SWR 10-13
What two IEEE 802.11 wireless standards operate only in the 5 GHz range? (Choose two.) 802.11a 802.11b 802.11g 802.11n 802.11ac 802.11ad
802.11a 802.11ac
A network administrator is required to upgrade wireless access to end users in a building. To provide data rates up to 1.3 Gb/s and still be backward compatible with older devices, which wireless standard should be implemented? 802.11n 802.11ac 802.11g 802.11b
802.11ac
Which access control component, implementation, or protocol restricts LAN access through publicly accessible switch ports? 802.1X accounting authorization authentication
802.1X
On a Cisco 3504 WLC dashboard, which option provides access to the full menu of features? Rogues Advanced Access Points Network Summary
Advanced
What is an advantage of SSID cloaking? It provides free Internet access in public locations where knowing the SSID is of no concern. Clients will have to manually identify the SSID to connect to the network. SSIDs are very difficult to discover because APs do not broadcast them. It is the best way to secure a wireless network.
Clients will have to manually identify the SSID to connect to the network.
Which step is required before creating a new WLAN on a Cisco 3500 series WLC? Create a new SSID. Create a new VLAN interface. Build or have an SNMP server available. Build or have a RADIUS server available.
Create a new VLAN interface.
What are three techniques for mitigating VLAN attacks? (Choose three.) Disable DTP. Enable trunking manually. Set the native VLAN to an unused VLAN. Enable BPDU guard. Enable Source Guard. Use private VLANs.
Disable DTP. Enable trunking manually. Set the native VLAN to an unused VLAN.
A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac . What is the purpose of this configuration command? It checks the source MAC address in the Ethernet header against the MAC address table. It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs. It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body. It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
A network administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The configuration requires a shared secret password. What is the purpose for the shared secret password? It allows users to authenticate and access the WLAN. It is used by the RADIUS server to authenticate WLAN users. It is used to authenticate and encrypt user data on the WLAN. It is used to encrypt the messages between the WLC and the RADIUS server.
It is used to encrypt the messages between the WLC and the RADIUS server.
A network administrator is working to improve WLAN performance on a dual-band wireless router. What is a simple way to achieve a split-the-traffic result? Require all wireless devices to use the 802.11n standard. Check and keep the firmware of the wireless router updated. Make sure that different SSIDs are used for the 2.4 GHz and 5 GHz bands. Add a Wi-Fi range extender to the WLAN and set the AP and the range extender to serve different bands.
Make sure that different SSIDs are used for the 2.4 GHz and 5 GHz bands.
A network administrator deploys a wireless router in a small law firm. Employee laptops join the WLAN and receive IP addresses in the 10.0.10.0/24 network. Which service is used on the wireless router to allow the employee laptops to access the internet? DNS NAT DHCP RADIUS
NAT
Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.) Port Security IP Source Guard DHCP Snooping Web Security Appliance Dynamic ARP Inspection
Port Security DHCP Snooping
Which service can be used on a wireless router to prioritize network traffic among different types of applications so that voice and video data are prioritized over email and web data? NAT QoS DNS DHCP
QoS
A network administrator of a college is configuring the WLAN user authentication process. Wireless users are required to enter username and password credentials that will be verified by a server. Which server would provide such service? AAA NAT SNMP RADIUS
RADIUS
Which two commands can be used to enable BPDU guard on a switch? (Choose two.) S1(config)# spanning-tree bpduguard default S1(config-if)# spanning-tree bpduguard enable S1(config-if)# enable spanning-tree bpduguard S1(config-if)# spanning-tree portfast bpduguard S1(config)# spanning-tree portfast bpduguard default
S1(config-if)# spanning-tree bpduguard enable S1(config-if)# spanning-tree portfast bpduguard
Which protocol can be used to monitor the network? AAA SNMP DHCP RADIUS
SNMP
Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices? SCP SSH TFTP SNMP
SSH
What are two protocols that are used by AAA to authenticate users against a central database of usernames and password? (Choose two.) NTP TACACS+ SSH HTTPS RADIUS CHAP
TACACS+ HTTPS
Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN? DTP spoofing DHCP spoofing VLAN double-tagging DHCP starvation
VLAN double-tagging
On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to access and configure a WLAN for a specific security option such as WPA2? WLANs SECURITY WIRELESS MANAGEMENT
WLANs
The company handbook states that employees cannot have microwave ovens in their offices. Instead, all employees must use the microwave ovens located in the employee cafeteria. What wireless security risk is the company trying to avoid? accidental interference improperly configured devices interception of data rogue access points
