Chapter 11: Switch Features

Question 1

What is a managed switch?

Answer 1

A switch with an operating system that enables device configuration and can run software that implements additional features.

Question 2

What does in-band management of a switch mean?

Answer 2

Managing the switch from the same network that moves data, whether you connect locally or remotely.

Question 3

What is a management port?

Answer 3

A dedicated port on every managed device used for device management.

Question 4

What does out-of-bound management of a switch mean?

Answer 4

Managing the switch from outside the network, usually via a separate network just for managing and monitoring.

ex. A switch separate from the rest of the network and connected to the dedicated ports of the network switches.

Question 5

What does flow control do?

Answer 5

It enables the host to send an Ethernet PAUSE frame, which asks the switch to hold up for some amount of time so the host can catch its breath.

Question 6

What network issue can be caused by flow control?

Answer 6

Latency

Question 7

What is port security?

Answer 7

It is locking switch ports to a specific MAC address. The port will only work with a specific computer after configuration.

Question 8

What is sticky or persistent MAC?

Answer 8

In Cisco switches, the MAC addresses can be dynamically learned or manually configured, stored in the address table, and added to the running configuration file.

Question 9

What does a VLAN (Virtual Local Area Network) enable you to do?

Answer 9

It enables you to segment a physical network into multiple discreet networks without having to add additional hardware by using managed switches.

Question 10

How do you set up a VLAN on a switch?

Answer 10

By creating one or more VLANs, then assigning ports to those VLANs.

Question 11

What do you call the process of transferring VLAN traffic between two or more switches?

Answer 11

Trunking

Question 12

What is a trunk port on a switch?

Answer 12

A port configured to carry all traffic, regardless of VLAN number, between all switches in a LAN.

Question 13

What is the IEEE trunking protocol used in VLANS that enable you to connect switches from different manufacturers?

Answer 13

802.1Q

Question 14

A static VLAN assigns VLANS to ____.

Answer 14

ports

Question 15

A dynamic VLAN assigns VLANS to ____.

Answer 15

MAC addresses

Question 16

What is an 802.1Q tag field?

Answer 16

A field tacked onto a frame’s Ethernet header enabling the next switch to associate it with the correct VLAN.

Question 17

A network vulnerability that lets the attacker access VLANs they should not be able to access is called:

Answer 17

double-tagging attack

Question 18

How do you prevent a double-tagging attack?

Answer 18

By setting the native VLAN to an unused VLAN on truck ports and configuring trunk ports to tag its native VLAN traffic as well.

Question 19

What does Cisco’s proprietary protocol called VLAN Trunking Protocol (VTP) do?

Answer 19

It automates the updating of multiple VLAN switches. You put the switches into one of three states: server, client, or transparent.

Question 20

The process of passing traffic between two VLANs using a router (using one or more ports) is called:

Answer 20

inter-VLAN routing

Question 21

What type of VLAN only allows traffic from private ports to be switched to the uplink trunk port, isolating hosts from each other at Layer 2?

Answer 21

A private VLAN

Question 22

You can configure any port on a multilayer switch to act as a ____ port or a ____ port.

Answer 22

switch; router

Question 23

Making multiple servers look like a single server, creating a server cluster, and evenly distributing requests to these servers is called ____.

Answer 23

load balancing

Question 24

How does DNS performed load balancing work?

Answer 24

Each Web server gets its own public IP address and each DNS server for the domain has multiple “A” records, each with the same fully qualified domain name (FQDN). These “A” records are cycled.

Question 25

When a computer comes to the DNS server for resolution, the server responds with all the “A” records for a FQDN. Then the next time DNS is queried, all the “A” records for a FQDN are returned again but in a different order. This is known as ____.

Answer 25

round robin

Question 26

At what network layer do content switches work?

Answer 26

Layer 7 (Application layer)

Question 27

What do quality of service (QoS) policies do?

Answer 27

They prioritize traffic through rules that control how much bandwidth a protocol, PC user, VLAN, or IP address may use.

Question 28

When you control the flow of packets into or out of the network according to the type of packet or other rules, you are ____.

Answer 28

traffic shaping

Question 29

Hardware and software tools that filter traffic based on various criteria, such as port number, IP address, or protocol are called ____.

Answer 29

firewalls

Question 30

Where are firewalls located on a network?

Answer 30

On the border of the network, between the outside and the inside.

Question 31

Define: Host-Based Firewall

Answer 31

A firewall installed on a single computer, that works on the border of that system.

Question 32

An application that inspects packets, looking for active intrusions and functions inside the network is called a/an ____.

Answer 32

IDS or Intrusion Detection System

Question 33

An IDS in promiscuous mode does what?

Answer 33

Inspects a copy of every packet on a network.

Question 34

What type of IDS consists of multiple sensors placed around the network that reports to a central application that reads a signature file to detect anything out of the ordinary?

Answer 34

A network-based IDS (NIDS)

Question 35

What type of IDS runs on individual systems and monitors for events such as system file modification or registry changes?

Answer 35

A host-based IDS (HIDS)

Question 36

Similar to an IDS, a/an ____ sits directly in the flow of network traffic and can stop an attack while it is happening.

Answer 36

IPS or Intrusion Prevention System

Question 37

Copying data from any or all physical ports on a switch to a single physical port is called ____.

Answer 37

port mirroring

Question 38

What standalone multi-port hardware device copies all of the bits it sees and sends them out on a separate port for monitoring and is used for non-obtrusive data collection?

Answer 38

A network tap

Question 39

What sits between clients and external servers, pocketing the requests from the clients for external server resources and making those requests itself?

Answer 39

A proxy server

Question 40

Whom does a forward proxy server act on behalf of?

Answer 40

Clients, getting information from various sources and handing that info to the clients.

Question 41

Whom does a reverse proxy server act on behalf of?

Answer 41

Servers

Clients contact the reverse proxy server, which gathers info from its associated server(s) and hands the info to the clients.

Question 42

802.1X is an example of ____.

Answer 42

port-based authentication