Switch Configuration Flashcards

1
Q

Which statement describes the port speed LED on the Cisco Catalyst 2960 switch?

 If the LED is green, the port is operating at 100 Mb/s.
 If the LED is off, the port is not operating.
 If the LED is blinking green, the port is operating at 10 Mb/s.
 If the LED is amber, the port is operating at 1000 Mb/s.
A

If the LED is green, the port is operating at 100 Mb/s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which command is used to set the BOOT environment variable that defines where to find the IOS image file on a switch?

 config-register
 boot system
 boot loader
 confreg
A

boot system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a function of the switch boot loader?

 to speed up the boot process
 to provide security for the vulnerable state when the switch is booting
 to control how much RAM is available to the switch during the boot process
 to provide an environment to operate in when the switch operating system cannot be found
A

to provide an environment to operate in when the switch operating system cannot be found

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which interface is the default location that would contain the IP address used to manage a 24-port Ethernet switch?

     VLAN 1
     Fa0/0
     Fa0/1
     interface connected to the default gateway
     VLAN 99
A

VLAN 1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A production switch is reloaded and finishes with a Switch> prompt. What two facts can be determined? (Choose two.)

 POST occurred normally.
 The boot process was interrupted.
 There is not enough RAM or flash on this router.
 A full version of the Cisco IOS was located and loaded.
 The switch did not locate the Cisco IOS in flash, so it defaulted to ROM.
A

POST occurred normally.

A full version of the Cisco IOS was located and loaded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which two statements are true about using full-duplex Fast Ethernet? (Choose two.)

 Performance is improved with bidirectional data flow.
 Latency is reduced because the NIC processes frames faster.
 Nodes operate in full-duplex with unidirectional data flow.
 Performance is improved because the NIC is able to detect collisions.
 Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.
A

Performance is improved with bidirectional data flow.

Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In which situation would a technician use the show interfaces switch command?

 to determine if remote access is enabled
 when packets are being dropped from a particular directly attached host
 when an end device can reach local devices, but not remote devices
 to determine the MAC address of a directly attached network device on a particular interface
A

when packets are being dropped from a particular directly attached host

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If one end of an Ethernet connection is configured for full duplex and the other end of the connection is configured for half duplex, where would late collisions be observed?

 on both ends of the connection
 on the full-duplex end of the connection
 only on serial interfaces
 on the half-duplex end of the connection
A

on the half-duplex end of the connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is one difference between using Telnet or SSH to connect to a network device for management purposes?

 Telnet uses UDP as the transport protocol whereas SSH uses TCP.
 Telnet does not provide authentication whereas SSH provides authentication.
 Telnet supports a host GUI whereas SSH only supports a host CLI.
 Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
A

Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Refer to the exhibit. The network administrator wants to configure Switch1 to allow SSH connections and prohibit Telnet connections. How should the network administrator change the displayed configuration to satisfy the requirement?

  • ip ssh version 2
  • ip domain-name cisco.com
  • crypto key generate rsa
  • line vty 0 15
  • transport input all

Use SSH version 1.
Reconfigure the RSA key.
Configure SSH on a different line.
Modify the transport input command.

A

Modify the transport input command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the effect of using the switchport port-security command?

 enables port security on an interface
 enables port security globally on the switch
 automatically shuts an interface down if applied to a trunk port
 detects the first MAC address in a frame that comes into a port and places that MAC address in the MAC address table
A

enables port security on an interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?

 ROM
 RAM
 NVRAM
 flash
A

RAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

 restrict
 protect
 warning
 shutdown
A

Restrict

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which two statements are true regarding switch port security? (Choose two.)

 The three configurable violation modes all log violations via SNMP.
 Dynamically learned secure MAC addresses are lost when the switch reboots.
 The three configurable violation modes all require user intervention to re-enable ports.
 After entering the sticky parameter, only MAC addresses subsequently learned are converted to secure MAC addresses.
 If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.
A

Dynamically learned secure MAC addresses are lost when the switch reboots.
If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which action will bring an error-disabled switch port back to an operational state?

 Remove and reconfigure port security on the interface.
 Issue the switchport mode access command on the interface.
 Clear the MAC address table on the switch.
 Issue the shutdown and then no shutdown interface commands.
A

Issue the shutdown and then no shutdown interface commands.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator has the following goals?

