Switch Configuration Flashcards

Question 1

Q

Which statement describes the port speed LED on the Cisco Catalyst 2960 switch?

 If the LED is green, the port is operating at 100 Mb/s.
 If the LED is off, the port is not operating.
 If the LED is blinking green, the port is operating at 10 Mb/s.
 If the LED is amber, the port is operating at 1000 Mb/s.

Answer

A

If the LED is green, the port is operating at 100 Mb/s.

Question 2

Q

Which command is used to set the BOOT environment variable that defines where to find the IOS image file on a switch?

 config-register
 boot system
 boot loader
 confreg

Answer

A

boot system

Question 3

Q

What is a function of the switch boot loader?

 to speed up the boot process
 to provide security for the vulnerable state when the switch is booting
 to control how much RAM is available to the switch during the boot process
 to provide an environment to operate in when the switch operating system cannot be found

Answer

A

to provide an environment to operate in when the switch operating system cannot be found

Question 4

Q

Which interface is the default location that would contain the IP address used to manage a 24-port Ethernet switch?

     VLAN 1
     Fa0/0
     Fa0/1
     interface connected to the default gateway
     VLAN 99

Question 5

Q

A production switch is reloaded and finishes with a Switch> prompt. What two facts can be determined? (Choose two.)

 POST occurred normally.
 The boot process was interrupted.
 There is not enough RAM or flash on this router.
 A full version of the Cisco IOS was located and loaded.
 The switch did not locate the Cisco IOS in flash, so it defaulted to ROM.

Answer

A

POST occurred normally.

A full version of the Cisco IOS was located and loaded.

Question 6

Q

Which two statements are true about using full-duplex Fast Ethernet? (Choose two.)

 Performance is improved with bidirectional data flow.
 Latency is reduced because the NIC processes frames faster.
 Nodes operate in full-duplex with unidirectional data flow.
 Performance is improved because the NIC is able to detect collisions.
 Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.

Answer

A

Performance is improved with bidirectional data flow.

Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.

Question 7

Q

In which situation would a technician use the show interfaces switch command?

 to determine if remote access is enabled
 when packets are being dropped from a particular directly attached host
 when an end device can reach local devices, but not remote devices
 to determine the MAC address of a directly attached network device on a particular interface

Answer

A

when packets are being dropped from a particular directly attached host

Question 8

Q

If one end of an Ethernet connection is configured for full duplex and the other end of the connection is configured for half duplex, where would late collisions be observed?

 on both ends of the connection
 on the full-duplex end of the connection
 only on serial interfaces
 on the half-duplex end of the connection

Answer

A

on the half-duplex end of the connection

Question 9

Q

What is one difference between using Telnet or SSH to connect to a network device for management purposes?

 Telnet uses UDP as the transport protocol whereas SSH uses TCP.
 Telnet does not provide authentication whereas SSH provides authentication.
 Telnet supports a host GUI whereas SSH only supports a host CLI.
 Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.

Answer

A

Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.

Question 10

Q

Refer to the exhibit. The network administrator wants to configure Switch1 to allow SSH connections and prohibit Telnet connections. How should the network administrator change the displayed configuration to satisfy the requirement?

ip ssh version 2
ip domain-name cisco.com
crypto key generate rsa
line vty 0 15
transport input all

Use SSH version 1.
Reconfigure the RSA key.
Configure SSH on a different line.
Modify the transport input command.

Answer

A

Modify the transport input command.

Question 11

Q

What is the effect of using the switchport port-security command?

 enables port security on an interface
 enables port security globally on the switch
 automatically shuts an interface down if applied to a trunk port
 detects the first MAC address in a frame that comes into a port and places that MAC address in the MAC address table

Answer

A

enables port security on an interface

Question 12

Q

Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?

 ROM
 RAM
 NVRAM
 flash

Question 13

Q

A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

 restrict
 protect
 warning
 shutdown

Question 14

Q

Which two statements are true regarding switch port security? (Choose two.)

 The three configurable violation modes all log violations via SNMP.
 Dynamically learned secure MAC addresses are lost when the switch reboots.
 The three configurable violation modes all require user intervention to re-enable ports.
 After entering the sticky parameter, only MAC addresses subsequently learned are converted to secure MAC addresses.
 If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.

Answer

A

Dynamically learned secure MAC addresses are lost when the switch reboots.
If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.

Question 15

Q

Which action will bring an error-disabled switch port back to an operational state?

