MIDTERM 2
What commands are used to set the NTP server to 192.168.16.1 and then verify the time source?
- ntp server 192.168.16.1 - show clock detail
The switchport port-security violation command is used to ensure all security violations are detected. What are the available options for this command?
- restrict - protect - shutdown
Always-on VPN
A full time VPN usually between two firewalls or two routers
You configured DHCP to dynamically allocate IP addresses. Which of the following is the first step of the DHCP process for configuring clients?
DHCP discover
What function does IKE perform in the establishment of an IPsec VPN?
- IKE establishes secure two way management traffic communication - IKE establishes secure tunnel for end user data
What are some common Layer 2 attacks?
- MAC address spoofing - DHCP spoofing - ARP spoofing
What describes the NTP protocol?
- NTP ensures that time is consistent between all Cisco devices - Without setting NTP synchronization time slippage can occur
What global configuration commands are used to synchronize NTP to stratum 1 and allow the maximum of associations?
- ntp master 1 - ntp max-associations 10
Which statements describe the purpose of a DHCP spoofing attack?
- The attacker can control the IP addresses handed out to specific devices - Used as a type of network reconnaissance attack - Used to perform a man in the middle attack
What are the steps to configure a Cisco IOS DHCPserver?
1. Exclude IP addresses from the DHCP assignment 2. Enter the DHCP pool configuration mode 3. Assign SHCP Parameters to the DHCP pool
What command must be entered on a router in order to support RADIUS security services?
AAA new-model
What device in a AAA framework is the initial direct recipient of user credentials?
Authenticator
You are only concerned about how many MAC addresses. can access a port when using port security, rather than which MAC address accesses a port. You also need a solution that clears out the MAC table after 5 minutes. This is an example of which feature?
Dynamic learning
NAT-T
Inserts a fake header to ensure the data can reach its destination correctly
Split-tunnel VPN
Only traffic destined to the protected LAN or DMZ traverses the VPN
Which switch port violation mode drops traffic from non-secure MAC addresses while keeping count of packets dropped?
Restrict
You have configured NTP as a client on a router called Branch. The output of the show ntp associations command indicates that router Branch has successfully synchronized with the NTP server. You now want to configure NTP as a client on switch SW1 as well. Which command should yo use on switch SW1?
SW1(config)#ntp server <ip address between server and router>
What is the default port security violation mode?
Shutdown
A client needs to telecommute from home to the office, and requires a VPN connection. Only work related traffic should traverse the tunnel, Internet traffic should not. Which technology would allow for this operation?
Split tunneling
You have configured an interface with port security. You have chosen to input the MAC addresses manually. This is an example of which feature?
Static learning
Which type of port security allows the interface to convert dynamically learned addresses to addresses that do not age out?
Sticky learning
What does the Accounting aspect of a AAA service refer to?
Tracking services used
Hairpinning
Traffic that enters and exits on the same interface
You need to exclude the IP address range of 10.1.50.1 to 10.1.50.25 from the DHCP assignment. What command should you use?
ip dhcp excluded-address 10.1.50.1 10.1.50.25
What command is used to enable the DNS server on a Cisco device?
ip dns server
You have been tasked with configuring a centralized DHCP server solution. Which command needs to be entered on the Cisco device to configure a DHCP relay agent?
ip helper-address ip-address
Which command can you use to see the effect of dynamic arp inspection on your switch?
show ip arp inspection statistics