No one is allowed to disconnect the IP phone or the PC and connect some other wired device.
If a different device is connected, port Fa0/2 is shut down.
The switch should automatically detect the MAC address of the IP phone and the PC and add those addresses to the running configuration. -pc --> iphone fa0/2 --> switch

 1)SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security mac-address sticky
 2)SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security maximum 2
 3)SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
 4)SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
SWA(config-if)# switchport port-security violation restrict
A

SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which option correctly associates the Layer 2 security attack with the description?

MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses.
DHCP starvation: Using proprietary Cisco protocols to gain information about a switch.
CDP attack: The attacker fills the switch MAC address table with invalid MAC addresses.
Telnet attack: Using brute force password attacks to gain access to a switch.

A

MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which three options accurately associate the Catalyst switch command with the result? (Choose three.)

show vlan id vlan-id: displays information about a specific VLAN.
show vlan: displays detailed information about all VLANs on the switch.
show vlan brief: displays detailed information about all VLANs on the switch.
show interfaces fa0/1 switch port: displays information about a specific port.
show interfaces fa0/1: displays VLAN information about a specific port.

A

A. show vlan id vlan-id: displays information about a specific VLAN.
B. show vlan: displays detailed information about all VLANs on the switch.
D. show interfaces fa0/1 switch port: displays information about a specific port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
When would auto-MDIX be best to use?
When a switch connects to a router
When a switch connects to another switch
When any device connects to an access layer switch
When the cable type is unknown
A

When the cable type is unknown

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The network administrator wants to configure an IP address on a Cisco switch) How does the network administrator assign the IP address?

In privileged EXEC mode
On the switch interface FastEthernet0/0
On the management VLAN
On the physical interface connected to the router or next-hop device

A

On the management VLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which three options correctly associate the command with the paired behavior? (Choose three.)

switch port port-security violation protect: Frames with unknown source addresses are dropped and a notification is sent.
switch port port-security violation restrict: Frames with unknown source addresses are dropped and no notification is sent.
Switch port port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.
Switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
Switch port port-security maximum: Defines the number of MAC addresses associated with a port.

A

switch port port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.

switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.

switch port port-security maximum: Defines the number of MAC addresses associated with a port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which two tasks does auto negotiation in an Ethernet network accomplish? (Choose two.)

Sets the link speed
Sets the IP address
Sets the link duplex mode
Sets MAC address assignments on switch port
Sets the ring speed
A

Sets the link speed

Sets the link duplex mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is an advantage of using SSH over Telnet when remotely connecting to a switch?

Encryption
More connection lines
Connection-oriented services
Username and password authentication

A

Encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is a Cisco best practice for deploying switches?

When a server connects to a switch, the switch port should have the port speed manually configured, but the auto negotiation feature used for duplex.
A compound word should be used as a password on an infrastructure network device such as a switch.
Telnet should be used whenever possible on the switch vty lines.
The enable secret password should be used when configuring a switch to use SSH on the vty lines.

A

When a server connects to a switch, the switch port should have the port speed manually configured, but the auto negotiation feature used for duplex.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Why should a default gateway be assigned to a switch?

So that there can be remote connectivity to the switch via such programs as Telnet and ping
So that frames can be sent through the switch to the router
So that frames generated from workstations and destined for remote networks can pass to a higher level
So that other networks can be accessed from the command prompt of the switch

A

So that other networks can be accessed from the command prompt of the switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Consider the configuration) Which two commands are not needed on the switch in order for a remote network administrator to access the switch using SSH?

Switch(config)# ip domain-name mydomain.com
Switch(config)# crypto key generate rsa
Switch(config)# ip ssh version 2
Switch(config)# line vty 0 15
Switch(config-if)# transport input ssh
A

Switch(config)# ip ssh version 2

Switch(config-if)# transport input ssh

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

BOOT LOADER

A

is a small program stored in ROM and is run immediately after POST successfully completes. USED TO INITIALIZE A DEVICE LIKE A ROUTER OR SWITCH. BOOT LOADER LOCATES AND LAUNCHES THE OPERATING SYSTEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

SWITCH VIRTUAL INTERFACE (SVI)

A

AUTOMATIC MEDIUM-DEPENDENT INTERFACE CROSSOVER (AUTO-MDX)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

RUNT

A

Packets that are discarded because they are smaller than the minimum
packet size for the medium. For instance, any Ethernet pack that is less than 64 bytes is considered a runt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