 Remove and reconfigure port security on the interface.
 Issue the switchport mode access command on the interface.
 Clear the MAC address table on the switch.
 Issue the shutdown and then no shutdown interface commands.

Answer

A

Issue the shutdown and then no shutdown interface commands.

Question 16

Q

Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator has the following goals?

No one is allowed to disconnect the IP phone or the PC and connect some other wired device.
If a different device is connected, port Fa0/2 is shut down.
The switch should automatically detect the MAC address of the IP phone and the PC and add those addresses to the running configuration. -pc --> iphone fa0/2 --> switch

 1)SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security mac-address sticky
 2)SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security maximum 2
 3)SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
 4)SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security violation restrict

Answer

A

SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky

Question 17

Q

Which option correctly associates the Layer 2 security attack with the description?

MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses.
DHCP starvation: Using proprietary Cisco protocols to gain information about a switch.
CDP attack: The attacker fills the switch MAC address table with invalid MAC addresses.
Telnet attack: Using brute force password attacks to gain access to a switch.

Answer

A

MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses

Question 18

Q

Which three options accurately associate the Catalyst switch command with the result? (Choose three.)

show vlan id vlan-id: displays information about a specific VLAN.
show vlan: displays detailed information about all VLANs on the switch.
show vlan brief: displays detailed information about all VLANs on the switch.
show interfaces fa0/1 switch port: displays information about a specific port.
show interfaces fa0/1: displays VLAN information about a specific port.

Answer

A

A. show vlan id vlan-id: displays information about a specific VLAN.
B. show vlan: displays detailed information about all VLANs on the switch.
D. show interfaces fa0/1 switch port: displays information about a specific port.

Question 19

Q

When would auto-MDIX be best to use?
When a switch connects to a router
When a switch connects to another switch
When any device connects to an access layer switch
When the cable type is unknown

Answer

A

When the cable type is unknown

Question 20

Q

The network administrator wants to configure an IP address on a Cisco switch) How does the network administrator assign the IP address?

In privileged EXEC mode
On the switch interface FastEthernet0/0
On the management VLAN
On the physical interface connected to the router or next-hop device

Answer

A

On the management VLAN

Question 21

Q

Which three options correctly associate the command with the paired behavior? (Choose three.)

switch port port-security violation protect: Frames with unknown source addresses are dropped and a notification is sent.
switch port port-security violation restrict: Frames with unknown source addresses are dropped and no notification is sent.
Switch port port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.
Switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
Switch port port-security maximum: Defines the number of MAC addresses associated with a port.

Answer

A

switch port port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.

switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.

switch port port-security maximum: Defines the number of MAC addresses associated with a port.

Question 22

Q

Which two tasks does auto negotiation in an Ethernet network accomplish? (Choose two.)

Sets the link speed
Sets the IP address
Sets the link duplex mode
Sets MAC address assignments on switch port
Sets the ring speed

Answer

A

Sets the link speed

Sets the link duplex mode

Question 23

Q

What is an advantage of using SSH over Telnet when remotely connecting to a switch?

Encryption
More connection lines
Connection-oriented services
Username and password authentication

Answer

A

Encryption

Question 24

Q

What is a Cisco best practice for deploying switches?

When a server connects to a switch, the switch port should have the port speed manually configured, but the auto negotiation feature used for duplex.
A compound word should be used as a password on an infrastructure network device such as a switch.
Telnet should be used whenever possible on the switch vty lines.
The enable secret password should be used when configuring a switch to use SSH on the vty lines.

Answer

A

When a server connects to a switch, the switch port should have the port speed manually configured, but the auto negotiation feature used for duplex.

Question 25

Q

Why should a default gateway be assigned to a switch?

So that there can be remote connectivity to the switch via such programs as Telnet and ping
So that frames can be sent through the switch to the router
So that frames generated from workstations and destined for remote networks can pass to a higher level
So that other networks can be accessed from the command prompt of the switch

Answer

A

So that other networks can be accessed from the command prompt of the switch

Question 26

Q

Consider the configuration) Which two commands are not needed on the switch in order for a remote network administrator to access the switch using SSH?