accidental interference
Which access control component, implementation, or protocol audits what users actions are performed on the network? accounting authorization 802.1X authentication
accounting
Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources? accessibility accounting authentication authorization
accounting
Which type of management frame may regularly be broadcast by an AP? beacon probe request authentication probe response
beacon
What is a wireless security mode that requires a RADIUS server to authenticate wireless users? enterprise personal shared key WEP
enterprise
Which wireless network topology would be used by network engineers to provide a wireless network for an entire college building? ad hoc hotspot infrastructure mixed mode
infrastructure
Which authentication method stores usernames and passwords in the router and is ideal for small networks? local AAA local AAA over RADIUS local AAA over TACACS+ server-based AAA server-based AAA over RADIUS server-based AAA over TACACS+
local AAA
What type of wireless antenna is best suited for providing coverage in large open spaces, such as hallways or large conference rooms? omnidirectional directional Yagi dish
omnidirectional
What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces? preventing rogue switches from being added to the network protecting against Layer 2 loops enforcing the placement of root bridges preventing buffer overflow attacks
preventing rogue switches from being added to the network
A network administrator is configuring port security on a Cisco switch. The company security policy specifies that when a violation occurs, packets with unknown source addresses should be dropped and no notification should be sent. Which violation mode should be configured on the interfaces? off restrict protect shutdown
protect
As part of the new security policy, all switches on the network are configured to automatically learn MAC addresses for each port. All running configurations are saved at the start and close of every business day. A severe thunderstorm causes an extended power outage several hours after the close of business. When the switches are brought back online, the dynamically learned MAC addresses are retained. Which port security configuration enabled this? auto secure MAC addresses dynamic secure MAC addresses static secure MAC addresses sticky secure MAC addresses
sticky secure MAC addresses
Which feature on a switch makes it vulnerable to VLAN hopping attacks? the mixed duplex mode enabled for all ports by default the limited size of content-addressable memory space mixed port bandwidth support enabled for all ports by default the automatic trunking port feature enabled for all ports by default
the automatic trunking port feature enabled for all ports by default
What device is considered a supplicant during the 802.1X authentication process? the client that is requesting authentication the switch that is controlling network access the authentication server that is performing client authentication the router that is serving as the default gateway
the client that is requesting authentication
Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks? mixed duplex mode enabled for all ports by default the limited size of content-addressable memory space the automatic trunking port feature enabled for all ports by default the native VLAN of the trunking port being the same as a user VLAN
the native VLAN of the trunking port being the same as a user VLAN
A technician is configuring the channel on a wireless router to either 1, 6, or 11. What is the purpose of adjusting the channel? to disable broadcasting of the SSID to enable different 802.11 standards to provide stronger security modes to avoid interference from nearby wireless devices
to avoid interference from nearby wireless devices
What is the function provided by CAPWAP protocol in a corporate wireless network? CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access point and a wireless LAN controller. CAPWAP provides the encryption of wireless user traffic between an access point and a wireless client. CAPWAP provides connectivity between an access point using IPv6 addressing and a wireless client using IPv4 addressing. CAPWAP creates a tunnel on Transmission Control Protocol (TCP) ports in order to allow a WLC to configure an autonomous access point.
CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access point and a wireless LAN controller.
A technician is about to install and configure a wireless network at a small branch office. What is the first security measure the technician should apply immediately upon powering up the wireless router? Configure encryption on the wireless router and the connected wireless devices. Disable the wireless network SSID broadcast. Change the default user-name and password of the wireless router. Enable MAC address filtering on the wireless router.
Change the default user-name and password of the wireless router.
What represents a best practice concerning discovery protocols such as CDP and LLDP on network devices? Use the open standard LLDP rather than CDP. Disable both protocols on all interfaces where they are not required. Use the default router settings for CDP and LLDP. Enable CDP on edge devices, and enable LLDP on interior devices.
