Securing Layer 2 Technologies Flashcards
Which is the primary Layer 2 mechanism that allows multiple devices in the same VLAN to communicate with each other even though those devices are physically connected to different switches?
Trunk
How does a switch know about parallel Layer 2 paths?
BPDU
When implemented, what helps prevent CAM table overflow?
Port security
When it comes to VLANs, what is considered not a best practice?
Leaving the native VLAN as VLAN 1
What is the default number of MAC address allowed on a switch port that is configured with port security?
5
Name two items that normally have a one-to-one correlation?
VLANs, IP subnetworks
What is a typical method used by a device in one VLAN to reach another device in a second VLAN?
Use a local default gateway
Name two configuration changes that prevent users from jumping on to any VLAN they want?
Disabling negotiation of trunk ports, Configuring the port connecting to the client as an access port
If you limit the number of MAC addresses learned on a port to five, what benefits fo you get from the port security feature?
Protection for DHCP servers against starvation, Protection against MAC address spoofing
Why should you implement Root Guard on a switch?
To prevent the switch from having specific root ports
Why should CDP be disabled on ports that face untrusted networks?
CDP can be used as a DDoS vector
Name three true statements for DHCP snooping.
DHCP snooping validates DHCP messages received from untrusted sources and filters out invalid messages, DHCP snooping information is stored in a binding database, DHCP snooping rate-limits DHCP traffic from trusted and untrusted source
Name three true statements regarding dynamic ARP inspection (DAI).
DAI intercepts, logs, and discards ARP packets with invalid packets with IP-to-MAC address bindings, DAI helps to mitigate MITM attacks, DAI determines validity of ARP packets based on IP-to-MAC address bindings found in the DHCP snooping database