Switch(config)# ip domain-name mydomain.com
Switch(config)# crypto key generate rsa
Switch(config)# ip ssh version 2
Switch(config)# line vty 0 15
Switch(config-if)# transport input ssh

Answer

A

Switch(config)# ip ssh version 2

Switch(config-if)# transport input ssh

Question 27

Q

BOOT LOADER

Answer

A

is a small program stored in ROM and is run immediately after POST successfully completes. USED TO INITIALIZE A DEVICE LIKE A ROUTER OR SWITCH. BOOT LOADER LOCATES AND LAUNCHES THE OPERATING SYSTEM

Question 28

Q

SWITCH VIRTUAL INTERFACE (SVI)

Answer

A

AUTOMATIC MEDIUM-DEPENDENT INTERFACE CROSSOVER (AUTO-MDX)

Question 29

Q

RUNT

Answer

A

Packets that are discarded because they are smaller than the minimum
packet size for the medium. For instance, any Ethernet pack that is less than 64 bytes is considered a runt.

Question 30

Q

GIANT

Answer

A

Packets that are discarded because they exceed the maximum packet size for the medium. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.

Question 31

Q

CRC ERROR

Answer

A

CRC errors are generated when the calculated checksum is not the same
as the checksum received.

Question 32

Q

LATE COLLISION

Answer

A

A collision that occurs after 512 bits of the frame have been transmitted.

Question 33

Q

SECURE SHELL (SSH)

Answer

A

is a protocol that provides a secure (encrypted) management connection to a remote device.

Question 34

Q

MAC ADDRESS TABLE OVERFLOW ATTACK

Answer

A

ATTACKER SENDS FAKE SOURCE MAC ADDRESSES THAT ARE ENTERED INTO AND FILL THE MAC ADDRESS TABLE OF A SWITCH. THE SWITCH IS FORCED TO BROADCAST ALL FRAMES OUT ALL PORTS ALLOWING AN ATTACKER TO CAPTURE AND VIEW ADDRESSES. CONFIGURING PORT SECURITY CAN BE USED TO PREVENT THIS TYPE OF ATTACK

Question 35

Q

MAC FLOODING ATTACK

Answer

A

SIMILAR TO MAC ADDRESS TABLE OVERFLOW ATTACK

Question 36

Q

DHCP STARVATION ATTACK

Answer

A

DENIAL-OF-SERVICE (DOS) ATTACK

Question 37

Q

DHCP SPOOFING ATTACKS

Answer

A

an attacker configures a fake DHCP server on the

network to issue DHCP addresses to clients. THEN SENDS NETWORK TRAFFIC TO A MACHINE CONTROLLED BY THE ATTACKER

Question 38

Q

CISCO DISCOVERY PROTOCOL (CDP)

Answer

A

is a proprietary protocol that all Cisco devices can be configured to use. CDP discovers other Cisco devices that are directly connected, which allows the devices to auto-configure their connection.

Question 39

Q

BRUTE FORCE PASSWORD ATTACK

Answer

A

USES A TRIAL AND ERROR APPROACH TO PASSWORD CRACKING USING SOFTWARE PROGRAMS THAT RUN COMBINATIONS OF CHARACTERS AND COMMON DICTIONARY WORDS TO DECIPHER PASSWORDS

Question 40

Q

TELNET DOS ATTACK

Answer

A

the attacker
exploits a flaw in the Telnet server software running on the switch that renders the Telnet service unavailable. LOCKS A LEGITIMATE NETWORK ADMIN FROM REMOTELY ACCESSING A NETWORK DEVICE USING TELNET

Question 41

Q

SECURITY AUDIT

Answer

A

reveals the type of information an attacker can gather

simply by monitoring network traffic.

Question 42

Q

PENETRATION TESTING

Answer

A

is a simulated attack against the network to determine how vulnerable it would be in a real attack.

Question 43

Q

DHCP SNOOPING

Answer

A

is a Cisco Catalyst feature that determines which devices attached
to switch ports can respond to DHCP requests. ACTS LIKE A FIREWALL BETWEEN UNTRUSTED NETWORK DEVICES AND TRUSTED DHCP SERVERS

Question 44

Q

TRUSTED PORT

Answer

A

can source any type of DHCP message

Question 45

Q

UNTRUSTED PORT

Answer

A

can source DHCP requests only.

Question 46

Q

PORT SECURITY

Answer

A

limits the number of valid MAC addresses allowed

on a port.

Question 47

Q

STATIC SECURE MAC ADDRESS

Answer

A

MAC addresses that are manually configured on

a SWITCHport

Question 48

Q

DYNAMIC SECURE MAC ADDRESS

Question 49

Q

STICKY SECURE MAC ADDRESS

Answer

A

MAC addresses that can be dynamically learned

or manually configured stored in the address table, and added to the running configuration.

