Q:101-120 Flashcards
- What protocol should be disabled to help mitigate VLAN attacks?
CDP
ARP
STP
DTP
DTP
- What protocol or technology requires switches to be in server mode or client mode?
EtherChannel
STP
VTP
DTP
VTP
- What are two reasons a network administrator would segment a network with a Layer 2 switch? (Choose two.)
to create fewer collision domains to enhance user bandwidth to create more broadcast domains to eliminate virtual circuits to isolate traffic between segments to isolate ARP request messages from the rest of the network
to enhance user bandwidth
to isolate traffic between segments
- What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server?
a static route
the ipv6 route ::/0 command
the ipv6 unicast-routing command
the ip routing command
the ipv6 unicast-routing command
- A network administrator is using the router-on-a-stick model to configure a switch and a router for inter-VLAN routing. What configuration should be made on the switch port that connects to the router?
Configure it as a trunk port and allow only untagged traffic.
Configure the port as an access port and a member of VLAN1.
Configure the port as an 802.1q trunk port.
Configure the port as a trunk port and assign it to VLAN1.
Configure the port as an 802.1q trunk port.
- What are three techniques for mitigating VLAN attacks? (Choose three.)
Use private VLANs. Enable BPDU guard. Enable trunking manually Enable Source Guard. Disable DTP. Set the native VLAN to an unused VLAN.
Enable trunking manually
Disable DTP.
Set the native VLAN to an unused VLAN.
- Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)
- In which situation would a technician use the show interfaces switch command?
to determine if remote access is enabled
when packets are being dropped from a particular directly attached host
when an end device can reach local devices, but not remote devices
to determine the MAC address of a directly attached network device on a particular interface
when packets are being dropped from a particular directly attached host
- What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?
There is no ability to provide accountability.
User accounts must be configured locally on each device, which is an unscalable authentication solution.
It is very susceptible to brute-force attacks because there is no username.
The passwords can only be stored in plain text in the running configuration.
There is no ability to provide accountability.
User accounts must be configured locally on each device, which is an unscalable authentication solution.
- What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?
It sends a DHCPREQUEST that identifies which lease offer the client is accepting.
It sends a DHCPNAK and begins the DHCP process over again.
It discards both offers and sends a new DHCPDISCOVER.
It accepts both DHCPOFFER messages and sends a DHCPACK.
It sends a DHCPREQUEST that identifies which lease offer the client is accepting.
- Refer to the exhibit. The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.)
Three security violations have been detected on this interface.
This port is currently up.
The port is configured as a trunk link.
Security violations will cause this port to shut down immediately.
There is no device currently connected to this port.
The switch port mode for this interface is access mode.
The switch port mode for this interface is access mode.
Security violations will cause this port to shut down immediately.
This port is currently up.
- What method of wireless authentication is dependent on a RADIUS authentication server?
WEP
WPA Personal
WPA2 Personal
WPA2 Enterprise
WPA2 Enterprise
- A network administrator has found a user sending a double-tagged 802.1Q frame to a switch. What is the best solution to prevent this type of attack?
The native VLAN number used on any trunk should be one of the active data VLANs.
The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.
Trunk ports should be configured with port security.
Trunk ports should use the default VLAN as the native VLAN number.
The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.
- Refer to the exhibit. Which two conclusions can be drawn from the output? (Choose two.)
The EtherChannel is down. The port channel ID is 2. The port channel is a Layer 3 channel. The bundle is fully operational. The load-balancing method used is source port to destination port.
The EtherChannel is down.
The port channel ID is 2.
- On a Cisco 3504 WLC Summary page ( Advanced > Summary ), which tab allows a network administrator to configure a particular WLAN with a WPA2 policy?
WLANs
SECURITY
WIRELESS
MANAGEMENT
WLANs
- Refer to the exhibit. A network engineer is configuring IPv6 routing on the network. Which command issued on router HQ will configure a default route to the Internet to forward packets to an IPv6 destination network that is not listed in the routing table?
ipv6 route ::/0 serial 0/0/0
ip route 0.0.0.0 0.0.0.0 serial 0/1/1
ipv6 route ::1/0 serial 0/1/1
ipv6 route ::/0 serial 0/1/1
ipv6 route ::/0 serial 0/1/1
- Users are complaining of sporadic access to the internet every afternoon. What should be done or checked?
Create static routes to all internal networks and a default route to the internet.
Verify that there is not a default route in any of the edge router routing tables.
Create a floating static route to that network.
Check the statistics on the default route for oversaturation.
Check the statistics on the default route for oversaturation.
- What action takes place when the source MAC address of a frame entering a switch appears in the MAC address table associated with a different port?
The switch purges the entire MAC address table.
The switch replaces the old entry and uses the more current port.
The switch updates the refresh timer for the entry.
The switch forwards the frame out of the specified port.
The switch replaces the old entry and uses the more current port.
- A network administrator is configuring a WLAN. Why would the administrator use a WLAN controller?
to centralize management of multiple WLANs
to provide privacy and integrity to wireless traffic by using encryption
to facilitate group configuration and management of multiple WLANs through a WLC
to provide prioritized service for time-sensitive applications
to facilitate group configuration and management of multiple WLANs through a WLC
122. A new Layer 3 switch is connected to a router and is being configured for interVLAN routing. What are three of the five steps required for the configuration? (Choose three.) Case 1: modifying the default VLAN installing a static route adjusting the route metric creating VLANs assigning ports to VLANs creating SVI interfaces implementing a routing protocol
Case 2: enabling IP routing entering “no switchport” on the port connected to the router adjusting the route metric installing a static route assigning the ports to the native VLAN modifying the default VLAN assigning ports to VLANs
Case 3: enabling IP routing modifying the default VLAN entering “no switchport” on the port connected to the router establishing adjacencies assigning ports to VLANs adjusting the route metric assigning the ports to the native VLAN
Case 4: assigning ports to VLANs assigning the ports to the native VLAN enabling IP routing modifying the default VLAN installing a static route implementing a routing protocol creating SVI interfaces
Case 1:
creating VLANs
assigning ports to VLANs
creating SVI interfaces
Case 2:
enabling IP routing
entering “no switchport” on the port connected to the router
assigning ports to VLANs
Case 3:
entering “no switchport” on the port connected to the router
establishing adjacencies
enabling IP routing
Case 4:
assigning ports to VLANs
enabling IP routing
creating SVI interfaces
- Which three statements accurately describe duplex and speed settings on Cisco 2960 switches? (Choose three.)
An autonegotiation failure can result in connectivity issues.
When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode.
The duplex and speed settings of each switch port can be manually configured.
Enabling autonegotiation on a hub will prevent mismatched port speeds when connecting the hub to the switch.
By default, the speed is set to 100 Mb/s and the duplex mode is set to autonegotiation.
By default, the autonegotiation feature is disabled.
An autonegotiation failure can result in connectivity issues.
When the speed is set to 1000 Mb/s, the switch ports will operate in full-duplex mode.
The duplex and speed settings of each switch port can be manually configured