Switch Configuration Flashcards
Which statement describes the port speed LED on the Cisco Catalyst 2960 switch?
If the LED is green, the port is operating at 100 Mb/s. If the LED is off, the port is not operating. If the LED is blinking green, the port is operating at 10 Mb/s. If the LED is amber, the port is operating at 1000 Mb/s.
If the LED is green, the port is operating at 100 Mb/s.
Which command is used to set the BOOT environment variable that defines where to find the IOS image file on a switch?
config-register boot system boot loader confreg
boot system
What is a function of the switch boot loader?
to speed up the boot process to provide security for the vulnerable state when the switch is booting to control how much RAM is available to the switch during the boot process to provide an environment to operate in when the switch operating system cannot be found
to provide an environment to operate in when the switch operating system cannot be found
Which interface is the default location that would contain the IP address used to manage a 24-port Ethernet switch?
VLAN 1
Fa0/0
Fa0/1
interface connected to the default gateway
VLAN 99
VLAN 1
A production switch is reloaded and finishes with a Switch> prompt. What two facts can be determined? (Choose two.)
POST occurred normally. The boot process was interrupted. There is not enough RAM or flash on this router. A full version of the Cisco IOS was located and loaded. The switch did not locate the Cisco IOS in flash, so it defaulted to ROM.
POST occurred normally.
A full version of the Cisco IOS was located and loaded.
Which two statements are true about using full-duplex Fast Ethernet? (Choose two.)
Performance is improved with bidirectional data flow. Latency is reduced because the NIC processes frames faster. Nodes operate in full-duplex with unidirectional data flow. Performance is improved because the NIC is able to detect collisions. Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.
Performance is improved with bidirectional data flow.
Full-duplex Fast Ethernet offers 100 percent efficiency in both directions.
In which situation would a technician use the show interfaces switch command?
to determine if remote access is enabled when packets are being dropped from a particular directly attached host when an end device can reach local devices, but not remote devices to determine the MAC address of a directly attached network device on a particular interface
when packets are being dropped from a particular directly attached host
If one end of an Ethernet connection is configured for full duplex and the other end of the connection is configured for half duplex, where would late collisions be observed?
on both ends of the connection on the full-duplex end of the connection only on serial interfaces on the half-duplex end of the connection
on the half-duplex end of the connection
What is one difference between using Telnet or SSH to connect to a network device for management purposes?
Telnet uses UDP as the transport protocol whereas SSH uses TCP. Telnet does not provide authentication whereas SSH provides authentication. Telnet supports a host GUI whereas SSH only supports a host CLI. Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
Telnet sends a username and password in plain text, whereas SSH encrypts the username and password.
Refer to the exhibit. The network administrator wants to configure Switch1 to allow SSH connections and prohibit Telnet connections. How should the network administrator change the displayed configuration to satisfy the requirement?
- ip ssh version 2
- ip domain-name cisco.com
- crypto key generate rsa
- line vty 0 15
- transport input all
Use SSH version 1.
Reconfigure the RSA key.
Configure SSH on a different line.
Modify the transport input command.
Modify the transport input command.
What is the effect of using the switchport port-security command?
enables port security on an interface enables port security globally on the switch automatically shuts an interface down if applied to a trunk port detects the first MAC address in a frame that comes into a port and places that MAC address in the MAC address table
enables port security on an interface
Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?
ROM RAM NVRAM flash
RAM
A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?
restrict protect warning shutdown
Restrict
Which two statements are true regarding switch port security? (Choose two.)
The three configurable violation modes all log violations via SNMP. Dynamically learned secure MAC addresses are lost when the switch reboots. The three configurable violation modes all require user intervention to re-enable ports. After entering the sticky parameter, only MAC addresses subsequently learned are converted to secure MAC addresses. If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.
Dynamically learned secure MAC addresses are lost when the switch reboots.
If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.
Which action will bring an error-disabled switch port back to an operational state?
Remove and reconfigure port security on the interface. Issue the switchport mode access command on the interface. Clear the MAC address table on the switch. Issue the shutdown and then no shutdown interface commands.
Issue the shutdown and then no shutdown interface commands.
Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator has the following goals?
