Section 4.3

Question 1

Which version of SNMP is encrypted?

Answer 1

version 3

Question 2

How can fake Router Advertisements be blocked and on what device is this feature enabled?

Answer 2

by enabling Router Advertisement (RA) Guard on switches

Question 3

Aside from authentication, what other feature is there to Port Security?

Answer 3

maximum number of MAC addresses for an interface

Question 4

DAI

Answer 4

Dynamic ARP Inspection

Question 5

What does DAI help to prevent?

Answer 5

ARP spoofing

Question 6

CoPP

Answer 6

Control Plane Policing

Question 7

How can the Control Plane of a network device be protected?

Answer 7

by enabling and configuring Control Plane Policing (CoPP)

Question 8

What do Private VLANs do?

Answer 8

isolate users on the same VLAN

Question 9

How can unused switchports be protected?

Answer 9

by administratively disabling them or enabling 802.1X to require authentication

Question 10

How can the transport layer be protected?

Answer 10

by disabling unused ports and services

Question 11

What prevents fake/rogue DHCP servers from handing out IPs?

Answer 11

by enabling DHCP snooping

Question 12

Why should the default VLAN be changed?

Answer 12

so attackers don’t know where to look to find management and user traffic

Question 13

What can be done to reduce vulnerabilities on network devices?

Answer 13

patching and updating firmware

Question 14

What should be done before a firmware is patched/updated?

Answer 14

store backups of older versions along with their config

Question 15

What is the access control model used in networking devices called?

Answer 15

Role-Based Access Control (RBAC)

Question 16

Besides a firewall, what can be used to filter traffic based on IP address, port, and protocol?

Answer 16

Access Control List (ACL)

Question 17

RBAC

Answer 17

Role-Based Access Control

Question 18

ACL

Answer 18

Access Control List

Question 19

What does Explicit Deny mean?

Answer 19

deny specific traffic

Question 20

What does Implicit Deny mean?

Answer 20

deny all traffic not specifically allowed

Question 21

Why is MAC filtering not effective?

Answer 21

because MAC addresses can be spoofed

Question 22

How can you physically limit access to a wireless network?

Answer 22

by controlling coverage with signal strength (power levels)

Question 23

What is Wireless Client Isolation?

Answer 23

where users connected to an access point cannot communicate with each other

Question 24

What is Guest Network Isolation?

Answer 24

a network that prevents users from accessing the internal network

Question 25

What is Geofencing used for?

Answer 25

to allow or disallow actions or device features depending on location