Module 11: Switch Security Configuration

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

On what switch ports should PortFast be enabled to enhance STP stability? All end-user ports Only ports that attach to a neighboring switch All trunk ports that are not root ports Only ports that are elected as designated ports

All end-user ports

What is a recommended best practice when dealing with the native VLAN? Turn off DTP. Use port security. Assign it to an unused VLAN. Assign the same VLAN number as the management VLAN.

Assign it to an unused VLAN.

What is the best way to prevent a VLAN hopping attack? Disable STP on all nontrunk ports. Use ISL encapsulation on all trunk links. Use VLAN 1 as the native VLAN on trunk ports. Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.

Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.

Which procedure is recommended to mitigate the chances of ARP spoofing? Enable port security globally. Enable DHCP snooping on selected VLANs. Enable DAI on the management VLAN. Enable IP Source Guard on trusted ports.

Enable DHCP snooping on selected VLANs.

An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation? Reboot the switch. Issue the shutdown command followed by the no shutdown command on the interface. Issue the no switchport port-security command, then re-enable port security. Issue the no switchport port-security violation shutdown command on the interface.

Issue the shutdown command followed by the no shutdown command on the interface.

Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch? BPDU filter Port security Storm control Root guard

Port security

Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.) Port security Extended ACL DHCP snooping DHCP server failover Strong password on DHCP servers

Port security DHCP snooping

Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command? ROM RAM NVRAM Flash

RAM

Which two commands can be used to enable PortFast on a switch? (Choose two.) S1(config-if)# spanning-tree portfast S1(config-line)# spanning-tree portfast S1(config)# spanning-tree portfast default S1(config-if)# enable spanning-tree portfast S1(config)# enable spanning-tree portfast default

S1(config-if)# spanning-tree portfast S1(config)# spanning-tree portfast default

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command? To check the destination MAC address in the Ethernet header against the MAC address table To check the destination MAC address in the Ethernet header against the user-configured ARP ACLs To check the destination MAC address in the Ethernet header against the target MAC address in the ARP body To check the destination MAC address in the Ethernet header against the source MAC address in the ARP body

To check the destination MAC address in the Ethernet header against the target MAC address in the ARP body

What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.) Unknown port Untrusted port Unauthorized port Trusted DHCP port Authorized DHCP port Established DHCP port

Untrusted port Trusted DHCP port

What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol? VLAN hopping DHCP spoofing ARP poisoning ARP spoofing

VLAN hopping

A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router? ip arp inspection vlan ip arp inspection trust ip dhcp snooping spanning-tree portfast

ip arp inspection trust

A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first? ip dhcp snooping ip dhcp snooping vlan ip dhcp snooping trust ip dhcp snooping limit rate

ip dhcp snooping

Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco? shutdown ip dhcp snooping switchport port-security mac-address sticky switchport port-security violation shutdown switchport port-security mac-address sticky mac-address

Module 11: Switch Security Configuration

Set pelajaran terkait

Final Marketing Exam

Marketing Chapter 2 MC

ch-48

Chapter 5

M3

PSYCH 440- Exam 2

Global Development Final Exam

Test 1- Advanced 1-3

Chapter 8 Accounting

IGGY Ch.7 Elsevier - End-of-Life Care

Exam 1 PSYC 230

Bone Development, Bone Homeostasis: Remodeling and Repair, Fractures

Algebra 1 B, Unit 3, Assignment: Transformations

BA 1301 Chapter 7 SB

Softchalk

Chess Notation - Terms and Symbols

IM4 Pharmacology Assessment

Chapter 16, Chapter 17, Chapter 19, Chapter 18

Eicosanoids and Melatonin

Advanced Patho Fall Final