NetAuth Mod14

hat additional security measure must be enabled along with IP Source Guard to protect against address spoofing? port security BPDU Guard DHCP snooping root guard

BPDU Guard

What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease? DHCP spoofing. DHCP starvation .CAM table attack. IP address spoofing.

DHCP starvation

What action can a network administrator take to help mitigate the threat of VLAN hopping attacks? Disable automatic trunking negotiation Configure all switch ports to be members of VLAN 1. Enable PortFast on all switch ports. Disable VTP.

Disable automatic trunking negotiation

What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow? Disable STP. Enable port security. Disable DTP. Place unused ports in an unused VLAN.

Enable Port Security

A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command? It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs. It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body. It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body. It checks the source MAC address in the Ethernet header against the MAC address table.

It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.

Which statement describes the behavior of a switch when the MAC address table is full? It treats frames as unknown unicast and floods all incoming frames to all ports on the switch. It treats frames as unknown unicast and floods all incoming frames to all ports within the collision domain. It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN. It treats frames as unknown unicast and floods all incoming frames to all ports across multiple switches.

It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.

When security is a concern, which OSI Layer is considered to be the weakest link in a network system? Layer 2 Layer 3 Layer 4 Layer 7 Layer 6

Layer 2

A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation? VLAN hopping. DHCP spoofing. MAC address table overflow Port hopping. VLAN double-tagging.

MAC address table overflow

If two switches are configured with the same priority and the same extended system ID, what determines which switch becomes the root bridge? The Layer 2 address with the lowest hexadecimal value. The lowest IP address. The highest BID. The MAC address with the highest hexadecimal value.

The Layer 2 address with the lowest hexadecimal value.

What determines which switch becomes the STP root bridge for a given VLAN? The highest priority. The highest MAC address. The lowest bridge ID The lowest IP address.

The lowest bridge ID

What is the only type of port that an isolated port can forward traffic to on a private VLAN? another isolated port any access port in the same PVLAN a promiscuous port a community port

a promiscuous port

What is the only type of traffic that is forwarded by a PVLAN protected port to other protected ports? control broadcast user management

control