Security+ Section 5.11.12 Quiz
Which of the following switch attacks associates the attacker's MAC address with the IP address of the victim's devices?
ARP spoofing/poisoning - ARP spoofing/poisoning associates the attacker's MAC address with the IP address of the victim.
Drag an Drop ARP spoofing/poisoning Dynamic Trunking Protocol (DTP) MAC Flooding MAC Spoofing
ARP spoofing/poisoning- The source device sends frames to the attacker's MAC address instead of the correct device. Dynamic Trunking Protocol (DTP)- Should be disabled on the switch's end user (access) ports before implementing the switch configuration into the network. MAC Flooding- Causes packets to fill up the forwarding table and consumes so much of the switch's memory that it enters a state called Fail Open Mode. MAC Spoofing- Can be used to hide the identity of the attacker's computer or impersonate another device on the network.
Which of the following is a typical goal of MAC spoofing?
Bypass 802.1x port-based security - MAC spoofing is changing the source MAC address on frames sent by the attacker. It is typically used to bypass 802.1x port-based security, to bypass wireless MAC filtering or hide the identity of the attacker's computer.
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so that only library computers are permitted connectivity to the internet. What can you do?
Configure port security on the switch - Configuring port security on the switch can restrict access so that only specific MAC addresses can connect to the configured switch port. This would prevent the laptop computers from being permitted connectivity.
Which of the following scenarios would typically utilize 802.1x authentication? Controlling access through a switch Controlling access through a router Authenticating VPN users through the internet Authenticating remote access clients
Controlling access through a switch. -802.1x authentication is an authentication method used on a LAN to allow or deny access based on a port or connection to the network. 802.1x is used for port authentication on switches and requires an authentication server for validating user credentials. This server is typically a RADIUS server.
Which protocol should you disable on the user access ports of a switch?
DTP - Switches have the ability to automatically detect ports that are trunk ports and to negotiate the trunking protocol used between devices. DTP is not secure and allows unauthorized devices to possibly modify configuration information. You should disable DTP services on the switch's end user (access) ports.
Which of the following best describes the concept of a virtual LAN?
Devices on the same network logically grouped as if they were on separate networks. -A virtual LAN is created by identifying a subset of devices on the same network and logically identifying them as if they were on separate networks. Think of VLANs as subdivisions of a LAN.
Which of the following attacks, if successful, causes a switch to function like a hub?
MAC Flooding - MAC flooding overloads the switch's MAC forwarding table to make the switch function like a hub. The attacker floods the switch with packets, each containing different source MAC addresses. The flood of packets fills up the forwarding table and consumes so much of the memory in the switch that it causes the switch to enter a state called fail open mode. While in this mode, all incoming packets are broadcast out of all ports (as with a hub), instead of just to the correct ports, as per normal operation.
You manage a single subnet with three switches. They are connected to provide redundant paths between the switches. Which feature prevents switching loops and ensures there is only a single active path between any two switches?
Spanning Tree Protocol - Spanning Tree Protocol is a protocol on a switch that allows the switch to maintain multiple paths between switches within a subnet. Spanning Tree Protocol runs on each switch and is used to select a single path between any two switches. Without Spanning Tree Protocol, switches that are connected together with multiple links would form a switching loop where frames are passed back and forth continuously. Spanning Tree Protocol provides only a single active path between switches. Switch ports that are part of that path are placed in a forwarding state. Switch ports that are part of redundant but unused paths are placed in a blocking (non-forwarding) state. When an active path goes down, Spanning Tree Protocol automatically recovers and activates the backup ports necessary to provide continued connection between devices.
When configuring VLANs on a switch, which type of switch ports are members of all VLANs defined on the switch?
Trunk Ports - A trunk port is a member of all VLANs defined on a switch and carries traffic between the switches. When trunking is used, frames that are sent over a trunk port are tagged by the first switch with the VLAN ID so that the receiving switch knows to which VLAN the frame belongs. Typically, uplink ports (which are faster than the other switch ports) are used for trunk ports, although any port can be designated as a trunk port.