Switch security configuration chapter 11

Ace your homework & exams now with Quizwiz!

What is a recommended best practice when dealing with the native VLAN?

Assign it to an unused vlan

Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.)

Port security dhcp snooping

Which two commands can be used to enable PortFast on a switch? (Choose two.)

S1(config-if)#spanning-tree portfast S1(config-if)#spanning-tree portfast default

On what switch ports should PortFast be enabled to enhance STP stability?

all end-user ports

What is the best way to prevent a VLAN hopping attack?

disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports

Which procedure is recommended to mitigate the chances of ARP spoofing?

enable dhcp snooping on slected vlans

A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?

ip arp inection trust

A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first?

ip dhcp snooping

An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation?

issue the shutdown command followed by the no shutdown command on the interface

Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?

port securtity

Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?

ram

Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?

shutdown

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command?

to check the destination mac address in the ethernet header against the target mac addess in the arp body

What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.)

untrusted port trusted dhcp port

What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?

vlan hopping

See all study sets

Switch security configuration chapter 11

Related study sets

ch 52

Unit 5 - PowerPoint Review

HRM 6605 Chapter 3 Title VII of the Civil Rights Act of 1964

biology ch 3

Stats

Humanities ch.1-2

Health Unit 2

Chapter 22 Benefits of Using Assessment Data to Drive Instruction

psych week 7

Operations Management Exam 1

Ch 10 Analgesic Drugs questions

Midterm Exam

Vet Med Term Final

SIT final

gre

Question 68

Chapter 14

Measuring GDP and Economic Growth

SHRM Pre-Test

Security+