L2 Security and WLANs
records what users do and what they access
accounting
proves that users are who they say they are
authentication
Which access control component, implementation, or protocol is based on device roles of supplicant, authenticator, and authentication server?
802.1X
On a Cisco 3504 WLC dashboard, which option provides access to the full menu of features?
Advanced
A network administrator enters the following commands on the switch SW1. SW1(config)# interface range fa0/5 - 10 SW1(config-if)# ip dhcp snooping limit rate 6 What is the effect after these commands are entered?
FastEthernet ports 5 through 10 can receive up to 6 DHCP discovery messages per second.
A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of the configuration command?
It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
A net work administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The configuration requires a shared secret password. What is the purpose for the shared secret password?
It is used to encrypt the messages between the WLC and the RADIUS server
A technician is troubleshooting a slow WLAN that consists of 802.11b and 802.11g devices. A new 802.11n/ac dual-brand router has been deployed on the network to replace the old 802.11g router. What can the technician do to address the slow wireless speed?
Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band.
determines what resources users can access or the operations they are allowed to perform
authorization
Which authentication method stores usernames and passwords in the router and is ideal for small networks?
local AAA
Which feature of configuration on a switch makes it vulnerable to VLAN double-tagging attacks?
the native VLAN of the trunking port being the same as a user VLAN
A technician is configuring the channel on a wireless router to either 1, 6, or 11. What is the purpose of adjusting the channel?
to avoid interference from nearby wireless devices
What is the function provided by CAPWAP protocol in a corporate wireless network?
CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access point and a wireless LAN controller.
Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.)
DHCP Snooping & Port Security
What are three techniques for mitigating VLAN attacks? (Choose three)
Disable DTP, Enable trunking manually, & Set the native VLAN to an unused VLAN.
Which statement describes the behavior of a switch when the MAC address table is full?
It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.
A network administrator is working to improve WLAN performance on a dual-band wireless router. What is a simple way to achieve a split-the-traffic result?
Make sure that different SSIDs are used for the 2.4 GHz and 5 GHz bands.
Which service can be used on a wireless router to prioritize network traffic among different types of applications so that voice and video data are prioritized over email and web data?
QoS
A network administrator of a college is configuring the WLAN user authentication process. Wireless users are required to enter username and password credentials that will be verified by a server. Which server would provide such service?
RADIUS
Which protocol can be used to monitor the network?
SNMP
Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?
VLAN double-tagging
Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?
accounting
What are the two methods that are used by a wireless NIC to discover an AP? (Choose two.)
receiving a broadcast beacon frame & transmitting a probe request
As part of the new security policy, all switches on the network are configured to automatically learn MAC addresses for each port. All running configurations are saved at the start and close of every business day. A severe thunderstorm causes an extended power outage several hours after the close of business. When the switches are brought back online, the dynamically learned MAC addresses are retained. Which port security configuration enabled this?
sticky secure MAC addresses
A network administrator deploys a wireless router in a small law firm. Employee laptops join the WLAN and receive IP addresses in the 10.0.10.0/24 network. Which service is used on the wireless router to allow the employee laptops to access the internet?
NAT
The company hand book states that employees cannot have microwave ovens in their offices. Instead, all employees must use the microwave ovens located in the employee cafeteria. What wireless security risk is the company trying to avoid?
accidental interference
Which type of management frame may regularly be broadcast by an AP?
beacon
What is an advantage of SSID cloaking?
Clients will have to manually identify the SSID to connect to the network.
What are two protocols that are used by AAA to authenticate users against a central database of usernames and password? (Choose two.)
TACACS+ & RADIUS
While attending a conference, participants are using laptops for network connectivity. When a guest speaker attempts to connect to the network, the laptop fails to display any available wireless networks. The access point must be operating in which mode?
active
An IT security specialist enables port security on a switch port of a Cisco switch. What is the default violation mode in use until the switch port is configured to use a different violation mode?
shutdown
Which type of wireless network uses low powered transmitters for a short-range network, usually 20 to 30 ft. (6 to 9 meters)?
wireless personal-area network