Question 50

Q

NETWORK TIME PROTOCOL (NTP)

Answer

A

MAC addresses that are dynamically learned

and stored only in the address table. MAC addresses configured in this way are removed when the switch restarts.

Question 51

Q

Which three options correctly associate the command with the paired behavior? (Choose three.)
A. switch port port-security violation protect: Frames with unknown source addresses are dropped and a notification is sent.
B. switch port port-security violation restrict: Frames with unknown source addresses are dropped and no notification is sent.
C. switch port port-security violation shutdown: Frames with unknown source
addresses result in the port becoming error-disabled, and a notification is sent.
D. switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
E. switch port port-security maximum: Defines the number of MAC addresses
associated with a port.

Answer

A

C. switch port port-security violation shutdown: Frames with unknown source
addresses result in the port becoming error-disabled, and a notification is sent.
D. switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
E. switch port port-security maximum: Defines the number of MAC addresses
associated with a port.

Question 52

Q

What is the effect of entering the following command on a Fast Ethernet switch port?
SW1(config-if)# duplex full
A. The connected device communicates in two directions, but only one direction at a time.
B. The switch port returns to its default configuration.
C. If the device connected to this port is also set for full duplex, the device
participates in collision-free communication.
D. The efficiency of this configuration is typically rated at 50 to 60 percent.
E. The connected device should be configured as half duplex.

Answer

A

C. If the device connected to this port is also set for full duplex, the device
participates in collision-free communication.

Question 53

Q

Which two tasks does autonegotiation in an Ethernet network accomplish?
(Choose two.)
A. Sets the link speed
B. Sets the IP address
C. Sets the link duplex mode
D. Sets MAC address assignments on switch port
E. Sets the ring speed

Answer

A

A. Sets the link speed

C. Sets the link duplex mode

Question 54

Q

Why should a default gateway be assigned to a switch?
A. So that there can be remote connectivity to the switch via such programs as Telnet and ping
B. So that frames can be sent through the switch to the router
C. So that frames generated from workstations and destined for remote networks
can pass to a higher level
D. So that other networks can be accessed from the command prompt of the
switch

Answer

A

D. So that other networks can be accessed from the command prompt of the
switch

Question 55

Q

The network administrator wants to configure an IP address on a Cisco switch.
How does the network administrator assign the IP address?
A. In privileged EXEC mode
B. On the switch interface FastEthernet0/0
C. On the management VLAN
D. On the physical interface connected to the router or next-hop device

Answer

A

C. On the management VLAN

Question 56

Q

Which option correctly associates the Layer 2 security attack with the description?
A. MAC address flooding: Broadcast requests for IP addresses with spoofed
MAC addresses.
B. DHCP starvation: Using proprietary Cisco protocols to gain information about a switch.
C. CDP attack: The attacker fills the switch MAC address table with invalid MAC addresses.
D. Telnet attack: Using brute force password attacks to gain access to a switch.

Answer

A

D. Telnet attack: Using brute force password attacks to gain access to a switch.

Question 57

Q

7. What is an advantage of using SSH over Telnet when remotely connecting to a switch?
A. Encryption
B. More connection lines
C. Connection-oriented services
D. Username and password authentication

Answer

A

A. Encryption

Question 58

Q

Consider the configuration. Which two commands are not needed on the switch in order for a remote network administrator to access the switch using SSH?
A. Switch(config)# ip domain-name mydomain.com
B. Switch(config)# crypto key generate rsa
C. Switch(config)# ip ssh version 2
D. Switch(config)# line vty 0 15
E. Switch(config-if)# transport input ssh

Answer

A

C. Switch(config)# ip ssh version 2

E. Switch(config-if)# transport input ssh

Question 59

Q

What is an advantage of having the correct date and time on a network device?
A. Network administrators are provided with correct timestamps on log messages.
B. When working at the console prompt, the network administrator has a good idea how long the configuration or troubleshooting process is taking.
C. Other devices can use CDP to discover neighbor device information if the time and date are synchronized between the two devices.
D. Secure remote connectivity can be accomplished if the date and time are
accurate.

