SWRE Final Exam 4 Flashcards
What would be the primary reason an attacker would launch a MAC address overflow attack?
so that the switch stops forwarding traffic
so that legitimate hosts cannot obtain a MAC address
so that the attacker can see frames that are destined for other hosts
so that the attacker can execute arbitrary code on the switc
so that the attacker can see frames that are destined for other hosts
During the AAA process, when will authorization be implemented?
Immediately after successful authentication against an AAA data source
Immediately after AAA accounting and auditing receives detailed reports
Immediately after an AAA client sends authentication information to a centralized server
Immediately after the determination of which resources a user can access
Immediately after successful authentication against an AAA data source
Explain: A. AAA authorization is implemented immediately after the user is authenticated against a specific AAA data source.
A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this?
auto secure MAC addresses
dynamic secure MAC addresses
static secure MAC addresses
red only in the address table.
sticky secure MAC addresses
Explain: With sticky secure MAC addressing, the MAC addresses can be either dynamically learned or manually configured and then stored in the address table and added to the running configuration file. In contrast, dynamic secure MAC addressing provides for dynamically learned MAC addressing that is stored only in the address table.
Which three Wi-Fi standards operate in the 2.4GHz range of frequencies? (Choose three.)
802.11a
802.11b
802.11g
802.11n
802.11ac
802.11b
802.11g
802.11n
Explanation: 802.11b and 802.11g operate in the 2.4GHz range, and 802.11n can operate in either the 2.4GHz or the 5GHz range. 802.11a and 802.11ac operate only in the 5GHz range of frequencies.
To obtain an overview of the spanning tree status of a switched network, a network engineer issues the show spanning-tree command on a switch. Which two items of information will this command display? (Choose two.)
The root bridge BID.
The role of the ports in all VLANs.
The status of native VLAN ports.
The number of broadcasts received on each root port.
The IP address of the management VLAN interface.
The root bridge BID.
The role of the ports in all VLANs.
Refer to the exhibit. Which trunk link will not forward any traffic after the root bridge election process is complete?
Trunk1
Trunk2
Trunk3
Trunk4
Trunk2
Which method of IPv6 prefix assignment relies on the prefix contained in RA messages?
EUI-64
SLAAC
static
stateful DHCPv6
SLAAC
Explanation: Stateless Address Autoconfiguration (SLAAC) relies on information received in router advertisement (RA) messages in order to automatically create an IPv6 address. The RA messages contain information such as the network prefix and prefix length, which the host combines with an interface ID in order to make a unique IPv6 unicast address.
Which two protocols are used to provide server-based AAA authentication? (Choose two.)
802.1x
SSH
SNMP
TACACS+
RADIUS
TACACS+
RADIUS
Explanation: Server-based AAA authentication uses an external TACACS or RADIUS authentication server to maintain a username and password database. When a client establishes a connection with an AAA enabled device, the device authenticates the client by querying the authentication servers.
A network administrator is configuring a WLAN. Why would the administrator disable the broadcast feature for the SSID?
to eliminate outsiders scanning for available SSIDs in the area
to reduce the risk of interference by external devices such as microwave ovens
to reduce the risk of unauthorized APs being added to the network
to provide privacy and integrity to wireless traffic by using encryption
to eliminate outsiders scanning for available SSIDs in the area
Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients?
implementing port security
turning on DHCP snooping
disabling CDP on edge ports
implementing port-security on edge ports
turning on DHCP snooping
Explanation: Like Dynamic ARP Inspection (DAI), IP Source Guard (IPSG) needs to determine the validity of MAC-address-to-IP-address bindings. To do this IPSG uses the bindings database built by DHCP snooping.
A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?
shutdown
restrict
warning
protect
restrict
Explanation: In port security implementation, an interface can be configured for one of three violation modes:
Protect – a port security violation causes the interface to drop packets with unknown source addresses and no notification is sent that a security violation has occurred.
Restrict – a port security violation causes the interface to drop packets with unknown source addresses and to send a notification that a security violation has occurred.
Shutdown – a port security violation causes the interface to immediately become error-disabled and turns off the port LED. No notification is sent that a security violation has occurred.
What protocol or technology defines a group of routers, one of them defined as active and another one as standby?
EtherChannel
VTP
HSRP
DTP
HSRP
Refer to the exhibit. After attempting to enter the configuration that is shown in router RTA, an administrator receives an error and users on VLAN 20 report that they are unable to reach users on VLAN 30. What is causing the problem?
There is no address on Fa0/0 to use as a default gateway.
RTA is using the same subnet for VLAN 20 and VLAN 30.
Dot1q does not support subinterfaces.
The no shutdown command should have been issued on Fa0/0.20 and Fa0/0.30.
RTA is using the same subnet for VLAN 20 and VLAN 30.
Which three pairs of trunking modes will establish a functional trunk link between two Cisco switches? (Choose three.)
dynamic auto - dynamic auto
access - trunk
dynamic desirable - trunk
access - dynamic auto
dynamic desirable - dynamic desirable
dynamic desirable - dynamic auto
dynamic desirable - trunk
dynamic desirable - dynamic desirable
dynamic desirable - dynamic auto
A technician is configuring a router for a small company with multiple WLANs and doesn’t need the complexity of a dynamic routing protocol. What should be done or checked?
Verify that there is not a default route in any of the edge router routing tables.
Create static routes to all internal networks and a default route to the internet.
Create extra static routes to the same location with an AD of 1.
Check the statistics on the default route for oversaturation.
Create static routes to all internal networks and a default route to the internet.
