cisco 10-13

Question 1

What protocols are used by AAA to authenticate users against a central database of usernames and passwords

Answer 1

RADIUS, TACACS+

Question 2

Authentication method that stores usernames and passwords in the router and is ideal for small networks

Answer 2

local AAA

Question 3

Component of AAA used to determine which resources a user can access and which operations the user is allowed to perform

Answer 3

authorization

Question 4

Component of AAA used to allow an administrator to track individuals who access network resources and any changes made

Answer 4

accounting

Question 5

What device is considered a supplicant during the 802.1x authentication process

Answer 5

the client that is requesting authentication

Question 6

Which access control component controls what users can do on the network

Answer 6

authorization

Question 7

Access control component that audits what users actions are performed on the network

Answer 7

accounting

Question 8

Access control component that restricts LAN access through publicly accessible switch ports

Answer 8

802.1x

Question 9

Access control component that indicates success or failure of a client-requested service with a PASS or FAIL message

Answer 9

authorization

Question 10

Access control component that is based on device roles of supplicant, authenticator, and authentication server

Answer 10

802.1x

Question 11

Which two cisco solutions help prevent DHCP starvation attacks

Answer 11

DHCP snooping, port security

Question 12

What is the result of a MAC table flooding attack

Answer 12

the switch will begin broadcasting traffic out of all ports

Question 13

Which feature on a switch makes it vulnerable to VLAN hopping attacks

Answer 13

the automatic trunking port feature enabled by default

Question 14

What makes switches vulnerable to double tagging attacks

Answer 14

native vlan of trunking port being same as user VLAN

Question 15

Result of DHCP starvation attack

Answer 15

legitimate clients are unable to lease IP addresses

Question 16

Best practice for CDP and LLDP

Answer 16

disable them where they aren’t required

Question 17

Which port security configuration allows dynamically learned mac addresses to be saved in running config

Answer 17

sticky secure mac address

Question 18

Which set of commands limits learned MAC addresses to 2, stores them in running config, and shuts the port down if there are more

Answer 18

switchport port-security, switchport port-security max 2, switchport port-security mac-address sticky

Question 19

What happens with default port security when an extra mac is added

Answer 19

interface is shut down and log file is made

Question 20

Default violation mode in port security

Answer 20

shutdown

Question 21

Violation mode where packets are dropped without log message

Answer 21

protect

Question 22

Exhibit of show port-security int f 0/. What can be determined?

Answer 22

Port violation mode is the default

Question 23

Exhibit where Fa0/2 is down. Why?

Answer 23

MAC of PC1 configured on S1 isn’t the right MAC

Question 24

Vlan hopping attack prevented by designating unused VLAN as native VLAN

Answer 24

VLAN double-tagging

Question 25

3 Techniques to mitigate VLAN attacks

Answer 25

disable DTP, enable trunking manually, set native vlan to unused vlan

Question 26

What is the effect of ip dhcp snooping limit rate 6

Answer 26

port can receive 6 DHCP discover messages per second

Question 27

Purpose of ip arp inspection validate src-mac

Answer 27

checks source MAC in ethernet header against sender MAC in ARP body

Question 28

Command to enable portfast on all ports by default

Answer 28

spanning-tree portfast default

Question 29

Security benefit gained from enabling BPDU guard on PortFast-enabled devices

Answer 29

prevents rogue switches from being added to the network

Question 30

Commands to enable BPDU guard

Answer 30

spanning-tree bpduguard enable (if), spanning-tree portfast bpduguard default (global)

Question 31

Wireless network that uses transmitters to provide coverage over an extensive geographic area

Answer 31

WWAN

Question 32

Wireless network that uses Bluetooth/ZigBee

Answer 32

WPAN

Question 33

Wireless network over large urban region

Answer 33

WMAN

Question 34

Wireless network for home network

Answer 34

WLAN

Question 35

Wireless network that uses devices mounted on buildings

Answer 35

WMAN

Question 36

Wireless network for global communication

Answer 36

WWAN

Question 37

Wireless network for 300 ft

Answer 37

WLAN

Question 38

Wireless network w/ 802.11 and uses 2.4/5ghz

Answer 38

WLAN

Question 39

Wireless network suitable for city

Answer 39

WMAN

Question 40

Wireless network w/ 20-30ft transmitters

Answer 40

WPAN

Question 41

IEEE Standard 802.15

Answer 41

Bluetooth

Question 42

802.11 standards that operate only in 5ghz range

Answer 42

802.11a, 802.11ac

Question 43

802.11 standard that has <1.3gb/s data range and is backwards compatible

Answer 43

802.11ac

Question 44

Wireless antenna best for large open spaces (hallways, conference rooms)

Answer 44

omnidirectional

Question 45

Wireless network topology used by network engineers to provide wireless network for entire college building

Answer 45

infrastructure

Question 46

Access point mode where hosts don’t see it in list of networks

Answer 46

Active mode

Question 47

Access point mode where SSID is broadcast

Answer 47

passive mode

Question 48

Management frame regularly broadcast by AP

Answer 48

beacons

Question 49

Two methods used by wireless NIC to discover AP

Answer 49

transmitting probe request, receiving broadcast beacon frame

Question 50

What does CAPWAP do

Answer 50

provides encapsulation and forwarding of wireless user traffic between AP and WLAN controller

Question 51

Purpose of adjusting channel on wireless router

Answer 51

avoid interference from nearby wireless devices

Question 52

Method to enhance performance of 802.11n wireless network

Answer 52

split traffic between 2.4 and 5 gHZ bands

Question 53

Wireless security risk created by microwave ovens

Answer 53

accidental interference

Question 54

Advantage of SSID cloaking

Answer 54

clients will have to manually identify the SSID to connect to the network

Question 55

Wireless security mode that requires a RADIUS server

Answer 55

enterprise

Question 56

What ports does radius use

Answer 56

1812, 1813, 1645, 1646

Question 57

First security measure that should be applied on wireless router

Answer 57

change default username & password

Question 58

3 parameters to change on home wireless ap

Answer 58

SSID, ap password, wireless network password

Question 59

Which service is used on wireless router (that assigns IPs to hosts in the 10.10.10.0 network) to allow hosts to access the internet

Answer 59

NAT

Question 60

Wireless router service that can be used to prioritize network traffic

Answer 60

QoS

Question 61

Cisco 3504 WLC dashboard which option provides access to full menu of features

Answer 61

Advanced

Question 62

Which protocol can be used to monitor the network

Answer 62

SNMP

Question 63

Which server provides ability to authenticate with usernames and passwords

Answer 63

RADIUS

Question 64

Purpose of shared secret password on WLC

Answer 64

used to encrypt messages between WLC and RADIUS server

Question 65

What tab allows configuration of WLAN security options such as WPA2 on the summary page (Advanced > Summary)

Answer 65

WLANs

Question 66

What is required before creating a new WLAN on WLC

Answer 66

create new VLAN

Question 67

Troubleshooting steps to fix laptops that can’t connect to WAP

Answer 67

ensure NIC is enabled, ensure SSID is chosen

Question 68

Why does switching to 5ghz make the network faster

Answer 68

more channels, less crowded

Question 69

Simple way to improve WLAN performance thru split-the-traffic

Answer 69

make sure different SSIDs are used for 2.4 and 5ghz

Question 70

How to make 802.11n/ac router faster

Answer 70

split traffic between 802.11n 2.4ghz band and 5ghz band