Cisco 2 Midterm Study Guide
Which port speed will be autonegotiated between a host with a 1 Gbps NIC connecting to a Cisco Catalyst 2960 switch with a 100 Mbps port? 10 Mbps 100 Mbps 1 Gbps 10 Gbps
100 Mbps
When verifying routes, what code is used to identify directly connected routes in the routing table? C D L R
C
A threat actor discovers the IOS version and IP addresses of the local switch. What type of attack is this? Address spoofing ARP spoofing CDP reconnaissance DHCP starvation STP attack VLAN hopping
CDP reconnaissance
Which of the following mitigation techniques prevents MAC and IP address spoofing? IPSG DHCP snooping DAI Port security
IPSG
Refer to the exhibit Question 2 Topology. PC2 sends an ARP broadcast frame. Which PCs will receive the ARP broadcast frame? (Choose all that apply.) PC1 PC3 PC4 PC5 PC6
PC3, PC4, PC6
What mitigation technique must be implemented to prevent MAC address overflow attacks? IPSG DAI Port security DHCP snooping
Port security
Which two commands can be used to enable PortFast on a switch? (Choose two.) S1(config-if)# spanning-tree portfast S1(config-line)# spanning-tree portfast S1(config)# spanning-tree portfast default S1(config-if)# enable spanning-tree portfast S1(config)# enable spanning-tree portfast default
S1(config-if)# spanning-tree portfast S1(config)# spanning-tree portfast default
A threat actor sends a BPDU message with priority 0. What type of attack is this? Address spoofing ARP spoofing CDP reconnaissance DHCP starvation STP attack VLAN hopping
STP attack
Which filtering expression will show all output lines starting from the line matching the filtering expression? section begin include
begin
What is the default switchport mode for Cisco Catalyst switches? access trunk dynamic auto dynamic desirable
dynamic auto
True or false? DTP is an open standard IEEE protocol that specifies auto negotiation of switch trunk links. true false
false
True or false? Two switchports on a link both configured as dynamic auto will successfully negotiate a trunk. true false
false
Which two special characteristics do LAN switches use to alleviate network congestion? (Choose two.) fast port speeds fast internal switching low port densities small frame buffers
fast port speeds, fast internal switching
You are troubleshooting an inter-VLAN issue on a router and need to verify the status and IP address of all interfaces in a condensed format. Which inter-VLAN routing troubleshooting command would you use to do this? show interfaces show interfaces [interface-id] switchport show ip interface brief show ip route show vlan
show ip interface brief
You are troubleshooting an inter-VLAN issue on a router and need to verify that the subinterfaces are in the routing table. Which inter-VLAN routing troubleshooting command would you use to do this? show interfaces show interfaces [interface-id] switchport show ip interface brief show ip route show vlan
show ip route
Which command will display a summary of all IPv6-enabled interfaces on a router that includes the IPv6 address and operational status? show ip interface brief show ipv6 route show running-config interface show ipv6 interface brief
show ipv6 interface brief
You are troubleshooting an inter-VLAN issue on a switch and need to check the list of VLANs and their assigned ports. Which inter-VLAN routing troubleshooting command would you use to do this? show interfaces show interfaces [interface-id] switchport show ip interface brief show ip route show vlan
show vlan
Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco? shutdown ip dhcp snooping switchport port-security mac-address sticky switchport port-security violation shutdown switchport port-security mac-address sticky [mac-address]
shutdown
A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command? to check the destination MAC address in the Ethernet header against the MAC address table to check the destination MAC address in the Ethernet header against the user-configured ARP ACLs to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body to check the destination MAC address in the Ethernet header against the source MAC address in the ARP body
to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body
Which two DTP modes will form a trunk with an interface that is configured as dynamic auto? (Choose two.) trunk dynamic desirable
trunk, dynamic desirable
What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.) unknown port untrusted port unauthorized port trusted DHCP port authorized DHCP port established DHCP port
untrusted port, trusted DHCP port
Which AAA component is responsible for controlling who is permitted to access the network? Authentication Authorization Account
Authentication
Refer to the exhibit Question 1 Topology. PC1 sends an ARP broadcast frame. Which PC will receive the ARP broadcast frame? PC2 PC3 PC4 PC5 PC6
PC4
A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router? ip arp inspection vlan ip arp inspection trust ip dhcp snooping spanning-tree portfast
ip arp inspection trust
A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first? ip dhcp snooping ip dhcp snooping vlan ip dhcp snooping trust ip dhcp snooping limit rate
ip dhcp snooping
A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor's device is the default gateway. What type of attack is this? Address spoofing ARP spoofing CDP reconnaissance DHCP starvation STP attack VLAN hopping
ARP spoofing
Which AAA component is responsible for collecting and reporting usage data for auditing and billing purposes? Authentication Authorization Account
Accounting
A threat actor changes the MAC address of the threat actor's device to the MAC address of the default gateway. What type of attack is this? Address spoofing ARP spoofing CDP reconnaissance DHCP starvation STP atack VLAN hopping
Address spoofing
What is a recommended best practice when dealing with the native VLAN? Turn off DTP Use port security Assign it to an unused VLAN Assign the same VLAN number as the management VLAN
Assign it to an unused VLAN
In an 802.1X implementation, which device is responsible for relaying responses? Supplicant Authenticator Router Authentication server Client
Authenticator
Which AAA component is responsible for determining what the user can access? Authentication Authorization Account