No one is allowed to disconnect the IP phone or the PC and connect some other wired device. If a different device is connected, port Fa0/2 is shut down. The switch should automatically detect the MAC address of the IP phone and the PC and add those addresses to the running configuration. -pc --> iphone fa0/2 --> switch 1)SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security mac-address sticky 2)SWA(config-if)# switchport port-security mac-address sticky SWA(config-if)# switchport port-security maximum 2 3)SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security maximum 2 SWA(config-if)# switchport port-security mac-address sticky 4)SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security maximum 2 SWA(config-if)# switchport port-security mac-address sticky SWA(config-if)# switchport port-security violation restrict
SWA(config-if)# switchport port-security
SWA(config-if)# switchport port-security maximum 2
SWA(config-if)# switchport port-security mac-address sticky
Which option correctly associates the Layer 2 security attack with the description?
MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses.
DHCP starvation: Using proprietary Cisco protocols to gain information about a switch.
CDP attack: The attacker fills the switch MAC address table with invalid MAC addresses.
Telnet attack: Using brute force password attacks to gain access to a switch.
MAC address flooding: Broadcast requests for IP addresses with spoofed MAC addresses
Which three options accurately associate the Catalyst switch command with the result? (Choose three.)
show vlan id vlan-id: displays information about a specific VLAN.
show vlan: displays detailed information about all VLANs on the switch.
show vlan brief: displays detailed information about all VLANs on the switch.
show interfaces fa0/1 switch port: displays information about a specific port.
show interfaces fa0/1: displays VLAN information about a specific port.
A. show vlan id vlan-id: displays information about a specific VLAN.
B. show vlan: displays detailed information about all VLANs on the switch.
D. show interfaces fa0/1 switch port: displays information about a specific port.
When would auto-MDIX be best to use? When a switch connects to a router When a switch connects to another switch When any device connects to an access layer switch When the cable type is unknown
When the cable type is unknown
The network administrator wants to configure an IP address on a Cisco switch) How does the network administrator assign the IP address?
In privileged EXEC mode
On the switch interface FastEthernet0/0
On the management VLAN
On the physical interface connected to the router or next-hop device
On the management VLAN
Which three options correctly associate the command with the paired behavior? (Choose three.)
switch port port-security violation protect: Frames with unknown source addresses are dropped and a notification is sent.
switch port port-security violation restrict: Frames with unknown source addresses are dropped and no notification is sent.
Switch port port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.
Switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
Switch port port-security maximum: Defines the number of MAC addresses associated with a port.
switch port port-security violation shutdown: Frames with unknown source addresses result in the port becoming error-disabled, and a notification is sent.
switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
switch port port-security maximum: Defines the number of MAC addresses associated with a port.
Which two tasks does auto negotiation in an Ethernet network accomplish? (Choose two.)
Sets the link speed Sets the IP address Sets the link duplex mode Sets MAC address assignments on switch port Sets the ring speed
Sets the link speed
Sets the link duplex mode
What is an advantage of using SSH over Telnet when remotely connecting to a switch?
Encryption
More connection lines
Connection-oriented services
Username and password authentication
Encryption
What is a Cisco best practice for deploying switches?
When a server connects to a switch, the switch port should have the port speed manually configured, but the auto negotiation feature used for duplex.
A compound word should be used as a password on an infrastructure network device such as a switch.
Telnet should be used whenever possible on the switch vty lines.
The enable secret password should be used when configuring a switch to use SSH on the vty lines.
When a server connects to a switch, the switch port should have the port speed manually configured, but the auto negotiation feature used for duplex.
Why should a default gateway be assigned to a switch?
So that there can be remote connectivity to the switch via such programs as Telnet and ping
So that frames can be sent through the switch to the router
So that frames generated from workstations and destined for remote networks can pass to a higher level
So that other networks can be accessed from the command prompt of the switch
So that other networks can be accessed from the command prompt of the switch
Consider the configuration) Which two commands are not needed on the switch in order for a remote network administrator to access the switch using SSH?
