SWRE Final Exam 4 Flashcards

1
Q

What would be the primary reason an attacker would launch a MAC address overflow attack?

so that the switch stops forwarding traffic

so that legitimate hosts cannot obtain a MAC address

so that the attacker can see frames that are destined for other hosts

so that the attacker can execute arbitrary code on the switc

A

so that the attacker can see frames that are destined for other hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

During the AAA process, when will authorization be implemented?

Immediately after successful authentication against an AAA data source

Immediately after AAA accounting and auditing receives detailed reports

Immediately after an AAA client sends authentication information to a centralized server

Immediately after the determination of which resources a user can access

A

Immediately after successful authentication against an AAA data source

Explain: A. AAA authorization is implemented immediately after the user is authenticated against a specific AAA data source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this?

auto secure MAC addresses

dynamic secure MAC addresses

static secure MAC addresses

red only in the address table.

A

sticky secure MAC addresses

Explain: With sticky secure MAC addressing, the MAC addresses can be either dynamically learned or manually configured and then stored in the address table and added to the running configuration file. In contrast, dynamic secure MAC addressing provides for dynamically learned MAC addressing that is stored only in the address table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which three Wi-Fi standards operate in the 2.4GHz range of frequencies? (Choose three.)

802.11a

802.11b

802.11g

802.11n

802.11ac

A

802.11b
802.11g
802.11n

Explanation: 802.11b and 802.11g operate in the 2.4GHz range, and 802.11n can operate in either the 2.4GHz or the 5GHz range. 802.11a and 802.11ac operate only in the 5GHz range of frequencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To obtain an overview of the spanning tree status of a switched network, a network engineer issues the show spanning-tree command on a switch. Which two items of information will this command display? (Choose two.)

The root bridge BID.

The role of the ports in all VLANs.

The status of native VLAN ports.
The number of broadcasts received on each root port.

The IP address of the management VLAN interface.

A

The root bridge BID.

The role of the ports in all VLANs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Refer to the exhibit. Which trunk link will not forward any traffic after the root bridge election process is complete?

Trunk1

Trunk2

Trunk3

Trunk4

A

Trunk2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which method of IPv6 prefix assignment relies on the prefix contained in RA messages?

EUI-64

SLAAC

static

stateful DHCPv6

A

SLAAC

Explanation: Stateless Address Autoconfiguration (SLAAC) relies on information received in router advertisement (RA) messages in order to automatically create an IPv6 address. The RA messages contain information such as the network prefix and prefix length, which the host combines with an interface ID in order to make a unique IPv6 unicast address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which two protocols are used to provide server-based AAA authentication? (Choose two.)

802.1x

SSH

SNMP

TACACS+

RADIUS

A

TACACS+

RADIUS

Explanation: Server-based AAA authentication uses an external TACACS or RADIUS authentication server to maintain a username and password database. When a client establishes a connection with an AAA enabled device, the device authenticates the client by querying the authentication servers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID?

to eliminate outsiders scanning for available SSIDs in the area

to reduce the risk of interference by external devices such as microwave ovens

to reduce the risk of unauthorized APs being added to the network

to provide privacy and integrity to wireless traffic by using encryption

A

to eliminate outsiders scanning for available SSIDs in the area

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients?

implementing port security

turning on DHCP snooping

disabling CDP on edge ports

implementing port-security on edge ports

A

turning on DHCP snooping

Explanation: Like Dynamic ARP Inspection (DAI), IP Source Guard (IPSG) needs to determine the validity of MAC-address-to-IP-address bindings. To do this IPSG uses the bindings database built by DHCP snooping.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

shutdown

restrict

warning

protect

A

restrict

Explanation: In port security implementation, an interface can be configured for one of three violation modes:

Protect – a port security violation causes the interface to drop packets with unknown source addresses and no notification is sent that a security violation has occurred.

Restrict – a port security violation causes the interface to drop packets with unknown source addresses and to send a notification that a security violation has occurred.

Shutdown – a port security violation causes the interface to immediately become error-disabled and turns off the port LED. No notification is sent that a security violation has occurred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What protocol or technology defines a group of routers, one of them defined as active and another one as standby?

EtherChannel

VTP

HSRP

DTP

A

HSRP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Refer to the exhibit. After attempting to enter the configuration that is shown in router RTA, an administrator receives an error and users on VLAN 20 report that they are unable to reach users on VLAN 30. What is causing the problem?

There is no address on Fa0/0 to use as a default gateway.

RTA is using the same subnet for VLAN 20 and VLAN 30.

Dot1q does not support subinterfaces.

The no shutdown command should have been issued on Fa0/0.20 and Fa0/0.30.

A

RTA is using the same subnet for VLAN 20 and VLAN 30.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.)

dynamic auto - dynamic auto
access - trunk
dynamic desirable - trunk
access - dynamic auto
dynamic desirable - dynamic desirable
dynamic desirable - dynamic auto

A

dynamic desirable - trunk

dynamic desirable - dynamic desirable

dynamic desirable - dynamic auto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A technician is configuring a router for a small company with multiple WLANs and doesn’t need the complexity of a dynamic routing protocol. What should be done or checked?

Verify that there is not a default route in any of the edge router routing tables.

Create static routes to all internal networks and a default route to the internet.

Create extra static routes to the same location with an AD of 1.

Check the statistics on the default route for oversaturation.

A

Create static routes to all internal networks and a default route to the internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company is deploying a wireless network in the distribution facility in a Boston suburb. The warehouse is quite large and it requires multiple access points to be used. Because some of the company devices still operate at 2.4GHz, the network administrator decides to deploy the 802.11g standard. Which channel assignments on the multiple access points will make sure that the wireless channels are not overlapping?

channels 1, 5, and 9

channels 1, 6, and 11

channels 1, 7, and 13

channels 2, 6, and 10

A

channels 1, 6, and 11