GIANT

A

Packets that are discarded because they exceed the maximum packet size for the medium. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

CRC ERROR

A

CRC errors are generated when the calculated checksum is not the same
as the checksum received.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

LATE COLLISION

A

A collision that occurs after 512 bits of the frame have been transmitted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

SECURE SHELL (SSH)

A

is a protocol that provides a secure (encrypted) management connection to a remote device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

MAC ADDRESS TABLE OVERFLOW ATTACK

A

ATTACKER SENDS FAKE SOURCE MAC ADDRESSES THAT ARE ENTERED INTO AND FILL THE MAC ADDRESS TABLE OF A SWITCH. THE SWITCH IS FORCED TO BROADCAST ALL FRAMES OUT ALL PORTS ALLOWING AN ATTACKER TO CAPTURE AND VIEW ADDRESSES. CONFIGURING PORT SECURITY CAN BE USED TO PREVENT THIS TYPE OF ATTACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

MAC FLOODING ATTACK

A

SIMILAR TO MAC ADDRESS TABLE OVERFLOW ATTACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

DHCP STARVATION ATTACK

A

DENIAL-OF-SERVICE (DOS) ATTACK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

DHCP SPOOFING ATTACKS

A

an attacker configures a fake DHCP server on the

network to issue DHCP addresses to clients. THEN SENDS NETWORK TRAFFIC TO A MACHINE CONTROLLED BY THE ATTACKER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

CISCO DISCOVERY PROTOCOL (CDP)

A

is a proprietary protocol that all Cisco devices can be configured to use. CDP discovers other Cisco devices that are directly connected, which allows the devices to auto-configure their connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

BRUTE FORCE PASSWORD ATTACK

A

USES A TRIAL AND ERROR APPROACH TO PASSWORD CRACKING USING SOFTWARE PROGRAMS THAT RUN COMBINATIONS OF CHARACTERS AND COMMON DICTIONARY WORDS TO DECIPHER PASSWORDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

TELNET DOS ATTACK

A

the attacker
exploits a flaw in the Telnet server software running on the switch that renders the Telnet service unavailable. LOCKS A LEGITIMATE NETWORK ADMIN FROM REMOTELY ACCESSING A NETWORK DEVICE USING TELNET

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

SECURITY AUDIT

A

reveals the type of information an attacker can gather

simply by monitoring network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

PENETRATION TESTING

A

is a simulated attack against the network to determine how vulnerable it would be in a real attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

DHCP SNOOPING

A

is a Cisco Catalyst feature that determines which devices attached
to switch ports can respond to DHCP requests. ACTS LIKE A FIREWALL BETWEEN UNTRUSTED NETWORK DEVICES AND TRUSTED DHCP SERVERS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

TRUSTED PORT

A

can source any type of DHCP message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

UNTRUSTED PORT

A

can source DHCP requests only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

PORT SECURITY

A

limits the number of valid MAC addresses allowed

on a port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

STATIC SECURE MAC ADDRESS

A

MAC addresses that are manually configured on

a SWITCHport

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

DYNAMIC SECURE MAC ADDRESS

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

STICKY SECURE MAC ADDRESS

A

MAC addresses that can be dynamically learned

or manually configured stored in the address table, and added to the running configuration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

NETWORK TIME PROTOCOL (NTP)

A

MAC addresses that are dynamically learned

and stored only in the address table. MAC addresses configured in this way are removed when the switch restarts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q
  1. Which three options correctly associate the command with the paired behavior? (Choose three.)
    A. switch port port-security violation protect: Frames with unknown source addresses are dropped and a notification is sent.
    B. switch port port-security violation restrict: Frames with unknown source addresses are dropped and no notification is sent.
    C. switch port port-security violation shutdown: Frames with unknown source
    addresses result in the port becoming error-disabled, and a notification is sent.
    D. switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
    E. switch port port-security maximum: Defines the number of MAC addresses
    associated with a port.
A

C. switch port port-security violation shutdown: Frames with unknown source
addresses result in the port becoming error-disabled, and a notification is sent.
D. switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
E. switch port port-security maximum: Defines the number of MAC addresses
associated with a port.