Disable both protocols on all interfaces where they are not required.
A laptop cannot connect to a wireless access point. Which two troubleshooting steps should be taken first? (Choose two.) Ensure that the wireless NIC is enabled. Ensure that the laptop antenna is attached. Ensure that the wireless SSID is chosen. Ensure that the correct network media is selected. Ensure that the NIC is configured for the proper frequency.
Ensure that the wireless NIC is enabled. Ensure that the wireless SSID is chosen.
A network administrator enters the following commands on the switch SW1.SW1(config)# interface range fa0/5 - 10 SW1(config-if)# ip dhcp snooping limit rate 6 What is the effect after these commands are entered? FastEthernet ports 5 through 10 can receive up to 6 DHCP discovery messages per second. FastEthernet ports 5 through 10 can receive up to 6 DHCP messages per second of any type. If any of the FastEthernet ports 5 through 10 receive more than 6 DHCP messages per second, the port will be shut down. If any of the FastEthernet ports 5 through 10 receive more than 6 DHCP messages per second, the port will continue to operate and an error message will be sent to the network administrator.
FastEthernet ports 5 through 10 can receive up to 6 DHCP discovery messages per second
Which statement describes the behavior of a switch when the MAC address table is full? It treats frames as unknown unicast and floods all incoming frames to all ports on the switch. It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN. It treats frames as unknown unicast and floods all incoming frames to all ports within the collision domain. It treats frames as unknown unicast and floods all incoming frames to all ports across multiple switches.
It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.
What is the result of a DHCP starvation attack? Legitimate clients are unable to lease IP addresses. Clients receive IP address assignments from a rogue DHCP server. The attacker provides incorrect DNS and default gateway information to clients. The IP addresses assigned to legitimate clients are hijacked.
Legitimate clients are unable to lease IP addresses
Which three parameters would need to be changed if best practices are being implemented for a home wireless AP? (Choose three.) SSID AP password antenna frequency wireless beacon time wireless network password wireless client operating system password
SSID AP password wireless network password
A technician is troubleshooting a slow WLAN that consists of 802.11b and 802.11g devices . A new 802.11n/ac dual-band router has been deployed on the network to replace the old 802.11g router. What can the technician do to address the slow wireless speed? Change the SSID. Configure devices to use a different channel. Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band. Update the firmware on the new router.
Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band.
A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service? The 5 GHz band has a greater range and is therefore likely to be interference-free. Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will result in fewer users accessing these services. The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia. The only users that can switch to the 5 GHz band will be those with the latest wireless NICs, which will reduce usage.
The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.
While attending a conference, participants are using laptops for network connectivity. When a guest speaker attempts to connect to the network, the laptop fails to display any available wireless networks. The access point must be operating in which mode? active mixed open passive
active
Which access control component, implementation, or protocol is implemented either locally or as a server-based solution? authentication authorization accounting 802.1X
authentication
Which access control component, implementation, or protocol controls what users can do on the network? authorization authentication accounting 802.1X
authorization
Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform? auditing accounting authorization authentication
authorization
An IT security specialist enables port security on a switch port of a Cisco switch. What is the default violation mode in use until the switch port is configured to use a different violation mode? restrict disabled protect shutdown
shutdown
What are the two methods that are used by a wireless NIC to discover an AP? (Choose two.) sending an ARP request delivering a broadcast frame transmitting a probe request initiating a three-way handshake receiving a broadcast beacon frame
transmitting a probe request receiving a broadcast beacon frame
Which type of wireless network is suitable for use in a home or office? wireless local-area network wireless metropolitan-area network wireless personal-area network wireless wide-area network
wireless local-area network
Which type of wireless network uses transmitters to provide wireless service over a large urban region? wireless metropolitan-area network wireless local-area network wireless wide-area network wireless personal-area network
wireless metropolitan-area network
Which type of wireless network commonly uses Bluetooth or ZigBee devices? wireless personal-area network wireless local-area network wireless metropolitan-area network wireless wide-area network
wireless personal-area network
Which type of wireless network uses transmitters to provide coverage over an extensive geographic area? wireless wide-area network wireless metropolitan-area network wireless local-area network wireless personal-area network
wireless wide-area network