Switch(config)# ip domain-name mydomain.com Switch(config)# crypto key generate rsa Switch(config)# ip ssh version 2 Switch(config)# line vty 0 15 Switch(config-if)# transport input ssh
Switch(config)# ip ssh version 2
Switch(config-if)# transport input ssh
BOOT LOADER
is a small program stored in ROM and is run immediately after POST successfully completes. USED TO INITIALIZE A DEVICE LIKE A ROUTER OR SWITCH. BOOT LOADER LOCATES AND LAUNCHES THE OPERATING SYSTEM
SWITCH VIRTUAL INTERFACE (SVI)
AUTOMATIC MEDIUM-DEPENDENT INTERFACE CROSSOVER (AUTO-MDX)
RUNT
Packets that are discarded because they are smaller than the minimum
packet size for the medium. For instance, any Ethernet pack that is less than 64 bytes is considered a runt.
GIANT
Packets that are discarded because they exceed the maximum packet size for the medium. For example, any Ethernet packet that is greater than 1,518 bytes is considered a giant.
CRC ERROR
CRC errors are generated when the calculated checksum is not the same
as the checksum received.
LATE COLLISION
A collision that occurs after 512 bits of the frame have been transmitted.
SECURE SHELL (SSH)
is a protocol that provides a secure (encrypted) management connection to a remote device.
MAC ADDRESS TABLE OVERFLOW ATTACK
ATTACKER SENDS FAKE SOURCE MAC ADDRESSES THAT ARE ENTERED INTO AND FILL THE MAC ADDRESS TABLE OF A SWITCH. THE SWITCH IS FORCED TO BROADCAST ALL FRAMES OUT ALL PORTS ALLOWING AN ATTACKER TO CAPTURE AND VIEW ADDRESSES. CONFIGURING PORT SECURITY CAN BE USED TO PREVENT THIS TYPE OF ATTACK
MAC FLOODING ATTACK
SIMILAR TO MAC ADDRESS TABLE OVERFLOW ATTACK
DHCP STARVATION ATTACK
DENIAL-OF-SERVICE (DOS) ATTACK
DHCP SPOOFING ATTACKS
an attacker configures a fake DHCP server on the
network to issue DHCP addresses to clients. THEN SENDS NETWORK TRAFFIC TO A MACHINE CONTROLLED BY THE ATTACKER
CISCO DISCOVERY PROTOCOL (CDP)
is a proprietary protocol that all Cisco devices can be configured to use. CDP discovers other Cisco devices that are directly connected, which allows the devices to auto-configure their connection.
BRUTE FORCE PASSWORD ATTACK
USES A TRIAL AND ERROR APPROACH TO PASSWORD CRACKING USING SOFTWARE PROGRAMS THAT RUN COMBINATIONS OF CHARACTERS AND COMMON DICTIONARY WORDS TO DECIPHER PASSWORDS
TELNET DOS ATTACK
the attacker
exploits a flaw in the Telnet server software running on the switch that renders the Telnet service unavailable. LOCKS A LEGITIMATE NETWORK ADMIN FROM REMOTELY ACCESSING A NETWORK DEVICE USING TELNET
SECURITY AUDIT
reveals the type of information an attacker can gather
simply by monitoring network traffic.
PENETRATION TESTING
is a simulated attack against the network to determine how vulnerable it would be in a real attack.
DHCP SNOOPING
is a Cisco Catalyst feature that determines which devices attached
to switch ports can respond to DHCP requests. ACTS LIKE A FIREWALL BETWEEN UNTRUSTED NETWORK DEVICES AND TRUSTED DHCP SERVERS
TRUSTED PORT
can source any type of DHCP message
UNTRUSTED PORT
can source DHCP requests only.
PORT SECURITY
limits the number of valid MAC addresses allowed
on a port.
STATIC SECURE MAC ADDRESS
MAC addresses that are manually configured on
a SWITCHport
DYNAMIC SECURE MAC ADDRESS
…
STICKY SECURE MAC ADDRESS
MAC addresses that can be dynamically learned
or manually configured stored in the address table, and added to the running configuration.
NETWORK TIME PROTOCOL (NTP)
MAC addresses that are dynamically learned
and stored only in the address table. MAC addresses configured in this way are removed when the switch restarts.
- Which three options correctly associate the command with the paired behavior? (Choose three.)
A. switch port port-security violation protect: Frames with unknown source addresses are dropped and a notification is sent.
B. switch port port-security violation restrict: Frames with unknown source addresses are dropped and no notification is sent.