52
Q
  1. What is the effect of entering the following command on a Fast Ethernet switch port?
    SW1(config-if)# duplex full
    A. The connected device communicates in two directions, but only one direction at a time.
    B. The switch port returns to its default configuration.
    C. If the device connected to this port is also set for full duplex, the device
    participates in collision-free communication.
    D. The efficiency of this configuration is typically rated at 50 to 60 percent.
    E. The connected device should be configured as half duplex.
A

C. If the device connected to this port is also set for full duplex, the device
participates in collision-free communication.

53
Q
  1. Which two tasks does autonegotiation in an Ethernet network accomplish?
    (Choose two.)
    A. Sets the link speed
    B. Sets the IP address
    C. Sets the link duplex mode
    D. Sets MAC address assignments on switch port
    E. Sets the ring speed
A

A. Sets the link speed

C. Sets the link duplex mode

54
Q
  1. Why should a default gateway be assigned to a switch?
    A. So that there can be remote connectivity to the switch via such programs as Telnet and ping
    B. So that frames can be sent through the switch to the router
    C. So that frames generated from workstations and destined for remote networks
    can pass to a higher level
    D. So that other networks can be accessed from the command prompt of the
    switch
A

D. So that other networks can be accessed from the command prompt of the
switch

55
Q
  1. The network administrator wants to configure an IP address on a Cisco switch.
    How does the network administrator assign the IP address?
    A. In privileged EXEC mode
    B. On the switch interface FastEthernet0/0
    C. On the management VLAN
    D. On the physical interface connected to the router or next-hop device
A

C. On the management VLAN

56
Q
  1. Which option correctly associates the Layer 2 security attack with the description?
    A. MAC address flooding: Broadcast requests for IP addresses with spoofed
    MAC addresses.
    B. DHCP starvation: Using proprietary Cisco protocols to gain information about a switch.
    C. CDP attack: The attacker fills the switch MAC address table with invalid MAC addresses.
    D. Telnet attack: Using brute force password attacks to gain access to a switch.
A

D. Telnet attack: Using brute force password attacks to gain access to a switch.

57
Q
7. What is an advantage of using SSH over Telnet when remotely connecting to a switch?
A. Encryption
B. More connection lines
C. Connection-oriented services
D. Username and password authentication
A

A. Encryption

58
Q
  1. Consider the configuration. Which two commands are not needed on the switch in order for a remote network administrator to access the switch using SSH?
    A. Switch(config)# ip domain-name mydomain.com
    B. Switch(config)# crypto key generate rsa
    C. Switch(config)# ip ssh version 2
    D. Switch(config)# line vty 0 15
    E. Switch(config-if)# transport input ssh
A

C. Switch(config)# ip ssh version 2

E. Switch(config-if)# transport input ssh

59
Q
  1. What is an advantage of having the correct date and time on a network device?
    A. Network administrators are provided with correct timestamps on log messages.
    B. When working at the console prompt, the network administrator has a good idea how long the configuration or troubleshooting process is taking.
    C. Other devices can use CDP to discover neighbor device information if the time and date are synchronized between the two devices.
    D. Secure remote connectivity can be accomplished if the date and time are
    accurate.
A

A. Network administrators are provided with correct timestamps on log
messages.

60
Q
  1. What is the purpose of DHCP snooping?
    A. Ensures devices are configured for automatic IP address assignment
    B. Prevents unauthorized DHCP servers
    C. Prevents DHCP messages from going across a trunk
    D. Prevents DHCP messages from being sent to another network
A

B. Prevents unauthorized DHCP servers

61
Q
  1. What is a Cisco best practice for deploying switches?
    A. When a server connects to a switch, the switch port should have the port speed manually configured, but the autonegotiation feature used for duplex.
    B. A compound word should be used as a password on an infrastructure network
    device such as a switch.
    C. Telnet should be used whenever possible on the switch vty lines.
    D. The enable secret password should be used when configuring a switch to use SSH on the vty lines.
A

A. When a server connects to a switch, the switch port should have the port speed manually configured, but the autonegotiation feature used for duplex.

62
Q
  1. When would auto-MDIX be best to use?
    A. When a switch connects to a router
    B. When a switch connects to another switch
    C. When any device connects to an access layer switch
    D. When the cable type is unknown
A

D. When the cable type is unknown

63
Q

AUTOMATIC MEDIUM-DEPENDENT INTERFACE CROSSOVER (AUTO-MDX)

A

interface automatically detects the required

cable connection type (straight-through or crossover) and configures the connection appropriately.