Answer

A

A. Network administrators are provided with correct timestamps on log
messages.

Question 60

Q

What is the purpose of DHCP snooping?
A. Ensures devices are configured for automatic IP address assignment
B. Prevents unauthorized DHCP servers
C. Prevents DHCP messages from going across a trunk
D. Prevents DHCP messages from being sent to another network

Answer

A

B. Prevents unauthorized DHCP servers

Question 61

Q

What is a Cisco best practice for deploying switches?
A. When a server connects to a switch, the switch port should have the port speed manually configured, but the autonegotiation feature used for duplex.
B. A compound word should be used as a password on an infrastructure network
device such as a switch.
C. Telnet should be used whenever possible on the switch vty lines.
D. The enable secret password should be used when configuring a switch to use SSH on the vty lines.

Answer

A

A. When a server connects to a switch, the switch port should have the port speed manually configured, but the autonegotiation feature used for duplex.

Question 62

Q

When would auto-MDIX be best to use?
A. When a switch connects to a router
B. When a switch connects to another switch
C. When any device connects to an access layer switch
D. When the cable type is unknown

Answer

A

D. When the cable type is unknown

Question 63

Q

AUTOMATIC MEDIUM-DEPENDENT INTERFACE CROSSOVER (AUTO-MDX)

Answer

A

interface automatically detects the required

cable connection type (straight-through or crossover) and configures the connection appropriately.

Question 64

Q

VIRTUAL LOCAL AREA NETWORK (VLAN)

Answer

A

A GROUP OF HOST WITH COMMON SET OF REQUIREMENTS THAT COMMUNICATE AS IF THEY WERE ATTACHED TO THE SAME WIRE, REGARDLESS OF THEIR PHYSICAL LOCATION. HAS SAME ATTRIBUTES AS A PHYSICAL LAN, BUT IT ALLOWS FOR END STATIONS TO BE GROUPED TOGETHER EVEN IF THEY ARE NOT LOCATED ON THE SAME LAN.

Answer 61

A

is a VLAN that is configured to carry user-generated traffic. A VLAN
carrying voice or management traffic would not be part of a data VLAN.

Answer 62

A

All switch ports become a part of the default VLAN after the initial boot up of a switch loading the default configuration. VLAN 1 IS DEFAULT VLAN

Answer 63

A

is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs
(tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1

Answer 64

A

SWITCHPORT MODE CONFIGURED SO THAT THE SWITCH CAN TRANSMIT TRAFFIC FROM MULTIPLE VLANS OVER A SINGLE LINK

Answer 65

A

is any VLAN configured to access the management capabilities of a switch. VLAN 1 is the management VLAN by default. To create the management VLAN, the switch virtual interface (SVI) of that VLAN is assigned an IP address and subnet mask, allowing the switch to be managed via HTTP, Telnet, SSH,
or SNMP.

Answer 66

A

The 802.1Q header includes a 4-byte tag inserted within the original
Ethernet frame header, specifying the VLAN to which the frame belongs

Answer 67

A

Configurations are stored within a VLAN database file, LOCATED IN THE FLASH MEMORY OF THE SWITCH

Answer 68

A

is a Cisco-proprietary Layer 2 protocol THAT ENABLES THE NETWORK MANAGER TO CONFIGURE ONE OR MORE SWITCHES SO THAT THEY PROPAGATE VLAN CONFIGURATION INFORMATION TO OTHER SITCHES IN THE NETWORK, AS ERLL AS SYNCRONIZINGS THE VLAN INFO WITH OTHER SWITCHES IN THE VTP DOMAIN

Answer 69

A

is used to negotiate forming a trunk

between two Cisco devices.

Answer 70

A

FRAMES ARE ACCEPTED FROM A VLAN THAT IS DIFFERENT FROM THE ONE ASSIGNED TO A PARTICULAR SWITCH PORT

Answer 71

A

FRAMES FROM ONE VLAN CAN BE SEEN BY ANOTHER VLAN

Answer 72

A

is a type of VLAN hopping attack that works by taking advantage
of an incorrectly configured trunk port. ATTACKER CAN THEN GAIN ACCESS TO ALL VLANS IN THAT TRUNK

Answer 73

A

REQUIRES THAT THE ATTACKER BE CONNECTED TO A PORT THAT IS IN THE SAME VLAN AS THE NATIVE VLAN OF A TRUNK PORT. THE ATTACKER SENDS AN 802.1Q FRAME THAT HAS 2 VLAN TAGS; THE SECOND TAG IS THE FAKE ONE READ BY A SECOND SWITCH AND SENT TO AN UNATTENDED VLAN THAT HAS A TARGET HOST CONTROLLED BY THE ATTACKER

Answer 74

A

D. Multiple VLANs traverse a trunk port, but an access port can belong to a single VLAN.

Answer 75

A

A. VLAN tagging using 802.1Q protocol

Answer 76

A

B. Port security cannot be configured on the trunk interfaces.
C. The native VLAN must be the same on both ends of the trunk.