C. switch port port-security violation shutdown: Frames with unknown source
addresses result in the port becoming error-disabled, and a notification is sent.
D. switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
E. switch port port-security maximum: Defines the number of MAC addresses
associated with a port.
C. switch port port-security violation shutdown: Frames with unknown source
addresses result in the port becoming error-disabled, and a notification is sent.
D. switch port port-security mac-address sticky: Allows dynamically learned MAC addresses to be stored in the running-configuration.
E. switch port port-security maximum: Defines the number of MAC addresses
associated with a port.
- What is the effect of entering the following command on a Fast Ethernet switch port?
SW1(config-if)# duplex full
A. The connected device communicates in two directions, but only one direction at a time.
B. The switch port returns to its default configuration.
C. If the device connected to this port is also set for full duplex, the device
participates in collision-free communication.
D. The efficiency of this configuration is typically rated at 50 to 60 percent.
E. The connected device should be configured as half duplex.
C. If the device connected to this port is also set for full duplex, the device
participates in collision-free communication.
- Which two tasks does autonegotiation in an Ethernet network accomplish?
(Choose two.)
A. Sets the link speed
B. Sets the IP address
C. Sets the link duplex mode
D. Sets MAC address assignments on switch port
E. Sets the ring speed
A. Sets the link speed
C. Sets the link duplex mode
- Why should a default gateway be assigned to a switch?
A. So that there can be remote connectivity to the switch via such programs as Telnet and ping
B. So that frames can be sent through the switch to the router
C. So that frames generated from workstations and destined for remote networks
can pass to a higher level
D. So that other networks can be accessed from the command prompt of the
switch
D. So that other networks can be accessed from the command prompt of the
switch
- The network administrator wants to configure an IP address on a Cisco switch.
How does the network administrator assign the IP address?
A. In privileged EXEC mode
B. On the switch interface FastEthernet0/0
C. On the management VLAN
D. On the physical interface connected to the router or next-hop device
C. On the management VLAN
- Which option correctly associates the Layer 2 security attack with the description?
A. MAC address flooding: Broadcast requests for IP addresses with spoofed
MAC addresses.
B. DHCP starvation: Using proprietary Cisco protocols to gain information about a switch.
C. CDP attack: The attacker fills the switch MAC address table with invalid MAC addresses.
D. Telnet attack: Using brute force password attacks to gain access to a switch.
D. Telnet attack: Using brute force password attacks to gain access to a switch.
7. What is an advantage of using SSH over Telnet when remotely connecting to a switch? A. Encryption B. More connection lines C. Connection-oriented services D. Username and password authentication
A. Encryption
- Consider the configuration. Which two commands are not needed on the switch in order for a remote network administrator to access the switch using SSH?
A. Switch(config)# ip domain-name mydomain.com
B. Switch(config)# crypto key generate rsa
C. Switch(config)# ip ssh version 2
D. Switch(config)# line vty 0 15
E. Switch(config-if)# transport input ssh
C. Switch(config)# ip ssh version 2
E. Switch(config-if)# transport input ssh
- What is an advantage of having the correct date and time on a network device?
A. Network administrators are provided with correct timestamps on log messages.
B. When working at the console prompt, the network administrator has a good idea how long the configuration or troubleshooting process is taking.
C. Other devices can use CDP to discover neighbor device information if the time and date are synchronized between the two devices.
D. Secure remote connectivity can be accomplished if the date and time are
accurate.
A. Network administrators are provided with correct timestamps on log
messages.
- What is the purpose of DHCP snooping?
A. Ensures devices are configured for automatic IP address assignment
B. Prevents unauthorized DHCP servers
C. Prevents DHCP messages from going across a trunk
D. Prevents DHCP messages from being sent to another network
B. Prevents unauthorized DHCP servers
- What is a Cisco best practice for deploying switches?
A. When a server connects to a switch, the switch port should have the port speed manually configured, but the autonegotiation feature used for duplex.
B. A compound word should be used as a password on an infrastructure network
device such as a switch.
C. Telnet should be used whenever possible on the switch vty lines.
D. The enable secret password should be used when configuring a switch to use SSH on the vty lines.
A. When a server connects to a switch, the switch port should have the port speed manually configured, but the autonegotiation feature used for duplex.
- When would auto-MDIX be best to use?