64
Q

VIRTUAL LOCAL AREA NETWORK (VLAN)

A

A GROUP OF HOST WITH COMMON SET OF REQUIREMENTS THAT COMMUNICATE AS IF THEY WERE ATTACHED TO THE SAME WIRE, REGARDLESS OF THEIR PHYSICAL LOCATION. HAS SAME ATTRIBUTES AS A PHYSICAL LAN, BUT IT ALLOWS FOR END STATIONS TO BE GROUPED TOGETHER EVEN IF THEY ARE NOT LOCATED ON THE SAME LAN.

65
Q

DATA VLAN

A

is a VLAN that is configured to carry user-generated traffic. A VLAN
carrying voice or management traffic would not be part of a data VLAN.

66
Q

DEFAULT VLAN

A

All switch ports become a part of the default VLAN after the initial boot up of a switch loading the default configuration. VLAN 1 IS DEFAULT VLAN

67
Q

NATIVE VLAN

A

is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs
(tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1

68
Q

TRUNK

A

SWITCHPORT MODE CONFIGURED SO THAT THE SWITCH CAN TRANSMIT TRAFFIC FROM MULTIPLE VLANS OVER A SINGLE LINK

69
Q

MANAGEMENT VLAN

A

is any VLAN configured to access the management capabilities of a switch. VLAN 1 is the management VLAN by default. To create the management VLAN, the switch virtual interface (SVI) of that VLAN is assigned an IP address and subnet mask, allowing the switch to be managed via HTTP, Telnet, SSH,
or SNMP.

70
Q

TAGGING

A

The 802.1Q header includes a 4-byte tag inserted within the original
Ethernet frame header, specifying the VLAN to which the frame belongs

71
Q

VLAN.DAT

A

Configurations are stored within a VLAN database file, LOCATED IN THE FLASH MEMORY OF THE SWITCH

72
Q

VLAN TRUNKING PROTOCOL (VTP)

A

is a Cisco-proprietary Layer 2 protocol THAT ENABLES THE NETWORK MANAGER TO CONFIGURE ONE OR MORE SWITCHES SO THAT THEY PROPAGATE VLAN CONFIGURATION INFORMATION TO OTHER SITCHES IN THE NETWORK, AS ERLL AS SYNCRONIZINGS THE VLAN INFO WITH OTHER SWITCHES IN THE VTP DOMAIN

73
Q

DYNAMIC TRUNKING PROTOCOL (DTP)

A

is used to negotiate forming a trunk

between two Cisco devices.

74
Q

VLAN LEAKING

A

FRAMES ARE ACCEPTED FROM A VLAN THAT IS DIFFERENT FROM THE ONE ASSIGNED TO A PARTICULAR SWITCH PORT

75
Q

VLAN HOPPING

A

FRAMES FROM ONE VLAN CAN BE SEEN BY ANOTHER VLAN

76
Q

SWITCH SPOOFING

A

is a type of VLAN hopping attack that works by taking advantage
of an incorrectly configured trunk port. ATTACKER CAN THEN GAIN ACCESS TO ALL VLANS IN THAT TRUNK

77
Q

DOUBLE-TAGGING (DOUBLE-ENCAPSULATION)

A

REQUIRES THAT THE ATTACKER BE CONNECTED TO A PORT THAT IS IN THE SAME VLAN AS THE NATIVE VLAN OF A TRUNK PORT. THE ATTACKER SENDS AN 802.1Q FRAME THAT HAS 2 VLAN TAGS; THE SECOND TAG IS THE FAKE ONE READ BY A SECOND SWITCH AND SENT TO AN UNATTENDED VLAN THAT HAS A TARGET HOST CONTROLLED BY THE ATTACKER

78
Q
  1. What is the difference between an access port and a trunk port?
    A. A trunk port belongs to a single VLAN; an access port provides access for multiple VLANs between switches.
    B. An access port can have a native VLAN, but a trunk port cannot.
    C. An access port can have only one device attached.
    D. Multiple VLANs traverse a trunk port, but an access port can belong to a single VLAN.
A

D. Multiple VLANs traverse a trunk port, but an access port can belong to a single VLAN.

79
Q
2. Switch S1 and Switch S2 are both configured with ports in the Faculty, Students, Voice, Guest, Printing, and Admin VLANs. Each VLAN contains 12 users. How many subnets are needed to address the VLANs?
A. 1
B. 2
C. 4
D. 6
E. 8
F. 12
G. 24
A