Answer 77

A

A. The ports are inactive.
D. The ports will remain part of the Marketing VLAN until reassigned to
another VLAN.

Answer 78

A

A. Hosts in the same VLAN must be on the same IP subnet.

C. Hosts in the same VLAN share the same broadcast domain.

Answer 79

A

B. Only PC4

Answer 80

A

Provides basic Layer 3 functions for a switch, which does not have a dedicated physical interface for IP addressing.

Answer 81

A

This is a process to check for errors within the Layer 2 frame. The sending device generates a CRC and includes this value in the FCS field. The receiving device generates a CRC and compares it to the received CRC to look for errors. If they match, no error has occurred. If they do not match, the frame is dropped. These on Ethernet and serial interfaces usually mean a media or cable problem.

Answer 82

A

A gathering of information to determine the type of information an attacker could obtain by capturing and analyzing network traffic.

Answer 83

A

An intentional attack by authorized personnel against a network to determine network vulnerabilities.

Answer 84

A

Autonegotiation set duplex and speed. Autonegotiation is the default mode for a Cisco switch port.

Answer 85

A

If the device connected to this port is also set for full duplex, the device participates in collision-free communication. The switch will connect with full duplex when auto negotiating with a peer device. The default configuration for a switch port is auto negotiating.

Answer 86

A

On the management VLAN. A layer 2 switch is allotted a single Layer 3 logical address in the form of a switch virtual interface-SVI-used for managing the switch.

Answer 87

A

The default gateway provides a means for the administrator of the switch to access networks not directly connected to the switch and allows for remote connectivity from a different network because when connected, the return packets from the switch can be sent to the remote network device.

Answer 88

A

Username and password authentication. SSH is a more secure method of accessing a device from a remote network.

Answer 89

A

The boot loader provides access into the switch if the operating system cannot be used because of missing or damaged system files.

Answer 90

A

The boot loader command line supports commands to format the flash file system, reinstall the operating system software, and recover from a lost or forgotten password. For example, the dir command can be used to view a list of files within a specified directory

Answer 91

A

To prepare a switch for remote management access, the switch must be configured with an IP address and a subnet mask. Keep in mind, that to manage the switch from a remote network, the switch must be configured with a default gateway.

Answer 92

A

When using auto-MDIX on an interface, the interface speed and duplex must be set to auto so that the feature operates correctly.

Answer 93

A

show controllers ethernet-controller fa 0/1 phy | include Auto-MDIX

Answer 94

A

Displays interface status and configuration

Answer 95

A

Displays current startup configuration

Answer 96

A

Displays information about the flash file system

Answer 97

A

Telnet is an older protocol that uses unsecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices.

Answer 98

A

Use the show ip ssh command to verify that the switch supports SSH.

Answer 99

A

One way to mitigate MAC address table overflow attacks is to configure port security.

Answer 100

A

To mitigate DHCP attacks, use the DHCP snooping and port security features on the Cisco Catalyst switches.

Answer 101

A

To mitigate against brute force password attacks use strong passwords that are changed frequently.

Answer 102

A

A simple method that many administrators use to help secure the network from unauthorized access is to disable all unused ports on a switch.

Answer 103

A

The port is operational and ready to transmit packets.

Answer 104

A

A network technician wants to implement SSH as the means by which a router may be managed remotely. What are two procedures that the technician should use to successfully complete this task?

Answer 105

A

auto-MDIX

Answer 106

A

A full version of the Cisco IOS was located and loaded

POST occurred normally

Answer 107

A

Full duplex

Performance is improved with bidirectional data flow

Answer 108

A

If the LED is green, the port is operating at 100 Mb/s

Answer 109

A

To provide an environment to operate in when the switch operating system can not be found

Answer 110

A

When packets are being dropped from a particular directly attached host.

Answer 111

A

Telnet sends a username and password in plain text, whereas SSH encrypts the username and password

Answer 112

A

Issue the shutdown and then no shutdown interface commands

Answer 113

A

Dynamically learned secure MAC addresses are lost when the switch reboots.

If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached

Brainscape's Knowledge GenomeTM

Switch Configuration Flashcards

Brainscape's Knowledge Genome^TM