Network Handling
Match the port security MAC address type on the left with it's description on the right.
A MAC address that is manually identified as an allowed address: SecureConfigured A MAC address that has been learned and allowed by the switch: SecureDynamic A MAC address that is manually configured or dynamically learned and is saved in the config file: SecureSticky
Which of the following are best practices for hardening a server?
Apply the latest patches and service packs, Ensure that a host-based firewall is running, and disable or uninstall unnecessary software.
A network switch detects a DHCP frame on the LAN that appears to have come from a DHCP server that is not located on the local network. In fact, it appears to have originated from outside the organization's firewall. As a result, the switch drops the DHCP message from that server. Which security feature was enabled on the switch to accomplish this?
DHCP snooping
Which of the following is a best practice for router security?
Disable unused protocols, services, and ports.
A network switch is configured to perform the following validation checks on its ports: All ARP requests and responses are intercepted. Each intercepted request is verified to ensure that it has a valid IP-to-MAC address binding. If the packet has a valid binding, the switch forwards the packet to the appropriate destination. If the packet has an invalid binding, the switch drops the ARP packet. Which security feature was enabled on the switch to accomplish this task?
Dynamic ARP inspection
Match the Network Access Protection (NAP) component on the left with its description on the right.
Generates a Statement of Health (SoH) that reports client configuration for health requirements. : NAP Client Runs the System Health Validator (SHV) program. : Nap Server Is a client's connection point to the network: Enforcement server (ES) Contains resources accessible to non-compliant computers on a limited access network: Remediation server
You are in the process of implementing a Network Access Protection (NAP) infrastructure to increase your network's security. You are currently configuring the remediation network that non-compliant clients will connect to in order to become compliant. The remediation network needs to be isolated from the secure network. Which technology should you implement to accomplish this task?
Network segmentation
You manage a network that uses switches. In the lobby of your building are three RJ45 ports connected to a switch. You want to make sure visitors cannot plug their computers in to the free network jacks and connect to the network, but you want employees who plug into those same jacks be able to connect to the network. Which feature should you configure?
Port authentication
Which type of security uses MAC addressers to identify devices that are allowed or denied connection to a switch?
Port security
You have a company network with a single switch. All devices connect to the network through the switch. You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access except to a special server that holds the patches the computers need to download. Which of the following components should be part of your solution?
Remediation Servers & 802.1x authentication