D. 6

80
Q
3. What mechanism is used to achieve the separation between different VLANs as
they cross a trunk link?
A. VLAN tagging using 802.1Q protocol
B. VLAN tagging using 802.1p protocol
C. VLAN multiplexing
D. VLAN set as a native VLAN
A

A. VLAN tagging using 802.1Q protocol

81
Q
  1. What are two options to consider when configuring a trunk link between two switches? (Choose two.)
    A. The switch port nonegotiate command must be configured for trunks that use DTP.
    B. Port security cannot be configured on the trunk interfaces.
    C. The native VLAN must be the same on both ends of the trunk.
    D. Different encapsulation types can be configured on both ends of the trunk
    link.
    E. Trunk ports can be configured only on Gigabit Ethernet interfaces.
A

B. Port security cannot be configured on the trunk interfaces.
C. The native VLAN must be the same on both ends of the trunk.

82
Q
  1. A 24-port switch has been configured to support three VLANs named Sales, Marketing, and Finance. Each VLAN spans four ports on the switch. The network administrator has deleted the Marketing VLAN from the switch. What two statements describe the status of the ports associated with this VLAN? (Choose two.)
    A. The ports are inactive.
    B. The ports are administratively disabled.
    C. The ports will become trunks to carry data from all remaining VLANs.
    D. The ports will remain part of the Marketing VLAN until reassigned to another VLAN.
    E. The ports were released from the Marketing VLAN and automatically reassigned to VLAN 1.
A

A. The ports are inactive.
D. The ports will remain part of the Marketing VLAN until reassigned to
another VLAN.

83
Q
  1. Which three statements are true about hosts that are configured in the same VLAN? (Choose three.)
    A. Hosts in the same VLAN must be on the same IP subnet.
    B. Hosts in different VLANs can communicate with the aid of only the Layer 2 switch.
    C. Hosts in the same VLAN share the same broadcast domain.
    D. Hosts in the same VLAN share the same collision domain.
    E. Hosts in the same VLAN comply with the same security policy.
    F. Hosts in the same VLAN must be on the same physical segment.
A

A. Hosts in the same VLAN must be on the same IP subnet.

C. Hosts in the same VLAN share the same broadcast domain.

84
Q
  1. Refer to Figure 3-8. Host PC3 is unable to transfer data because it does not have the MAC address of the destination host. If PC3 sends out an ARP request
    broadcast, which of the other hosts will see the message?
    A. Only PC3
    B. Only PC4
    C. Only PC4 and PC5
    D. PC1, PC2, PC4, and PC5
    E. PC1, PC2, PC3, PC4, and PC5
A

B. Only PC4

85
Q

switch virtual interface - S V I

A

Provides basic Layer 3 functions for a switch, which does not have a dedicated physical interface for IP addressing.

86
Q

CRC error

A

This is a process to check for errors within the Layer 2 frame. The sending device generates a CRC and includes this value in the FCS field. The receiving device generates a CRC and compares it to the received CRC to look for errors. If they match, no error has occurred. If they do not match, the frame is dropped. These on Ethernet and serial interfaces usually mean a media or cable problem.

87
Q

security audit

A

A gathering of information to determine the type of information an attacker could obtain by capturing and analyzing network traffic.

88
Q

penetration testing

A

An intentional attack by authorized personnel against a network to determine network vulnerabilities.

89
Q

What 2 tasks does auto negotiation in an Ethernet network accomplish?

A

Autonegotiation set duplex and speed. Autonegotiation is the default mode for a Cisco switch port.

90
Q

What is the effect of entering the following command on a Fast Ethernet switch port? SW1 (config-if)# duplex full

A

If the device connected to this port is also set for full duplex, the device participates in collision-free communication. The switch will connect with full duplex when auto negotiating with a peer device. The default configuration for a switch port is auto negotiating.

91
Q

The network administrator wants to configure an IP address on a Cisco switch. How does the network administrator assign the IP address?

A

On the management VLAN. A layer 2 switch is allotted a single Layer 3 logical address in the form of a switch virtual interface-SVI-used for managing the switch.

92
Q

Why should a default gateway be assigned to a switch?

A

The default gateway provides a means for the administrator of the switch to access networks not directly connected to the switch and allows for remote connectivity from a different network because when connected, the return packets from the switch can be sent to the remote network device.

93
Q

What is an advantage of using SSH over Telnet when remotely connecting to a switch?