A. When a switch connects to a router
B. When a switch connects to another switch
C. When any device connects to an access layer switch
D. When the cable type is unknown
D. When the cable type is unknown
AUTOMATIC MEDIUM-DEPENDENT INTERFACE CROSSOVER (AUTO-MDX)
interface automatically detects the required
cable connection type (straight-through or crossover) and configures the connection appropriately.
VIRTUAL LOCAL AREA NETWORK (VLAN)
A GROUP OF HOST WITH COMMON SET OF REQUIREMENTS THAT COMMUNICATE AS IF THEY WERE ATTACHED TO THE SAME WIRE, REGARDLESS OF THEIR PHYSICAL LOCATION. HAS SAME ATTRIBUTES AS A PHYSICAL LAN, BUT IT ALLOWS FOR END STATIONS TO BE GROUPED TOGETHER EVEN IF THEY ARE NOT LOCATED ON THE SAME LAN.
DATA VLAN
is a VLAN that is configured to carry user-generated traffic. A VLAN
carrying voice or management traffic would not be part of a data VLAN.
DEFAULT VLAN
All switch ports become a part of the default VLAN after the initial boot up of a switch loading the default configuration. VLAN 1 IS DEFAULT VLAN
NATIVE VLAN
is assigned to an 802.1Q trunk port. An 802.1Q trunk port supports traffic coming from many VLANs
(tagged traffic), as well as traffic that does not come from a VLAN (untagged traffic). The 802.1Q trunk port places untagged traffic on the native VLAN, which by default is VLAN 1
TRUNK
SWITCHPORT MODE CONFIGURED SO THAT THE SWITCH CAN TRANSMIT TRAFFIC FROM MULTIPLE VLANS OVER A SINGLE LINK
MANAGEMENT VLAN
is any VLAN configured to access the management capabilities of a switch. VLAN 1 is the management VLAN by default. To create the management VLAN, the switch virtual interface (SVI) of that VLAN is assigned an IP address and subnet mask, allowing the switch to be managed via HTTP, Telnet, SSH,
or SNMP.
TAGGING
The 802.1Q header includes a 4-byte tag inserted within the original
Ethernet frame header, specifying the VLAN to which the frame belongs
VLAN.DAT
Configurations are stored within a VLAN database file, LOCATED IN THE FLASH MEMORY OF THE SWITCH
VLAN TRUNKING PROTOCOL (VTP)
is a Cisco-proprietary Layer 2 protocol THAT ENABLES THE NETWORK MANAGER TO CONFIGURE ONE OR MORE SWITCHES SO THAT THEY PROPAGATE VLAN CONFIGURATION INFORMATION TO OTHER SITCHES IN THE NETWORK, AS ERLL AS SYNCRONIZINGS THE VLAN INFO WITH OTHER SWITCHES IN THE VTP DOMAIN
DYNAMIC TRUNKING PROTOCOL (DTP)
is used to negotiate forming a trunk
between two Cisco devices.
VLAN LEAKING
FRAMES ARE ACCEPTED FROM A VLAN THAT IS DIFFERENT FROM THE ONE ASSIGNED TO A PARTICULAR SWITCH PORT
VLAN HOPPING
FRAMES FROM ONE VLAN CAN BE SEEN BY ANOTHER VLAN
SWITCH SPOOFING
is a type of VLAN hopping attack that works by taking advantage
of an incorrectly configured trunk port. ATTACKER CAN THEN GAIN ACCESS TO ALL VLANS IN THAT TRUNK
DOUBLE-TAGGING (DOUBLE-ENCAPSULATION)
REQUIRES THAT THE ATTACKER BE CONNECTED TO A PORT THAT IS IN THE SAME VLAN AS THE NATIVE VLAN OF A TRUNK PORT. THE ATTACKER SENDS AN 802.1Q FRAME THAT HAS 2 VLAN TAGS; THE SECOND TAG IS THE FAKE ONE READ BY A SECOND SWITCH AND SENT TO AN UNATTENDED VLAN THAT HAS A TARGET HOST CONTROLLED BY THE ATTACKER
- What is the difference between an access port and a trunk port?
