CIS 102 Chapter 3 Quiz
In a basic VLAN hopping attack, which switch feature do attackers take advantage of?
an open Telnet connection *the default automatic trunking configuration* automatic encapsulation negotiation forwarding of broadcasts
A network administrator is determining the best placement of VLAN trunk links. Which two types of point-to-point connections utilize VLAN trunking? (Choose two.)
between a switch and a network printer *between two switches that utilize multiple VLANs * between two switches that share a common VLAN between a switch and a client PC *between a switch and a server that has an 802.1Q NIC*
Which command is used to remove only VLAN 20 from a switch?
delete flash:vlan.dat *no vlan 20 * delete vlan.dat no switchport access vlan 20
Place the options in the following order:
permanent nontrunking mode (not used) *dynamic auto* - passively waits for the neighbor to initiate trunking *nonegotiate* - requires manual configuration of trunking or nontrunking *dynamic desirable *- actively attempst to convert the link to a trunk *trunk* - permanent trunking mode
Under which two occasions should an administrator disable DTP while managing a local area network? (Choose two.)
when a neighbor switch uses a DTP mode of dynamic desirable *when connecting a Cisco switch to a non-Cisco switch* *on links that should not be trunking* when a neighbor switch uses a DTP mode of dynamic auto on links that should dynamically attempt trunking
A Cisco Catalyst switch has been added to support the use of multiple VLANs as part of an enterprise network. The network technician finds it necessary to clear all VLAN information from the switch in order to incorporate a new network design. What should the technician do to accomplish this task?
Erase the running configuration and reboot the switch. Erase the startup configuration and reboot the switch. *Delete the startup configuration and the vlan.dat file in the flash memory of the switch and reboot the switch.* Delete the IP address that is assigned to the management VLAN and reboot the switch.
Which two statements are true about VLAN implementation? (Choose two.)
The number of required switches in a network decreases. *VLANs logically group hosts, regardless of physical location.* The size of the collision domain is reduced. The network load increases significantly because of added trunking information. *Devices in one VLAN do not hear the broadcasts from devices in another VLAN*
What happens to a port that is associated with VLAN 10 when the administrator deletes VLAN 10 from the switch?
*The port becomes inactive. * The port creates the VLAN again. The port automatically associates itself with the native VLAN. The port goes back to the default VLAN
What is the effect of issuing a switchport access vlan 20 command on the Fa0/18 port of a switch that does not have this VLAN in the VLAN database?
*VLAN 20 will be created automatically. * An error stating that VLAN 20 does not exist will be displayed and VLAN 20 is not created. The command will have no effect on the switch. Port Fa0/18 will be shut down.
Refer to the exhibit. A frame is traveling between PC-A and PC-B through the switch. Which statement is true concerning VLAN tagging of the frame?
A VLAN tag is added when the frame is accepted by the switch. A VLAN tag is added when the frame is forwarded out the port to PC-B. A VLAN tag is added when the frame leaves PC-A. *No VLAN tag is added to the frame.*
Which two Layer 2 security best practices would help prevent VLAN hopping attacks? (Choose two.)
Change the management VLAN to a distinct VLAN that is not accessible by regular users. *Change the native VLAN number to one that is distinct from all user VLANs and is not VLAN 1.* Statically configure all ports that connect to end-user host devices to be in trunk mode. *Disable DTP autonegotiation on end-user ports.* Use SSH for all remote management access.
Refer to the exhibit. Interface Fa0/1 is connected to a PC. Fa0/2 is a trunk link to another switch. All other ports are unused. Which security best practice did the administrator forget to configure?
Configure all unused ports to a 'black-hole' VLAN that is not used for anything on the network. Change the native VLAN to a fixed VLAN that is distinct from all user VLANs and to a VLAN number that is not VLAN 1. *All user ports are associated with VLANs distinct from VLAN 1 and distinct from the 'black-hole' VLAN.* Disable autonegotiation and set ports to either static access or static trunk
What must the network administrator do to remove Fast Ethernet port fa0/1 from VLAN 2 and assign it to VLAN 3?