A

Username and password authentication. SSH is a more secure method of accessing a device from a remote network.

94
Q

When does the boot loader provide access into the switch?

A

The boot loader provides access into the switch if the operating system cannot be used because of missing or damaged system files.

95
Q

What commands can be executed through the boot loader command line interface?

A

The boot loader command line supports commands to format the flash file system, reinstall the operating system software, and recover from a lost or forgotten password. For example, the dir command can be used to view a list of files within a specified directory

96
Q

What three things are necessary for a switch to be managed from a remote network?

A

To prepare a switch for remote management access, the switch must be configured with an IP address and a subnet mask. Keep in mind, that to manage the switch from a remote network, the switch must be configured with a default gateway.

97
Q

What else must be set to auto when using auto-MDIX on an interface?

A

When using auto-MDIX on an interface, the interface speed and duplex must be set to auto so that the feature operates correctly.

98
Q

What command would you use to examine the auto-MDIX setting for Fastethernet port 0/1?

A

show controllers ethernet-controller fa 0/1 phy | include Auto-MDIX

99
Q

show interfaces (interface id)

A

Displays interface status and configuration

100
Q

show startup-config

A

Displays current startup configuration

101
Q

show flash:

A

Displays information about the flash file system

102
Q

Explain what the problems with using telnet are?

A

Telnet is an older protocol that uses unsecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices.

103
Q

SSH is assigned to TCP port ______. Telnet is assigned to TCP port ______.

A

22, 23

104
Q

What command can you use to verify that a switch supports SSH?

A

Use the show ip ssh command to verify that the switch supports SSH.

105
Q

What is one way to mitigate MAC address table overflow attacks?

A

One way to mitigate MAC address table overflow attacks is to configure port security.

106
Q

How can you mitigate DHCP attacks?

A

To mitigate DHCP attacks, use the DHCP snooping and port security features on the Cisco Catalyst switches.

107
Q

How can you mitigate against brute force password attacks?

A

To mitigate against brute force password attacks use strong passwords that are changed frequently.

108
Q

What is a simple method that many administrators use to help secure the network from unauthorized access?

A

A simple method that many administrators use to help secure the network from unauthorized access is to disable all unused ports on a switch.

109
Q

A network administrator plugs a new PC into a switch port. The LED for that port changes to solid green. What statement best describes the current status of the port?

A

The port is operational and ready to transmit packets.

110
Q

Define the asymmetrical keys.

Configure authentication.

A

A network technician wants to implement SSH as the means by which a router may be managed remotely. What are two procedures that the technician should use to successfully complete this task?

111
Q

With _______ enabled, either type of cable (straight through or cross over) can be used to connect to other devices.

A

auto-MDIX

112
Q

Switch ports can not be manually configured with specific duplex and speed settings.

A

False

113
Q

Half-duplex communication can send and receive, simultaneously.

A

False

114
Q

The switch should be configured with a default gateway if the switch will be managed remotely from another network.

A

True

115
Q

If Port security is configured, we can set one MAC address that is allowed to attach and use a specific (or multiple) switch port.

A

True

116
Q

Which interface is the default location that would contain the IP address used to manage a 24 port Ethernet switch

A

VLAN 1

117
Q

A production switch is reloaded and finishes with a switch > prompt. What 2 facts can be determined? choose 2

A

A full version of the Cisco IOS was located and loaded

POST occurred normally

118
Q

Which 2 statements are true about using full-duplex Fast Ethernet? Choose 2

A

Full duplex

Performance is improved with bidirectional data flow

119
Q

Which statement describes the port speed LED on the Cisco Catalyst 2960 switch?

A

If the LED is green, the port is operating at 100 Mb/s

120
Q

What is a function of the switch boot loader?

A

To provide an environment to operate in when the switch operating system can not be found

121
Q

In which situation would a technician use the show interfaces command?

A

When packets are being dropped from a particular directly attached host.

122
Q

What is one difference between using Telnet of SSH to connect to a network device for management purposes?

A

Telnet sends a username and password in plain text, whereas SSH encrypts the username and password

123
Q

Which action will bring an error disabled switch port back to an operational state?

A

Issue the shutdown and then no shutdown interface commands

124
Q

Which 2 statements are true regarding switch port security? Choose 2

A

Dynamically learned secure MAC addresses are lost when the switch reboots.

If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached

125
Q

A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port.

A

Restrict