cisco 10-13 Flashcards

1
Q

What protocols are used by AAA to authenticate users against a central database of usernames and passwords

A

RADIUS, TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Authentication method that stores usernames and passwords in the router and is ideal for small networks

A

local AAA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Component of AAA used to determine which resources a user can access and which operations the user is allowed to perform

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Component of AAA used to allow an administrator to track individuals who access network resources and any changes made

A

accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What device is considered a supplicant during the 802.1x authentication process

A

the client that is requesting authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which access control component controls what users can do on the network

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access control component that audits what users actions are performed on the network

A

accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access control component that restricts LAN access through publicly accessible switch ports

A

802.1x

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Access control component that indicates success or failure of a client-requested service with a PASS or FAIL message

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Access control component that is based on device roles of supplicant, authenticator, and authentication server

A

802.1x

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which two cisco solutions help prevent DHCP starvation attacks

A

DHCP snooping, port security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the result of a MAC table flooding attack

A

the switch will begin broadcasting traffic out of all ports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which feature on a switch makes it vulnerable to VLAN hopping attacks

A

the automatic trunking port feature enabled by default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What makes switches vulnerable to double tagging attacks

A

native vlan of trunking port being same as user VLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Result of DHCP starvation attack

A

legitimate clients are unable to lease IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Best practice for CDP and LLDP

A

disable them where they aren’t required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which port security configuration allows dynamically learned mac addresses to be saved in running config

A

sticky secure mac address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which set of commands limits learned MAC addresses to 2, stores them in running config, and shuts the port down if there are more

A

switchport port-security, switchport port-security max 2, switchport port-security mac-address sticky

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What happens with default port security when an extra mac is added

A

interface is shut down and log file is made

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Default violation mode in port security

A

shutdown

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Violation mode where packets are dropped without log message

A

protect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Exhibit of show port-security int f 0/. What can be determined?

A

Port violation mode is the default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Exhibit where Fa0/2 is down. Why?

A

MAC of PC1 configured on S1 isn’t the right MAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Vlan hopping attack prevented by designating unused VLAN as native VLAN

A

VLAN double-tagging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

3 Techniques to mitigate VLAN attacks

A

disable DTP, enable trunking manually, set native vlan to unused vlan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the effect of ip dhcp snooping limit rate 6

A

port can receive 6 DHCP discover messages per second

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Purpose of ip arp inspection validate src-mac

A

checks source MAC in ethernet header against sender MAC in ARP body

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Command to enable portfast on all ports by default

A

spanning-tree portfast default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Security benefit gained from enabling BPDU guard on PortFast-enabled devices

A

prevents rogue switches from being added to the network

30
Q

Commands to enable BPDU guard

A

spanning-tree bpduguard enable (if), spanning-tree portfast bpduguard default (global)

31
Q

Wireless network that uses transmitters to provide coverage over an extensive geographic area

A

WWAN

32
Q

Wireless network that uses Bluetooth/ZigBee

A

WPAN

33
Q

Wireless network over large urban region

A

WMAN

34
Q

Wireless network for home network

A

WLAN

35
Q

Wireless network that uses devices mounted on buildings

A

WMAN

36
Q

Wireless network for global communication

A

WWAN

37
Q

Wireless network for 300 ft

A

WLAN

38
Q

Wireless network w/ 802.11 and uses 2.4/5ghz

A

WLAN

39
Q

Wireless network suitable for city

A

WMAN

40
Q

Wireless network w/ 20-30ft transmitters

A

WPAN

41
Q

IEEE Standard 802.15

A

Bluetooth

42
Q

802.11 standards that operate only in 5ghz range

A

802.11a, 802.11ac

43
Q

802.11 standard that has <1.3gb/s data range and is backwards compatible

A

802.11ac

44
Q

Wireless antenna best for large open spaces (hallways, conference rooms)

A

omnidirectional

45
Q

Wireless network topology used by network engineers to provide wireless network for entire college building

A

infrastructure

46
Q

Access point mode where hosts don’t see it in list of networks

A

Active mode

47
Q

Access point mode where SSID is broadcast

A

passive mode

48
Q

Management frame regularly broadcast by AP

A

beacons

49
Q

Two methods used by wireless NIC to discover AP

A

transmitting probe request, receiving broadcast beacon frame

50
Q

What does CAPWAP do

A

provides encapsulation and forwarding of wireless user traffic between AP and WLAN controller

51
Q

Purpose of adjusting channel on wireless router

A

avoid interference from nearby wireless devices

52
Q

Method to enhance performance of 802.11n wireless network

A

split traffic between 2.4 and 5 gHZ bands

53
Q

Wireless security risk created by microwave ovens

A

accidental interference

54
Q

Advantage of SSID cloaking

A

clients will have to manually identify the SSID to connect to the network

55
Q

Wireless security mode that requires a RADIUS server

A

enterprise

56
Q

What ports does radius use

A

1812, 1813, 1645, 1646

57
Q

First security measure that should be applied on wireless router

A

change default username & password

58
Q

3 parameters to change on home wireless ap

A

SSID, ap password, wireless network password

59
Q

Which service is used on wireless router (that assigns IPs to hosts in the 10.10.10.0 network) to allow hosts to access the internet

A

NAT

60
Q

Wireless router service that can be used to prioritize network traffic

A

QoS

61
Q

Cisco 3504 WLC dashboard which option provides access to full menu of features

A

Advanced

62
Q

Which protocol can be used to monitor the network

A

SNMP

63
Q

Which server provides ability to authenticate with usernames and passwords

A

RADIUS

64
Q

Purpose of shared secret password on WLC

A

used to encrypt messages between WLC and RADIUS server

65
Q

What tab allows configuration of WLAN security options such as WPA2 on the summary page (Advanced > Summary)

A

WLANs

66
Q

What is required before creating a new WLAN on WLC

A

create new VLAN

67
Q

Troubleshooting steps to fix laptops that can’t connect to WAP

A

ensure NIC is enabled, ensure SSID is chosen

68
Q

Why does switching to 5ghz make the network faster

A

more channels, less crowded

69
Q

Simple way to improve WLAN performance thru split-the-traffic

A

make sure different SSIDs are used for 2.4 and 5ghz

70
Q

How to make 802.11n/ac router faster

A

split traffic between 802.11n 2.4ghz band and 5ghz band