10-13 Flashcards

Question 1

Q

Which authentication method stores usernames and passwords in the router and is ideal for small networks?

Answer

A

local AAA

Question 2

Q

What are two protocols that are used by AAA to authenticate users against a central database of usernames and password? (Choose two.)

Answer

A

TACACS+
RADIUS

Question 3

Q

What is the result of a DHCP starvation attack?

Answer

A

Legitimate clients are unable to lease IP addresses.

Question 4

Q

What represents a best practice concerning discovery protocols such as CDP and LLDP on network devices?

Answer

A

Disable both protocols on all interfaces where they are not required.

Question 5

Q

Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices?

Question 6

Q

Which statement describes the behavior of a switch when the MAC address table is full?

Answer

A

It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.

Question 7

Q

Which feature on a switch makes it vulnerable to VLAN hopping attacks?

Answer

A

the automatic trunking port feature enabled for all ports by default

Question 8

Q

Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks?

Answer

A

the native VLAN of the trunking port being the same as a user VLAN

Question 9

Q

Which component of AAA is used to determine which resources a user can access and which operations the user is allowed to perform?

Answer

A

authorization

Question 10

Q

Which component of AAA allows an administrator to track individuals who access network resources and any changes that are made to those resources?

Answer

A

accounting

Question 11

Q

What device is considered a supplicant during the 802.1X authentication process?

Answer

A

the client that is requesting authentication

Question 12

Q

Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown?

Answer

A

The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.

Question 13

Q

Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator has the following goals?
No one is allowed to disconnect the IP phone or the PC and connect some other wired device.
If a different device is connected, port Fa0/2 is shut down.
The switch should automatically detect the MAC address of the IP phone and the PC and add those addresses to the running configuration.

Answer

A

SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky

Question 14

Q

Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action will occur when PC1 is attached to switch S1 with the applied configuration?

Answer

A

Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made.

Question 15

Q

A network administrator is configuring port security on a Cisco switch. The company security policy specifies that when a violation occurs, packets with unknown source addresses should be dropped and no notification should be sent. Which violation mode should be configured on the interfaces?

Question 16

Q

What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?

Answer

A

preventing rogue switches from being added to the network

Question 17

Q

Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?

Answer

A

VLAN double-tagging

Question 18

Q

Refer to the exhibit. PC1 and PC2 should be able to obtain IP address assignments from the DHCP server. How many ports among switches should be assigned as trusted ports as part of the DHCP snooping configuration?

Question 19

Q

An IT security specialist enables port security on a switch port of a Cisco switch. What is the default violation mode in use until the switch port is configured to use a different violation mode?

Question 20

Q

A network administrator enters the following commands on the switch SW1.
SW1(config)# interface range fa0/5 – 10
SW1(config-if)# ip dhcp snooping limit rate 6
What is the effect after these commands are entered?

Answer

A

FastEthernet ports 5 through 10 can receive up to 6 DHCP discovery messages per second.

Question 21

Q

A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac . What is the purpose of this configuration command?

Answer

A

It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body.

Question 22

Q

Which two commands can be used to enable BPDU guard on a switch? (Choose two.)

Answer

A

S1(config-if)# spanning-tree bpduguard enable
S1(config)# spanning-tree portfast bpduguard default

Question 23

Q

As part of the new security policy, all switches on the network are configured to automatically learn MAC addresses for each port. All running configurations are saved at the start and close of every business day. A severe thunderstorm causes an extended power outage several hours after the close of business. When the switches are brought back online, the dynamically learned MAC addresses are retained. Which port security configuration enabled this?

Answer

A

sticky secure MAC addresses

Question 24

Q

Which type of management frame may regularly be broadcast by an AP?

Question 25

Q

What type of wireless antenna is best suited for providing coverage in large open spaces, such as hallways or large conference rooms?

Answer

A

omnidirectional

Question 26

Q

What is an advantage of SSID cloaking?

Answer

A

Clients will have to manually identify the SSID to connect to the network.

Question 27

Q

What are the two methods that are used by a wireless NIC to discover an AP? (Choose two.)

Answer

A

transmitting a probe request
receiving a broadcast beacon frame

Question 28

Q

Which wireless network topology would be used by network engineers to provide a wireless network for an entire college building?

Answer

A

infrastructure

Question 29

Q

What is a wireless security mode that requires a RADIUS server to authenticate wireless users?

Answer

A

enterprise

Question 30

Q

What two IEEE 802.11 wireless standards operate only in the 5 GHz range? (Choose two.)

Answer

A

802.11a ac

Question 31

Q

A technician is configuring the channel on a wireless router to either 1, 6, or 11. What is the purpose of adjusting the channel?

Answer

A

to avoid interference from nearby wireless devices

Question 32

Q

While attending a conference, participants are using laptops for network connectivity. When a guest speaker attempts to connect to the network, the laptop fails to display any available wireless networks. The access point must be operating in which mode?

Question 33

Q

A network administrator is required to upgrade wireless access to end users in a building. To provide data rates up to 1.3 Gb/s and still be backward compatible with older devices, which wireless standard should be implemented?

