Switch Configuration Flashcards
Which statement describes the port speed LED on the Cisco Catalyst 2960 switch?
If the LED is green, the port is operating at 100 Mb/s. If the LED is off, the port is not operating. If the LED is blinking green, the port is operating at 10 Mb/s. If the LED is amber, the port is operating at 1000 Mb/s.
If the LED is green, the port is operating at 100 Mb/s.
Which command is used to set the BOOT environment variable that defines where to find the IOS image file on a switch?
config-register boot system boot loader confreg
boot system
What is a function of the switch boot loader?
to speed up the boot process to provide security for the vulnerable state when the switch is booting to control how much RAM is available to the switch during the boot process to provide an environment to operate in when the switch operating system cannot be found
to provide an environment to operate in when the switch operating system cannot be found
Which interface is the default location that would contain the IP address used to manage a 24-port Ethernet switch?
VLAN 1 Fa0/0 Fa0/1 interface connected to the default gateway VLAN 99
VLAN 1
A production switch is reloaded and finishes with a Switch> prompt. What two facts can be determined? (Choose two.)
POST occurred normally. The boot process was interrupted. There is not enough RAM or flash on this router. A full version of the Cisco IOS was located and loaded. The switch did not locate the Cisco IOS in flash, so it defaulted to ROM.
POST occurred normally.
A full version of the Cisco IOS was located and loaded.
Which two statements are true about using full-duplex Fast Ethernet? (Choose two.)
Performance is improved with bidirectional data flow. Latency is reduced because the NIC processes frames faster. Nodes operate in full-duplex with unidirectional data flow. Performance is improved because the NIC is able to detect collisions. Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.
Performance is improved with bidirectional data flow.
Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.
In which situation would a technician use the show interfaces switch command?
to determine if remote access is enabled when packets are being dropped from a particular directly attached host when an end device can reach local devices, but not remote devices to determine the MAC address of a directly attached network device on a particular interface
when packets are being dropped from a particular directly attached host
If one end of an Ethernet connection is configured for full duplex and the other end of the connection is configured for half duplex, where would late collisions be observed?
on both ends of the connection on the full-duplex end of the connection only on serial interfaces on the half-duplex end of the connection
on the half-duplex end of the connection
What is one difference between using Telnet or SSH to connect to a network device for management purposes?
Telnet uses UDP as the transport protocol whereas SSH uses TCP. Telnet does not provide authentication whereas SSH provides authentication. Telnet supports a host GUI whereas SSH only supports a host CLI. Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
Refer to the exhibit. The network administrator wants to configure Switch1 to allow SSH connections and prohibit Telnet connections. How should the network administrator change the displayed configuration to satisfy the requirement?
- ip ssh version 2
- ip domain-name cisco.com
- crypto key generate rsa
- line vty 0 15
- transport input all
Use SSH version 1.
Reconfigure the RSA key.
Configure SSH on a different line.
Modify the transport input command.
Modify the transport input command.
What is the effect of using the switchport port-security command?
enables port security on an interface enables port security globally on the switch automatically shuts an interface down if applied to a trunk port detects the first MAC address in a frame that comes into a port and places that MAC address in the MAC address table
enables port security on an interface
Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?
ROM RAM NVRAM flash
RAM
A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?
restrict protect warning shutdown
Restrict
Which two statements are true regarding switch port security? (Choose two.)
The three configurable violation modes all log violations via SNMP. Dynamically learned secure MAC addresses are lost when the switch reboots. The three configurable violation modes all require user intervention to re-enable ports. After entering the sticky parameter, only MAC addresses subsequently learned are converted to secure MAC addresses. If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.
Dynamically learned secure MAC addresses are lost when the switch reboots.
If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.
Which action will bring an error-disabled switch port back to an operational state?
Remove and reconfigure port security on the interface. Issue the switchport mode access command on the interface. Clear the MAC address table on the switch. Issue the shutdown and then no shutdown interface commands.
Issue the shutdown and then no shutdown interface commands.
Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator has the following goals?
No one is allowed to disconnect the IP phone or the PC and connect some other wired device. If a different device is connected, port Fa0/2 is shut down. The switch should automatically detect the MAC address of the IP phone and the PC and add those addresses to the running configuration. -pc --> iphone fa0/2 --> switch 1)SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security mac-address sticky 2)SWA(config-if)# switchport port-security mac-address sticky SWA(config-if)# switchport port-security maximum 2 3)SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security maximum 2 SWA(config-if)# switchport port-security mac-address sticky 4)SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security maximum 2 SWA(config-if)# switchport port-security mac-address sticky SWA(config-if)# switchport port-security violation restrict
SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
Which option correctly associates the Layer 2 security attack with the description?
MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses.
DHCP starvation: Using proprietary Cisco protocols to gain information about a switch.
CDP attack: The attacker fills the switch MAC address table with invalid MAC addresses.
Telnet attack: Using brute force password attacks to gain access to a switch.
MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses
Which three options accurately associate the Catalyst switch command with the result? (Choose three.)
show vlan id vlan-id: displays information about a specific VLAN.
show vlan: displays detailed information about all VLANs on the switch.
show vlan brief: displays detailed information about all VLANs on the switch.
show interfaces fa0/1 switch port: displays information about a specific port.
show interfaces fa0/1: displays VLAN information about a specific port.
A. show vlan id vlan-id: displays information about a specific VLAN.
B. show vlan: displays detailed information about all VLANs on the switch.
D. show interfaces fa0/1 switch port: displays information about a specific port.
When would auto-MDIX be best to use? When a switch connects to a router When a switch connects to another switch When any device connects to an access layer switch When the cable type is unknown
When the cable type is unknown
The network administrator wants to configure an IP address on a Cisco switch) How does the network administrator assign the IP address?
In privileged EXEC mode
On the switch interface FastEthernet0/0
On the management VLAN
On the physical interface connected to the router or next-hop device
On the management VLAN
Which three options correctly associate the command with the paired behavior? (Choose three.)
switch port port-security violation protect: Frames with unknown source addresses are dropped and a notification is sent.
switch port port-security violation restrict: Frames with unknown source addresses are dropped and no notification is sent.
Switch port port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.
Switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
Switch port port-security maximum: Defines the number of MAC addresses associated with a port.
switch port port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.
switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
switch port port-security maximum: Defines the number of MAC addresses associated with a port.
Which two tasks does auto negotiation in an Ethernet network accomplish? (Choose two.)
Sets the link speed Sets the IP address Sets the link duplex mode Sets MAC address assignments on switch port Sets the ring speed
Sets the link speed
Sets the link duplex mode
What is an advantage of using SSH over Telnet when remotely connecting to a switch?
Encryption
More connection lines
Connection-oriented services
Username and password authentication
Encryption
What is a Cisco best practice for deploying switches?
When a server connects to a switch, the switch port should have the port speed manually configured, but the auto negotiation feature used for duplex.
A compound word should be used as a password on an infrastructure network device such as a switch.
Telnet should be used whenever possible on the switch vty lines.
The enable secret password should be used when configuring a switch to use SSH on the vty lines.
When a server connects to a switch, the switch port should have the port speed manually configured, but the auto negotiation feature used for duplex.
Why should a default gateway be assigned to a switch?
So that there can be remote connectivity to the switch via such programs as Telnet and ping
So that frames can be sent through the switch to the router
So that frames generated from workstations and destined for remote networks can pass to a higher level
So that other networks can be accessed from the command prompt of the switch
So that other networks can be accessed from the command prompt of the switch
Consider the configuration) Which two commands are not needed on the switch in order for a remote network administrator to access the switch using SSH?
