Network Auth and Security Chapter 14
What additional security measure must be enabled along with IP Source Guard to protect against address spoofing? port security BPDU Guard DHCP snooping root guard
DHCP snooping
What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease? DHCP starvation DHCP spoofing CAM table attack IP address spoofing
DHCP starvation
What action can a network administrator take to help mitigate the threat of VLAN hopping attacks? Configure all switch ports to be members of VLAN 1. Enable PortFast on all switch ports. Disable automatic trunking negotiation. Disable VTP.
Disable automatic trunking negotiation.
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow? Disable STP. Enable port security. Disable DTP. Place unused ports in an unused VLAN.
Enable port security.
A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command? It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs. It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body. It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body. It checks the source MAC address in the Ethernet header against the MAC address table.
It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.
Which statement describes the behavior of a switch when the MAC address table is full? -It treats frames as unknown unicast and floods all incoming frames to all ports on the switch. -It treats frames as unknown unicast and floods all incoming frames to all ports within the collision domain. -It treats frames as unknown unicast and floods all incoming frames to all ports across multiple switches. -It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.
It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.
When security is a concern, which OSI Layer is considered to be the weakest link in a network system? Layer 3 Layer 7 Layer 2 Layer 4
Layer 2
A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation? VLAN hopping MAC address table overflow DHCP spoofing VLAN double-tagging
MAC address table overflow
Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.) Port Security DHCP Snooping Web Security Appliance Dynamic ARP Inspection IP Source Guard
Port Security DHCP Snooping
What is the only type of port that an isolated port can forward traffic to on a private VLAN? another isolated port any access port in the same PVLAN a community port a promiscuous port
a promiscuous port
What is the only type of traffic that is forwarded by a PVLAN protected port to other protected ports? broadcast control user management
control
If two switches are configured with the same priority and the same extended system ID, what determines which switch becomes the root bridge? the lowest IP address the MAC address with the highest hexadecimal value the highest BID the Layer 2 address with the lowest hexadecimal value
the Layer 2 address with the lowest hexadecimal value
What determines which switch becomes the STP root bridge for a given VLAN? the highest priority the lowest bridge ID the highest MAC address the lowest IP address
the lowest bridge ID