Question 34

Q

A company has recently implemented an 802.11n wireless network. Some users are complaining that the wireless network is too slow. Which solution is the best method to enhance the performance of the wireless network?

Answer

A

Split the traffic between the 2.4 GHz and 5 GHz frequency bands.

Question 35

Q

A technician is about to install and configure a wireless network at a small branch office. What is the first security measure the technician should apply immediately upon powering up the wireless router?

Answer

A

Change the default user-name and password of the wireless router.

Question 36

Q

On a Cisco 3504 WLC dashboard, which option provides access to the full menu of features?

Question 37

Q

On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to access and configure a WLAN for a specific security option such as WPA2?

Question 38

Q

Which protocol can be used to monitor the network?

Question 39

Q

A network administrator deploys a wireless router in a small law firm. Employee laptops join the WLAN and receive IP addresses in the 10.0.10.0/24 network. Which service is used on the wireless router to allow the employee laptops to access the internet?

Question 40

Q

Which service can be used on a wireless router to prioritize network traffic among different types of applications so that voice and video data are prioritized over email and web data?

Question 41

Q

Which step is required before creating a new WLAN on a Cisco 3500 series WLC?

Answer

A

Create a new VLAN interface.

Question 42

Q

A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?

Answer

A

The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.

Question 43

Q

A network administrator is working to improve WLAN performance on a dual-band wireless router. What is a simple way to achieve a split-the-traffic result?

Answer

A

Make sure that different SSIDs are used for the 2.4 GHz and 5 GHz bands.

Question 44

Q

A network administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The configuration requires a shared secret password. What is the purpose for the shared secret password?

Answer

A

It is used to encrypt the messages between the WLC and the RADIUS server.

Question 45

Q

A laptop cannot connect to a wireless access point. Which two troubleshooting steps should be taken first? (Choose two.)

Answer

A

Ensure that the wireless NIC is enabled.
Ensure that the wireless SSID is chosen.

Question 46

Q

Which three parameters would need to be changed if best practices are being implemented for a home wireless AP? (Choose three.)

Answer

A

SSID
AP password
wireless network password

Question 47

Q

Which access control component, implementation, or protocol controls what users can do on the network?

Answer

A

authorization

Question 48

Q

Which access control component, implementation, or protocol is implemented either locally or as a server-based solution?

Answer

A

authentication

Question 49

Q

Which access control component, implementation, or protocol audits what users actions are performed on the network?

Answer

A

accounting

Question 50

Q

Which access control component, implementation, or protocol restricts LAN access through publicly accessible switch ports?

Question 51

Q

Which access control component, implementation, or protocol logs EXEC and configuration commands configured by a user?

Answer

A

accounting

Question 52

Q

Which access control component, implementation, or protocol controls who is permitted to access a network?

Answer

A

authentication

Question 53

Q

Which access control component, implementation, or protocol collects and reports usage data?

Answer

A

accounting

Question 54

Q

Which access control component, implementation, or protocol indicates success or failure of a client-requested service with a PASS or FAIL message?

Answer

A

authorization

Question 55

Q

Which access control component, implementation, or protocol is based on device roles of supplicant, authenticator, and authentication server?

Question 56

Q

Which access control component, implementation, or protocol is based upon usernames and passwords?

Answer

A

authentication

Question 57

Q

Which type of wireless network uses transmitters to provide coverage over an extensive geographic area?

Answer

A

wireless wide-area network

Question 58

Q

Which type of wireless network commonly uses Bluetooth or ZigBee devices?

Answer

A

wireless personal-area network

Question 59

Q

Which type of wireless network uses transmitters to provide wireless service over a large urban region?

Answer

A

wireless metropolitan-area network

Question 60

Q

Which type of wireless network is suitable for use in a home or office?

Answer

A

wireless local-area network

Question 61

Q

Which type of wireless network often makes use of devices mounted on buildings?

Answer

A

wireless metropolitan-area network

Question 62

Q

Which type of wireless network is suitable for national and global communications?

Answer

A

wireless wide-area network

Question 63

Q

Which type of wireless network uses transmitters to cover a medium-sized network, usually up to 300 feet (91.4 meters)?

Answer

A

wireless local-area network

Question 64

Q

Which type of wireless network is based on the 802.11 standard and a 2.4-GHz or 5-GHz radio frequency?

Answer

A

wireless local-area network

Answer 51

A

wireless metropolitan-area network

Answer 52

A

wireless personal-area network

Answer 53

A

Port Security
DHCP Snooping

Answer 54

A

Disable DTP.
Enable trunking manually.
Set the native VLAN to an unused VLAN.

Answer 55

A

The port violation mode is the default for any port that has port security enabled.

Answer 56

A

Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band.

Answer 57

A

accidental interference

Answer 58

A

CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access point and a wireless LAN controller.

Answer 59

A

Packets with unknown source addresses will be dropped.

Brainscape's Knowledge GenomeTM

10-13 Flashcards

Brainscape's Knowledge Genome^TM