14.3 Practice Quiz
After enabling the DHCP snooping feature, you want to apply it to your network globally. Which command will apply DHCP snooping globally?
ip dhcp snooping
Drag the description on the left to the appropriate switch attack type shown on the right.
ARP Spoofing/Poisoning The source device sends frames to the attacker's MAC address instead of the correct device. VLAN Hopping Switch spoofing and double tagging are the two primary ways an attacker can execute the exploit. MAC Flooding Fills the forwarding table with packets consuming switch memory forcing failopen mode. MAC Spoofing Used to hide the identity of the attacker's computer or impersonate another device on the network.
Match the common threat mitigation techniques that are used to protect against attacks, listed on the left, with the appropriate descriptions on the right. (Each technique may be used once, more than once, or not at all.)
Authentication uses usernames and passwords, smart cards, or other authentication methods. Port authentication (802.1x) The device responds with authentication credentials, which the switch forwards to the authentication device (such as a RADIUS server). Port authentication (802.1x) Protects against rogue servers being connected to the network and performing man-in-the-middle attacks. DHCP snooping Allows only authenticated devices to connect to the LAN through the switch. Port authentication (802.1x) Protects against network issues caused by an employee connecting a consumer-grade router to a network port. DHCP snooping
You've just enabled port security on an interface of a Catalyst 2950 switch. You want to generate an SNMP trap whenever a violation occurs. Which feature should you enable?
restrict The restrict feature configures two actions whenever a violation occurs: 1. The interface will not forward any frames from source addresses not assigned to the port. 12. The switch generates a console message and sends an SNMP trap to a designated network management station whenever a violation occurs. When the protect feature is enabled, the interface will not forward any frames from source addresses not assigned to the port. The shutdown feature shuts down the port when a violation occurs requiring it to be re-enabled by an administrator. There is secure feature in the switchport port-security violation command.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch.
You are configuring a new 2960 switch. You issue the following commands: switch(config)#interface fast 0/15 switch(config-if)#switchport mode access switch(config-if)#switchport port-security switch(config-if)#switchport port-security maximum 1 switch(config-if)#switchport port-security mac-address sticky switch(config-if)#switchport port-security violation protect You connect a hub with two workstations to port Fa0/15. You power on Device1 and then Device2. What will be the result?
Frames from Device1 will be allowed; frames from Device2 will be dropped. Based on this configuration, frames from Device1 will be allowed, while frames from Device2 will be dropped. The switch allows a single MAC address to connect to each switch port. The switch is configured to learn the MAC address of the first device that connects, and grants access only to that device. When a second device is attached to the port, the protect parameter drops packets from unauthorized devices. To allow both Device1 and Device2 to connect, set the maximum to 2. To disable a port when a violation occurs, configure shutdown as the violation method.
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC flooding
Which of the following are true of port security sticky addresses? (Select two.)
They are placed in the running-config file and can be saved to the startup-config file. They can be learned automatically or manually configured.
In which of the following situations would you use port security?
You want to restrict the devices that can connect through a switch port.
In which of the following situations would you use port security?
You want to restrict the devices that could connect through switch port.
