mod 11

Ace your homework & exams now with Quizwiz!

refer to the exhibit. pc1 and pc2 should be able to obtain ip address assignments from the dhcp server. how many ports among switches should be assigned as trusted ports as part of the dhcp snooping configuration?

7

what are three techniques for mitigating vlan attacks?

disable dtp enable trunking manually set the native vlan to an unused vlan

a network administrator enters the following commands on the switch sw1. sw1(config)#interface range fa0/5-10 sw1(config-if)#ip dhcp snooping limit rate 6 what is the effect after these commands are entered?

fastethernet ports 5 through 10 can receive up to 6 dhcp discovery messages per second.

refer to the exhibit. port security has been configured on the fa0/12 interface of switch s1. what action will occur when pc1 is attached to switch s1 with the applied configuration?

frames from pc1 will cause the interface to shut down immediately, and a log entry will be made

a network administrator is configuring dai on a switch with the command ip arp inspection validate src-mac. what is the purpose of this configuration command?

it checks the source mac address in the ethernet header against the sender mac address in the arp body

What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?

preventing rogue switches from being added to the network

a network administrator is configuring port security on a cisco switch. the company security policy specifies that when a violation occurs, packets with unknown source addresses should be dropped and no notification should be sent. which violation mode should be configured on the interfaces?

protect

an it security specialist enables port security on a switch port of a cisco switch. what is the default violation mode in use until the switch port is configured to use a different violation mode?

shutdown

which two commands can be used to enable BPDU guard on a switch?

spanning-tree bpduguard enable spanning-tree portfast bpduguard default

As part of the new security policy, all switches on the network are configured to automatically learn MAC addresses for each port. All running configurations are saved at the start and close of every business day. A severe thunderstorm causes an extended power outage several hours after the close of business. When the switches are brought back online, the dynamically learned MAC addresses are retained. Which port security configuration enabled this?

sticky secure mac addresses

refer to the exhibit. port fa0/2 has already been configured appropriately. the ip phone and PC work properly. Which switch configuration would be most appropriate for port fa0/2 if the network administrator has the following goals?

switchport port-security switchport port-security maximum 2 switchport port-security mac-address sticky

refer to the exhibit. the fa0/2 interface on switch s1 has been configured with the switchport port-security mac-address 0023.189d.6465 command and a workstation has been connected what could be the reason that the fa0/2 interface is shutdown?

the mac address of pc1 that connects to the fa0/2 interface is not the configured mac address

refer to the exhibit. what can be determined about port security from the information that is shown?

the port violation mode is the default for any port that has port security enabled

Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?

vlan double-tagging


Related study sets

Configuring Windows Server 2019 for MindTap/Cengage

View Set

Industrialization, Immigration, Roaring 20's, Great Depression

View Set

Introduction to Hypothesis Testing quiz

View Set