Authorization
Which of the following mitigation techniques prevents ARP spoofing and ARP poisoning attacks? IPSG DHCP snooping DAI Port security
DAI
Which of the following mitigation techniques prevents DHCP starvation and DHCP spoofing attacks? IPSG DHCP snooping DAI Port security
DHCP snooping
A threat actor leases all the available IP addresses on a subnet. What type of attack is this? Address spoofing ARP spoofing CDP reconnaissance DHCP starvation STP attack VLAN hopping
DHCP starvation
What is the best way to prevent a VLAN hopping attack? Disable STP on all nontrunk ports Use ISL encapsulation on all trunk links Use VLAN 1 as the native VLAN on trunk ports Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports
Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports
Which device monitors SMTP traffic to block threats and encrypt outgoing messages to prevent data loss? NGFW ESA NAC WSA
ESA
Which procedure is recommended to mitigate the chances of ARP spoofing? Enable port security globally. Enable DHCP snooping on selected VLANs Enable DAI on the management VLAN Enable IP Source Guard on trusted ports
Enable DHCP snooping on selected VLANs
True or False? It is a best practice to configure the native VLAN as VLAN 1. True False
False
An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation? Reboot the switch Issue the shutdown command followed by the no shutdown command on the interface Issue the no switchport port-security command, then re-enable port security Issue the no switchport port-security violation shutdown command on the interface
Issue the shutdown command followed by the no shutdown command on the interface
Refer to the exhibit Question 3 Topology. PC3 sends an ARP broadcast frame. Which PC will receive the ARP broadcast frame? PC1 PC2 PC4 PC5 PC6
PC5
Which of the following mitigation techniques prevents many types of attacks including MAC address table overflow and DHCP starvation attacks? IPSG DHCP snooping DAI Port security
Port security
Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command? ROM RAM NVRAM flash
RAM
Which attack encrypts the data on hosts in an attempt to extract a monetary payment from the victim? DDoS Data breach Malware Ransomware
Ransomware
Refer to each of the scenario topologies. Which statements best describe the different types of inter-VLAN routing solutions? (Choose all that apply.) Scenario A is a legacy inter-VLAN solution. Scenario B is a Layer 3 inter-VLAN solution. Scenario B and C are both Router-on-a-stick inter-VLAN solutions. Scenario A is a Layer 3 inter-VLAN solution. Scenario B is a legacy inter-VLAN solution. Scenario C is a router-on-a-stick inter-VLAN solution.
Scenario A is a Layer 3 inter-VLAN solution. Scenario B is a legacy inter-VLAN solution. Scenario C is a router-on-a-stick inter-VLAN solution.
What would be the primary reason a threat actor would launch a MAC address overflow attack? So that the threat actor can see frames that are destined for other devices. So that the threat actor can execute arbitrary code on the switch. So that the switch stops forwarding traffic So that legitimate hosts cannot obtain a MAC address.
So that the threat actor can see frames that are destined for other devices.
An IPv6-enabled interface is required to have which type of address? loopback global unicast link-local static
link-local
Which type of VLAN is assigned to 802.1Q trunk ports to carry untagged traffic? default native data management
native
What character is used to enable the filtering of commands? pipe | comma , colon : semi colon ;
pipe |
Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch? BPDU filter port security storm control root guard
port security
Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.) port security extended ACL DHCP snooping DHCP server failover strong password on DHCP servers
port security, DHCP snooping
Which device separates broadcast domains? access point hub router switch
router
Which command will display packet flow counts, collisions, and buffer failures on an interface? show interface show ip interface show running-config interface
show interface
You are troubleshooting an inter-VLAN issue on a router and need to verify the status of an access port and its access mode VLAN. Which troubleshooting command would you use to do this? show interfaces show interfaces interface-id switchport show ip interface brief show vlan
show interfaces [interface-id] switchport
What is the behavior of a switch as a result of a successful MAC address table attack? The switch will shut down. The switch interfaces will transition to the error-disabled state. The switch will forward all received frames to all other ports within the VLAN. The switch will drop all received frames.
The switch will forward all received frames to all other ports within the VLAN.
True or False? VLANs can improve security by isolating sensitive data from the rest of the network. True False
True
True or False? VLANs improve network performance by segmenting broadcast domains. True False
True
A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch. What type of attack is this? Address spoofing ARP spoofing CDP reconnaissance DHCP starvation STP attack VLAN hopping
VLAN hopping
What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol? VLAN hopping DHCP spoofing ARP poisoning ARP spoofing
VLAN hopping
Which of the following mitigation techniques are used to protect Layer 3 through Layer 7 of the OSI Model? (Choose three.) DHCP snooping VPN Firewalls IPSG IPS devices
VPN, Firewalls, IPS devices
Which devices are specifically designed for network security? (Choose three) VPN-enabled router NGFW Switch WLC NAC
VPN-enabled router, NGFW, NAC
Which device monitors HTTP traffic to block access to risky sites and encrypt outgoing messages? NGFW ESA NAC WSA
WSA
Which is true of VLAN 1? (Choose all that apply.) All switch ports are assigned to VLAN 1 by default. The Native VLAN is VLAN 1 by default. The management VLAN is VLAN 1 by default. VLAN 1 cannot be renamed or deleted.
all are correct
On what switch ports should PortFast be enabled to enhance STP stability? all end-user ports only ports that attach to a neighboring switch all trunk ports that are not root ports only ports that are elected as designated ports
all end-user ports