A. A trunk port belongs to a single VLAN; an access port provides access for multiple VLANs between switches.
B. An access port can have a native VLAN, but a trunk port cannot.
C. An access port can have only one device attached.
D. Multiple VLANs traverse a trunk port, but an access port can belong to a single VLAN.
D. Multiple VLANs traverse a trunk port, but an access port can belong to a single VLAN.
2. Switch S1 and Switch S2 are both configured with ports in the Faculty, Students, Voice, Guest, Printing, and Admin VLANs. Each VLAN contains 12 users. How many subnets are needed to address the VLANs? A. 1 B. 2 C. 4 D. 6 E. 8 F. 12 G. 24
D. 6
3. What mechanism is used to achieve the separation between different VLANs as they cross a trunk link? A. VLAN tagging using 802.1Q protocol B. VLAN tagging using 802.1p protocol C. VLAN multiplexing D. VLAN set as a native VLAN
A. VLAN tagging using 802.1Q protocol
- What are two options to consider when configuring a trunk link between two switches? (Choose two.)
A. The switch port nonegotiate command must be configured for trunks that use DTP.
B. Port security cannot be configured on the trunk interfaces.
C. The native VLAN must be the same on both ends of the trunk.
D. Different encapsulation types can be configured on both ends of the trunk
link.
E. Trunk ports can be configured only on Gigabit Ethernet interfaces.
B. Port security cannot be configured on the trunk interfaces.
C. The native VLAN must be the same on both ends of the trunk.
- A 24-port switch has been configured to support three VLANs named Sales, Marketing, and Finance. Each VLAN spans four ports on the switch. The network administrator has deleted the Marketing VLAN from the switch. What two statements describe the status of the ports associated with this VLAN? (Choose two.)
A. The ports are inactive.
B. The ports are administratively disabled.
C. The ports will become trunks to carry data from all remaining VLANs.
D. The ports will remain part of the Marketing VLAN until reassigned to another VLAN.
E. The ports were released from the Marketing VLAN and automatically reassigned to VLAN 1.
A. The ports are inactive.
D. The ports will remain part of the Marketing VLAN until reassigned to
another VLAN.
- Which three statements are true about hosts that are configured in the same VLAN? (Choose three.)
A. Hosts in the same VLAN must be on the same IP subnet.
B. Hosts in different VLANs can communicate with the aid of only the Layer 2 switch.
C. Hosts in the same VLAN share the same broadcast domain.
D. Hosts in the same VLAN share the same collision domain.
E. Hosts in the same VLAN comply with the same security policy.
F. Hosts in the same VLAN must be on the same physical segment.
A. Hosts in the same VLAN must be on the same IP subnet.
C. Hosts in the same VLAN share the same broadcast domain.
- Refer to Figure 3-8. Host PC3 is unable to transfer data because it does not have the MAC address of the destination host. If PC3 sends out an ARP request
broadcast, which of the other hosts will see the message?
A. Only PC3
B. Only PC4
C. Only PC4 and PC5
D. PC1, PC2, PC4, and PC5
E. PC1, PC2, PC3, PC4, and PC5
B. Only PC4
switch virtual interface - S V I
Provides basic Layer 3 functions for a switch, which does not have a dedicated physical interface for IP addressing.
CRC error
This is a process to check for errors within the Layer 2 frame. The sending device generates a CRC and includes this value in the FCS field. The receiving device generates a CRC and compares it to the received CRC to look for errors. If they match, no error has occurred. If they do not match, the frame is dropped. These on Ethernet and serial interfaces usually mean a media or cable problem.
security audit
A gathering of information to determine the type of information an attacker could obtain by capturing and analyzing network traffic.
penetration testing
An intentional attack by authorized personnel against a network to determine network vulnerabilities.
What 2 tasks does auto negotiation in an Ethernet network accomplish?
Autonegotiation set duplex and speed. Autonegotiation is the default mode for a Cisco switch port.
What is the effect of entering the following command on a Fast Ethernet switch port? SW1 (config-if)# duplex full
If the device connected to this port is also set for full duplex, the device participates in collision-free communication. The switch will connect with full duplex when auto negotiating with a peer device. The default configuration for a switch port is auto negotiating.
The network administrator wants to configure an IP address on a Cisco switch. How does the network administrator assign the IP address?
On the management VLAN. A layer 2 switch is allotted a single Layer 3 logical address in the form of a switch virtual interface-SVI-used for managing the switch.
