CCNA 2: Part 2 - Switching, Routing, and Wireless Essentials

Ace your homework & exams now with Quizwiz!

If three 802.11b access points need to be deployed in close proximity, which three frequency channels should be used? (Choose three.) - 1 - 8 - 3 - 5 - 6 - 11

- 1 - 6 - 11

How many channels are available for the 2.4 GHz band in Europe? - 11 - 13 - 14 - 24

- 13

What UDP ports and IP protocols are used by CAPWAP for IPv6? (Choose three.) - 17 - 136 - 5246 - 5247 - 802.11

- 136 - 5246 - 5247

What UDP ports and IP protocols are used by CAPWAP for IPv4? (Choose three.) - 17 - 136 - 5246 - 5247 - 802.11

- 17 - 5246 - 5247

How many channels are available for the 5 GHz band? - 11 - 13 - 14 - 24

- 24

How many address fields are in the 802.11 wireless frame? - 2 - 3 - 4 - 5

- 4

True or False: Laptops that do not have an integrated wireless NIC can only be attached to the network through a wired connection. - True - False

- False

Which of the following authentication methods does not use a password shared between the wireless client and the AP? - WEP - WPA - WPA2 - WPA3 - Open

- Open

Which method of wireless authentication is currently considered to be the strongest? - WEP - Open - WPA - WPA2 - Shared key

- WPA2

Which device monitors SMTP traffic to block threats and encrypt outgoing messages to prevent data loss? - NGFW - ESA - NAC - WSA

ESA

True or False: A rogue AP is a misconfigured AP connected to the network and a possible source of DoS attacks. True False

False

A threat actor sends a BPDU message with priority 0. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping

STP Attack

Which protocol and port numbers are used by both IPv4 and IPv6 CAPWAP tunnels? (Choose two.) - 5246 and 5247 - UDP - ICMP - 17 and 163 - TCP

- 5246 and 5247 - UDP

Which 802.11 standards exclusively use the 5 GHz radio frequency? (Choose 2) - 802.11a - 802.11g - 802.11n - 802.11ac - 802.11ax

- 802.11a - 802.11ac

Which IEEE standard operates at wireless frequencies in both the 5 GHz and 2.4 GHz ranges? - 802.11g - 801.11b - 802.11n - 802.11a

- 802.11n

What is involved in an IP address spoofing attack? - A legitimate network IP address is hijacked by a rouge node - Bogus DHCPDISCOVER Messages are sent to consume all the available IP address on a DHCP clients - A rouge DHCP server provides false IP configuration parameters to legitimate DHCP clients

- A legitimate network IP address is hijacked by a rouge node

Which of the following encryption methods uses CCMP to recognize if the encrypted and non-encrypted bits have been altered? - RC4 - TKIP - AES

- AES

Which of the following components are integrated in a wireless home router? (Choose three.) - Access point - Switch - Router - Range extender

- Access point - Switch - Router

Which two roles are typically performed by a wireless router that is used in a home or small business? (Choose two.) - Access point - WLAN controller - RADIUS authentication server - Ethernet switch - Repeater

- Access point - Ethernet switch

What three services are provided by the AAA framework? (Choose three.) - Accounting - Automation - Autoconfiguration - Autobalancing - Authorization - Authentication

- Accounting - Authorization - Authentication

What is the term for an AP that does not send a beacon, but waits for clients to send probes? - Active - Infrastructure - Ad hoc - Passive

- Active

Which wireless network topology is being configured by a technician who is installing a keyboard, a mouse, and headphones, each of which uses Bluetooth? - Infrastructure mode - Ad Hoc mode - Mixed mode - Hotspot

- Ad Hoc mode

Which wireless topology mode is used by two devices to connect in a peer-to-peer network? - Ad hoc - Infrastructure - Tethering

- Ad hoc

On what switch ports should PortFast be enabled to enhance STP stability? - All trunk ports that are not root ports - All end-users ports - Only ports that are elected as designated ports - Only ports that attach to a neighboring switch

- All end-users ports

What is a recommended best practice when dealing with the native VLAN? - Assign the same VLAN number as the management VLAN - Assign it to an unused VLAN - Use port security - Turn off DTP

- Assign it to an unused VLAN

What are the best ways to secure WLANs? (Choose two.) - Authentication - SSID cloaking - Encryption - MAC addresss filtering