Switch(config)# ip domain-name mydomain.com Switch(config)# crypto key generate rsa Switch(config)# ip ssh version 2 Switch(config)# line vty 0 15 Switch(config-if)# transport input ssh
Switch(config)# ip ssh version 2
Switch(config-if)# transport input ssh
BOOT LOADER
is a small program stored in ROM and is run immediately after POST successfully completes. USED TO INITIALIZE A DEVICE LIKE A ROUTER OR SWITCH. BOOT LOADER LOCATES AND LAUNCHES THE OPERATING SYSTEM
SWITCH VIRTUAL INTERFACE (SVI)
AUTOMATIC MEDIUM-DEPENDENT INTERFACE CROSSOVER (AUTO-MDX)
RUNT
Packets that are discarded because they are smaller than the minimum
packet size for the medium. For instance, any Ethernet pack that is less than 64 bytes is considered a runt.
GIANT
Packets that are discarded because they exceed the maximum packet size for the medium. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.
CRC ERROR
CRC errors are generated when the calculated checksum is not the same
as the checksum received.
LATE COLLISION
A collision that occurs after 512 bits of the frame have been transmitted.
SECURE SHELL (SSH)
is a protocol that provides a secure (encrypted) management connection to a remote device.
MAC ADDRESS TABLE OVERFLOW ATTACK
ATTACKER SENDS FAKE SOURCE MAC ADDRESSES THAT ARE ENTERED INTO AND FILL THE MAC ADDRESS TABLE OF A SWITCH. THE SWITCH IS FORCED TO BROADCAST ALL FRAMES OUT ALL PORTS ALLOWING AN ATTACKER TO CAPTURE AND VIEW ADDRESSES. CONFIGURING PORT SECURITY CAN BE USED TO PREVENT THIS TYPE OF ATTACK
MAC FLOODING ATTACK
SIMILAR TO MAC ADDRESS TABLE OVERFLOW ATTACK
DHCP STARVATION ATTACK
DENIAL-OF-SERVICE (DOS) ATTACK
DHCP SPOOFING ATTACKS
an attacker configures a fake DHCP server on the
network to issue DHCP addresses to clients. THEN SENDS NETWORK TRAFFIC TO A MACHINE CONTROLLED BY THE ATTACKER
CISCO DISCOVERY PROTOCOL (CDP)
is a proprietary protocol that all Cisco devices can be configured to use. CDP discovers other Cisco devices that are directly connected, which allows the devices to auto-configure their connection.
BRUTE FORCE PASSWORD ATTACK
USES A TRIAL AND ERROR APPROACH TO PASSWORD CRACKING USING SOFTWARE PROGRAMS THAT RUN COMBINATIONS OF CHARACTERS AND COMMON DICTIONARY WORDS TO DECIPHER PASSWORDS
TELNET DOS ATTACK
the attacker
exploits a flaw in the Telnet server software running on the switch that renders the Telnet service unavailable. LOCKS A LEGITIMATE NETWORK ADMIN FROM REMOTELY ACCESSING A NETWORK DEVICE USING TELNET
SECURITY AUDIT
reveals the type of information an attacker can gather
simply by monitoring network traffic.
PENETRATION TESTING
is a simulated attack against the network to determine how vulnerable it would be in a real attack.
DHCP SNOOPING
is a Cisco Catalyst feature that determines which devices attached
to switch ports can respond to DHCP requests. ACTS LIKE A FIREWALL BETWEEN UNTRUSTED NETWORK DEVICES AND TRUSTED DHCP SERVERS
TRUSTED PORT
can source any type of DHCP message
UNTRUSTED PORT
can source DHCP requests only.
PORT SECURITY
limits the number of valid MAC addresses allowed
on a port.
STATIC SECURE MAC ADDRESS
MAC addresses that are manually configured on
a SWITCHport
DYNAMIC SECURE MAC ADDRESS
…
STICKY SECURE MAC ADDRESS
MAC addresses that can be dynamically learned
or manually configured stored in the address table, and added to the running configuration.
NETWORK TIME PROTOCOL (NTP)
MAC addresses that are dynamically learned
and stored only in the address table. MAC addresses configured in this way are removed when the switch restarts.