Why should a default gateway be assigned to a switch?
The default gateway provides a means for the administrator of the switch to access networks not directly connected to the switch and allows for remote connectivity from a different network because when connected, the return packets from the switch can be sent to the remote network device.
What is an advantage of using SSH over Telnet when remotely connecting to a switch?
Username and password authentication. SSH is a more secure method of accessing a device from a remote network.
When does the boot loader provide access into the switch?
The boot loader provides access into the switch if the operating system cannot be used because of missing or damaged system files.
What commands can be executed through the boot loader command line interface?
The boot loader command line supports commands to format the flash file system, reinstall the operating system software, and recover from a lost or forgotten password. For example, the dir command can be used to view a list of files within a specified directory
What three things are necessary for a switch to be managed from a remote network?
To prepare a switch for remote management access, the switch must be configured with an IP address and a subnet mask. Keep in mind, that to manage the switch from a remote network, the switch must be configured with a default gateway.
What else must be set to auto when using auto-MDIX on an interface?
When using auto-MDIX on an interface, the interface speed and duplex must be set to auto so that the feature operates correctly.
What command would you use to examine the auto-MDIX setting for Fastethernet port 0/1?
show controllers ethernet-controller fa 0/1 phy | include Auto-MDIX
show interfaces (interface id)
Displays interface status and configuration
show startup-config
Displays current startup configuration
show flash:
Displays information about the flash file system
Explain what the problems with using telnet are?
Telnet is an older protocol that uses unsecure plaintext transmission of both the login authentication (username and password) and the data transmitted between the communicating devices.
SSH is assigned to TCP port ______. Telnet is assigned to TCP port ______.
22, 23
What command can you use to verify that a switch supports SSH?
Use the show ip ssh command to verify that the switch supports SSH.
What is one way to mitigate MAC address table overflow attacks?
One way to mitigate MAC address table overflow attacks is to configure port security.
How can you mitigate DHCP attacks?
To mitigate DHCP attacks, use the DHCP snooping and port security features on the Cisco Catalyst switches.
How can you mitigate against brute force password attacks?
To mitigate against brute force password attacks use strong passwords that are changed frequently.
What is a simple method that many administrators use to help secure the network from unauthorized access?
A simple method that many administrators use to help secure the network from unauthorized access is to disable all unused ports on a switch.
A network administrator plugs a new PC into a switch port. The LED for that port changes to solid green. What statement best describes the current status of the port?
The port is operational and ready to transmit packets.
Define the asymmetrical keys.
Configure authentication.
A network technician wants to implement SSH as the means by which a router may be managed remotely. What are two procedures that the technician should use to successfully complete this task?
With _______ enabled, either type of cable (straight through or cross over) can be used to connect to other devices.
auto-MDIX
Switch ports can not be manually configured with specific duplex and speed settings.
False
Half-duplex communication can send and receive, simultaneously.
False
The switch should be configured with a default gateway if the switch will be managed remotely from another network.
True
If Port security is configured, we can set one MAC address that is allowed to attach and use a specific (or multiple) switch port.
True
Which interface is the default location that would contain the IP address used to manage a 24 port Ethernet switch
VLAN 1
A production switch is reloaded and finishes with a switch > prompt. What 2 facts can be determined? choose 2
A full version of the Cisco IOS was located and loaded
POST occurred normally
Which 2 statements are true about using full-duplex Fast Ethernet? Choose 2
Full duplex
Performance is improved with bidirectional data flow
Which statement describes the port speed LED on the Cisco Catalyst 2960 switch?
If the LED is green, the port is operating at 100 Mb/s
What is a function of the switch boot loader?
To provide an environment to operate in when the switch operating system can not be found
In which situation would a technician use the show interfaces command?
When packets are being dropped from a particular directly attached host.
What is one difference between using Telnet of SSH to connect to a network device for management purposes?
Telnet sends a username and password in plain text, whereas SSH encrypts the username and password
Which action will bring an error disabled switch port back to an operational state?
Issue the shutdown and then no shutdown interface commands
Which 2 statements are true regarding switch port security? Choose 2
Dynamically learned secure MAC addresses are lost when the switch reboots.
If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached
A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port.
Restrict