- Authentication - Encryption

In the split MAC architecture for CAPWAP, which of the following are the responsibility of the WLC? (Choose four.) - Authentication - Packet acknowledgments and retransmissions - Beacons and probe responses - Association and re-association of roaming clients - MAC layer data encryption and decryption - Termination of 802.11 traffic on a wired interface - Frame translation to other protocols - Frame queuing and packet prioritization

- Authentication - Association and re-association of roaming clients - Termination of 802.11 traffic on a wired interface - Frame translation to other protocols

Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? - Authentication - Accessibility - Authorization - Accounting - Auditing

- Authorization

Which of the following is a standalone device, like a home router, where the entire WLAN configuration resides on the device? - Range extender - Autonomous AP - Controller-based AP - USB Wireless NIC

- Autonomous AP

Which of the following is an IEEE 802.15 WPAN standard that uses a device-pairing process to communicate? - Cellular - WiMAX - Wi-Fi - Bluetooth

- Bluetooth

Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? - CDP - HTTP - FTP - LLDP

- CDP

In the context of mobile devices, what does the term tethering involve? - Connecting a mobile device to a USB port on computer in order to charge the mobile device - Connecting a mobile device to a hands free device - Connecting a mobile device to another mobile device or computer to share a network connection - Connecting a mobile device to a 4G cellular network

- Connecting a mobile device to another mobile device or computer to share a network connection

Which Layer 2 attack will result in legitimate users not getting valid IP addresses? - IP Address Spoofing - ARP Spoofing - DHCP Starvation - MAC Address Flooding

- DHCP Starvation

Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.) - DHCP snooping - Strong password on DHCP servers - Port Security - DHCP server failover - Extended ACL

- DHCP snooping - Port Security

Which of the following modulation techniques spreads a signal over a larger frequency band? - DSSS - FHSS - OFDM -OFDMA

- DSSS

What is the best way to prevent a VLAN hopping attack? - Use VLAN 1 as the native VLAN on trunk ports - Disable STP on all nontrunk ports - Use ISL encapsulation on all trunk links - Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports

- Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports

Which type of wireless topology is created when two or more Basic Service Sets are interconnected by Ethernet? - ESS - IBISS - Ad hoc WLAN - BSS - WiFi Direct

- ESS

Which procedure is recommended to mitigate the chances of ARP spoofing? - Enable port security globally - Enable DAI on the management VLAN - Enable IP Source Guard on trusted ports - Enable DHCP snooping on selected VLANs

- Enable DHCP snooping on selected VLANs

What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow? - Disable STP - Disable DTP - Place unused ports in a an unused VLAN - Enable port security

- Enable port security

Which of the following modulation techniques rapidly switches a signal among frequency channels? - DSSS - FHSS - OFDM -OFDMA

- FHSS

True or False: DTLS is enabled by default on the control and data CAPWAP tunnels. - True - False

- False

True or False: When you need to expand the coverage of a small network, the best solution is to use a range extender. - True - False

- False

Which Cisco solution helps prevent MAC and IP address spoofing attacks? - IP Source Guard - DHCP Snooping - Dynamic ARP Inspection - Port Security

- IP Source Guard

What IP versions does CAPWAP support? - IPv4 only - IPv6 only - IPv4 by default, but can configure IPv6 - IPv6 by default, but can configure IPv4

- IPv4 by default, but cam configure IPv6

Which standards organization is responsible for allocating radio frequencies? - IEEE - ITU-R - Wi-Fi Alliance

- ITU-R

Which of the following statements are true about modes of operation for a FlexConnect AP? (Choose two.) - In connect mode, the WLC is unreachable and the AP switches local traffic and performs client authentication locally - In standalone mode, the WLC is unreachable and the AP switches local traffic and performs client authentication locally - In connect mode, the WLC is reachable and performs all it CAPWAP functions - In standalone mode, the WLC is reachable and performs all its CAPWAP functions

- In standalone mode, the WLC is unreachable and the AP switches local traffic and performs client authentication locally - In connect mode, the WLC is reachable and performs all it CAPWAP functions

An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation? - issue the "no switchport-security" command, the re-enable port security - Issue the "no switchport-security violation shutdown" command on the interface - Issue the "shutdown" command followed by the "no shutdown" command on the interface - Reboot the switch

- Issue the "shutdown" command followed by the "no shutdown" command on the interface

Which statement describes an autonomous access point? - It is server-dependent - It is used for networks that require a large number of access points - it is managed by a WLAN controller - It is a standalone access point

- It is a standalone access point

Why is authentication with AAA preferred over a local database method? - It provides a fallback authentication method if the administrator forgets the username or password - It requires a login and password combination on the console, vty lines, and aux ports. - It uses less network bandwidth. - It specifies a different password for each line or port

