Personal - WPA2 Personal
A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router? - spanning-tree portfast - ip arp inspection trust - ip arp inspection vlan - ip dhcp snooping
- ip arp inspection trust
A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first? - ip dhcp snooping - ip dhcp snooping vlan - ip dhcp snooping limit rate - ip dhcp snooping trust
- ip dhcp snooping
Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch? - BPDU filter - storm control - port security - root guard
- port security
Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco? - switchport port-security mac-address sticky (mac-addresss) - ip dhcp snooping - shutdown - switchport port-security violation shutdown - switchport port-security mac-address sticky
- shutdown
What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.) - unknown port - trusted DHCP port - established DHCP port - unauthorized port - authorized port - untrusted port
- trusted DHCP port - untrusted port
Which of the following modulation techniques is used in the new 802.11ax standard? - DSSS - FHSS - OFDM -OFDMA
-OFDMA
Which of the following wireless networks are specified in the IEEE 802.11 standards for the 2.4 GHz and 5 GHz radio frequencies? - WPAN - WLAN - WMAN - WWAN
-WLAN
A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor's device is the default gateway. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping
ARP Spoofing
Which AAA component is responsible for collecting and reporting usage data for auditing and billing purposes? - Authentication - Authorization - Accounting
Accounting
A threat actor changes the MAC address of the threat actor's device to the MAC address of the default gateway. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping
Address Spoofing
Which AAA component is responsible for controlling who is permitted to access the network? - Authentication - Authorization - Accounting
Authentication
In an 802.1X implementation, which device is responsible for relaying responses? - Supplicant - Authenticator - Router - Authentication Server - Client
Authenticator
Which AAA component is responsible for determining what the user can access? - Authentication - Authorization - Accounting
Authorization
A threat actor discovers the IOS version and IP addresses of the local switch. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping
CDP Reconnaissance
Which of the following mitigation techniques prevents ARP spoofing and ARP poisoning attacks? - IPSG - DHCP Snooping - DAI - Port Security
DAI
Which of the following mitigation techniques prevents DHCP starvation and DHCP spoofing attacks? - IPSG - DHCP Snooping - DAI - Port Security
DHCP Snooping
A threat actor leases all the available IP addresses on a subnet. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping
DHCP Starvation
Which of the following mitigation techniques prevents MAC and IP address spoofing? - IPSG - DHCP Snooping - DAI - Port Security
IPSG
What mitigation technique must be implemented to prevent MAC address overflow attacks? - IPSG - DAI - Port Security - DCHP Snooping
Port Security
Which of the following mitigation techniques prevents many types of attacks including MAC address table overflow and DHCP starvation attacks? - IPSG - DHCP Snooping - DAI - Port Security
Port Security
Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command? - flash - NVRAM - ROM - RAM
RAM
Which attack encrypts the data on hosts in an attempt to extract a monetary payment from the victim? - DDoS - Data Breach - Malware - Ransomware
Ransomware
What would be the primary reason a threat actor would launch a MAC address overflow attack? - So that the threat actor can see frames that are destined for other devices - So that the threat actor can execute arbitrary code on the switch - So that the switch stops forwarding traffic - So that legitimate hose cannot obtain a MAC address.
So that the threat actor can see frames that are destined for other devices
What is the behavior of a switch as a result of a successful MAC address table attack? - The switch will shutdown - The switch interfaces will transition to the error-disabled state - The switch will forward all received frames to all other ports within the VLAN. - The switch will drop all received frames
The switch will forward all received frames to all other ports within the VLAN.
True or False? In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.
True
A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping
VLAN Hopping
Which of the following wireless networks typically uses lower powered transmitters for short ranges? - WPAN - WLAN - WMAN - WWAN
WPAN
Which device monitors HTTP traffic to block access to risky sites and encrypt outgoing messages? - NGFW - ESA - NAC - WSA
WSA