Enter the no shutdown in interface configuration mode to return it to the default configuration and then configure the port for VLAN 3. Enter the switchport trunk native vlan 3 command in interface configuration mode. *Enter the switchport access vlan 3 command in interface configuration mode.* Enter the no vlan 2 and the vlan 3 commands in global configuration mode.
A Cisco switch currently allows traffic tagged with VLANs 10 and 20 across trunk port Fa0/5. What is the effect of issuing a switchport trunk allowed vlan 30 command on Fa0/5?
It allows a native VLAN of 30 to be implemented on Fa0/5. It allows VLANs 1 to 30 on Fa0/5. It allows VLANs 10, 20, and 30 on Fa0/5. *It allows only VLAN 30 on Fa0/5.*
What VLANs are allowed across a trunk when the range of allowed VLANs is set to the default value?
Only the native VLAN will be allowed across the trunk. *All VLANs will be allowed across the trunk.* Only VLAN 1 will be allowed across the trunk. The switches will negotiate via VTP which VLANs to allow across the trunk
Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. Which PCs will receive the broadcast sent by PC-C?
PC-A, PC-B PC-A, PC-B, PC-D, PC-E, PC-F PC-A, PC-B, PC-D, PC-E PC-A, PC-B, PC-E *PC-D, PC-E *
Port Fa0/11 on a switch is assigned to VLAN 30. If the command no switchport access vlan 30 is entered on the Fa0/11 interface, what will happen?
Port Fa0/11 will be shutdown. *Port Fa0/11 will be returned to VLAN 1.* VLAN 30 will be deleted. An error message would be displayed.
Which command should the network administrator implement to prevent the transfer of DTP frames between a Cisco switch and a non-Cisco switch?
S1(config-if)# switchport mode dynamic desirable S1(config-if)# switchport mode trunk S1(config-if)# switchport mode access *S1(config-if)# switchport nonegotiate* S1(config-if)# switchport trunk allowed vlan none
Refer to the exhibit. PC-A and PC-B are both in VLAN 60. PC-A is unable to communicate with PC-B. What is the problem?
The native VLAN is being pruned from the link. The native VLAN should be VLAN 60. *The VLAN that is used by PC-A is not in the list of allowed VLANs on the trunk.* The trunk has been configured with the switchport nonegotiate command.
Which three statements accurately describe VLAN types? (Choose three).
VLAN 1 is always used as the management VLAN. Voice VLANs are used to support user phone and e-mail traffic on a network. A data VLAN is used to carry VLAN management data and user-generated traffic. *A management VLAN is any VLAN that is configured to access management features of the switch. * *An 802.1Q trunk port, with a native VLAN assigned, supports both tagged and untagged traffic. * *After the initial boot of an unconfigured switch, all ports are members of the default VLAN. *
Which command displays the encapsulation type, the voice VLAN ID, and the access mode VLAN for the Fa0/1 interface?
show mac address-table interface Fa0/1 show vlan brief show interfaces trunk *show interfaces Fa0/1 switchport*
Fill in the blank. Use the full command syntax. The command displays the VLAN assignment for all ports as well as the existing VLANs on the switch.
show vlan brief
Which switch feature ensures that no unicast, multicast, or broadcast traffic is passed between ports that are configured with this feature?
switch port security *PVLAN protected port* ACL VLAN
Refer to the exhibit. DLS1 is connected to another switch, DLS2, via a trunk link. A host that is connected to DLS1 is not able to communicate to a host that is connected to DLS2, even though they are both in VLAN 99. Which command should be added to Fa0/1 on DLS1 to correct the problem?
switchport mode dynamic auto *switchport trunk native vlan 66* switchport trunk allowed vlan add 99 switchport nonegotiate