- It provides a fallback authentication method if the administrator forgets the username or password

When security is a concern, which OSI Layer is considered to be the weakest link in a network system?​ - Layer 7 - Layer 3 - Layer 2 - Layer 4

- Layer 2

Which Layer 2 attack will result in a switch flooding incoming frames to all ports? - ARP poising - IP Address Spoofing - MAC Address Overflow - Spanning Tree Protocol Manipulation

- MAC Address Overflow

Which feature of 802.11n wireless access points allows them to transmit data at faster speeds than previous versions of 802.11 Wi-Fi standards did? - WPS - SPS - MITM - MIMO

- MIMO

What type of attack is an "evil twin AP" attack? - DoS - MITM - Wireless intruder - Radio interference

- MITM

Which characteristic describes a wireless client operating in active mode? - Broadcast probes that request the SSID - Must be configured for security before attaching to an AP - Must know the SSID to connect to an AP - Ability to dynamically change channels

- Must know the SSID to connect to an AP

Which three Cisco products focus on endpoint security solutions? (Choose three.) - NAC Appliance - SSL/IPsec VPN Appliance - Adaptive Security Appliance - Web Security Appliance - IPS Sensor Appliance - Email Security Appliance

- NAC Appliance - Web Security Appliance - Email Security Appliance

Which of the following antennas provide 360 degrees of coverage? - Wireless NIC - Directional - Omnidirectional - MiMO

- Omnidirectional

In the split MAC architecture for CAPWAP, which of the following are the responsibility of the AP? (Choose four.) - Authentication - Packet acknowledgments and retransmissions - Beacons and probe responses - Association and re-association of roaming clients - MAC layer data encryption and decryption - Termination of 802.11 traffic on a wired interface - Frame translation to other protocols - Frame queuing and packet prioritization

- Packet acknowledgments and retransmissions - Beacons and probe responses - MAC layer data encryption and decryption - Frame queuing and packet prioritization

What is the term for an AP that openly advertises its service periodically? - Active - Infrastructure - Ad hoc - Passive

- Passive

In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server? - 802.1x - TACACS - SSH - RADIUS

- RADIUS

What two protocols are supported on Cisco devices for AAA communications? (Choose two.) - LLDP - RADIUS - HSRP - VTP - TACACS+

- RADIUS - TACACS+

Which encryption method is used by the original 802.11 specification? - AES - TKIP - AES or TKIP - RC4

- RC4

Which of the following is most likely NOT the source of a wireless DoS attack? - Radio Interference - Improperly configured devices - Rouge AP - Malicious User

- Rouge AP

Which two commands can be used to enable PortFast on a switch? (Choose two.) - S1(config)# spanning-tree portfast default - S1(config-if)# spanning-tree portfast - S1(config-if)# enable spanning-tree portfast - S1(config-line)# spanning-tree portfast - S1(config)# enable spanning-tree portfast default

- S1(config)# spanning-tree portfast default - S1(config-if)# spanning-tree portfast

Which parameter is commonly used to identify a wireless network name when a home wireless AP is being configured? - SSID - ESS - Ad hoc - BESS

- SSID

Which type of telecommunication technology is used to provide Internet access to vessels at sea? - Municipal WiFi - WiMax - Cellular - Satellite

- Satellite

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command? - To check the destination MAC address in the Ethernet header against the target MAC address in the ARP body - To check the destination MAC address in the Ethernet header against the source MAC address in the ARP body - To check the destination MAC address in the Ethernet header against the user-configured ARP ACLs - To check the destination MAC address in the Ethernet header against the MAC addresss table

- To check the destination MAC address in the Ethernet header against the target MAC address in the ARP body

What is the purpose of AAA accounting? - To collect and report application usage - To determine which operations the user can perform - To determine which resources the user can access - To prove users are who they say they are

- To collect and report application usage

True or False: An ESS is created when two or more BSSs need to be joined to support roaming clients. - True - False

- True

What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol? - VLAN hopping - ARP spoofing - DHCP spoofing - ARP poisoning

- VLAN hopping

Which of the following mitigation techniques are used to protect Layer 3 through Layer 7 of the OSI Model? (Choose three.) - DHCP Snooping - VPN - Firewalls - IPSG - IPS Devices

- VPN - Firewalls - IPS Devices

Which devices are specifically designed for network security? (Choose three) - VPN-enabled Router - NGFW - Switch - WLC - NAC

- VPN-enabled Router - NGFW - NAC

Which of the following authentication methods has the user enter a pre-shared password? (Choose two) - Open - WPA Personal - WPA Enterprise - WPA2 Personal - WPA2 Enterprise

- WPA Personal - WPA2 Personal

A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router? - spanning-tree portfast - ip arp inspection trust - ip arp inspection vlan - ip dhcp snooping

- ip arp inspection trust

A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first? - ip dhcp snooping - ip dhcp snooping vlan - ip dhcp snooping limit rate - ip dhcp snooping trust

- ip dhcp snooping

Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch? - BPDU filter - storm control - port security - root guard

- port security

Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco? - switchport port-security mac-address sticky (mac-addresss) - ip dhcp snooping - shutdown - switchport port-security violation shutdown - switchport port-security mac-address sticky

- shutdown

What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.) - unknown port - trusted DHCP port - established DHCP port - unauthorized port - authorized port - untrusted port

- trusted DHCP port - untrusted port

Which of the following modulation techniques is used in the new 802.11ax standard? - DSSS - FHSS - OFDM -OFDMA

-OFDMA

Which of the following wireless networks are specified in the IEEE 802.11 standards for the 2.4 GHz and 5 GHz radio frequencies? - WPAN - WLAN - WMAN - WWAN

-WLAN

A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor's device is the default gateway. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping

ARP Spoofing

Which AAA component is responsible for collecting and reporting usage data for auditing and billing purposes? - Authentication - Authorization - Accounting

Accounting

A threat actor changes the MAC address of the threat actor's device to the MAC address of the default gateway. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping

Address Spoofing

Which AAA component is responsible for controlling who is permitted to access the network? - Authentication - Authorization - Accounting

Authentication

In an 802.1X implementation, which device is responsible for relaying responses? - Supplicant - Authenticator - Router - Authentication Server - Client

Authenticator

Which AAA component is responsible for determining what the user can access? - Authentication - Authorization - Accounting

Authorization

A threat actor discovers the IOS version and IP addresses of the local switch. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping

CDP Reconnaissance

Which of the following mitigation techniques prevents ARP spoofing and ARP poisoning attacks? - IPSG - DHCP Snooping - DAI - Port Security

DAI

Which of the following mitigation techniques prevents DHCP starvation and DHCP spoofing attacks? - IPSG - DHCP Snooping - DAI - Port Security

DHCP Snooping

A threat actor leases all the available IP addresses on a subnet. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping

DHCP Starvation

Which of the following mitigation techniques prevents MAC and IP address spoofing? - IPSG - DHCP Snooping - DAI - Port Security

IPSG

What mitigation technique must be implemented to prevent MAC address overflow attacks? - IPSG - DAI - Port Security - DCHP Snooping

Port Security

Which of the following mitigation techniques prevents many types of attacks including MAC address table overflow and DHCP starvation attacks? - IPSG - DHCP Snooping - DAI - Port Security

Port Security

Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command? - flash - NVRAM - ROM - RAM

RAM

Which attack encrypts the data on hosts in an attempt to extract a monetary payment from the victim? - DDoS - Data Breach - Malware - Ransomware

Ransomware

What would be the primary reason a threat actor would launch a MAC address overflow attack? - So that the threat actor can see frames that are destined for other devices - So that the threat actor can execute arbitrary code on the switch - So that the switch stops forwarding traffic - So that legitimate hose cannot obtain a MAC address.

So that the threat actor can see frames that are destined for other devices

What is the behavior of a switch as a result of a successful MAC address table attack? - The switch will shutdown - The switch interfaces will transition to the error-disabled state - The switch will forward all received frames to all other ports within the VLAN. - The switch will drop all received frames

The switch will forward all received frames to all other ports within the VLAN.

True or False? In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.

True

A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch. What type of attack is this? - Address Spoofing - ARP Spoofing - CDP Reconnaissance - DHCP Starvation - STP Attack - VLAN Hopping

VLAN Hopping

Which of the following wireless networks typically uses lower powered transmitters for short ranges? - WPAN - WLAN - WMAN - WWAN

WPAN

Which device monitors HTTP traffic to block access to risky sites and encrypt outgoing messages? - NGFW - ESA - NAC - WSA

WSA


Related study sets

Chapter 40, Chapter 38, Chapter 37 Final

View Set

Exam 1 Sherpath lesson questions

View Set

Life Basics, Policies, Provisions, Annuities, Qualified Plans, Taxation, General Insurance (L&H)

View Set