SWRE Final Exam 5 Flashcards
A network administrator of a small advertising company is configuring WLAN security by using the WPA2 PSK method. Which credential do office users need in order to connect their laptops to the WLAN?
the company username and password through Active Directory service
a key that matches the key on the AP
a user passphrase
a username and password configured on the AP
a key that matches the key on the AP
Explanation: When a WLAN is configured with WPA2 PSK, wireless users must know the pre-shared key to associate and authenticate with the AP.
Refer to the exhibit. What are the possible port roles for ports A, B, C, and D in this RSTP-enabled network?
alternate, designated, root, root
designated, alternate, root, root
alternate, root, designated, root
designated, root, alternate, root
alternate, designated, root, root
Explanation: Because S1 is the root bridge, B is a designated port, and C and D root ports. RSTP supports a new port type, alternate port in discarding state, that can be port A in this scenario.
Refer to the exhibit. Which static route would an IT technician enter to create a backup route to the 172.16.1.0 network that is only used if the primary RIP learned route fails?
ip route 172.16.1.0 255.255.255.0 s0/0/0
ip route 172.16.1.0 255.255.255.0 s0/0/0 121
ip route 172.16.1.0 255.255.255.0 s0/0/0 111
ip route 172.16.1.0 255.255.255.0 s0/0/0 91
ip route 172.16.1.0 255.255.255.0 s0/0/0 121
Explanation: A backup static route is called a floating static route. A floating static route has an administrative distance greater than the administrative distance of another static route or dynamic route.
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
Disable DTP.
Disable STP.
Enable port security.
Place unused ports in an unused VLAN.
Enable port security
Explanation: A MAC address (CAM) table overflow attack, buffer overflow, and MAC address spoofing can all be mitigated by configuring port security. A network administrator would typically not want to disable STP because it prevents Layer 2 loops. DTP is disabled to prevent VLAN hopping. Placing unused ports in an unused VLAN prevents unauthorized wired connectivity.
A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?
Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will result in fewer users accessing these services.
The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.
The 5 GHz band has a greater range and is therefore likely to be interference-free.
The only users that can switch to the 5 GHz band will be those with the latest wireless NICs, which will reduce usage.
The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.
Explanation: Wireless range is determined by the access point antenna and output power, not the frequency band that is used. In this scenario it is stated that all users have wireless NICs that comply with the latest standard, and so all can access the 5 GHz band. Although some users may find it inconvenient to switch to the 5 Ghz band to access streaming services, it is the greater number of channels, not just fewer users, that will improve network performance.
Which DHCPv4 message will a client send to accept an IPv4 address that is offered by a DHCP server?
broadcast DHCPACK
broadcast DHCPREQUEST
unicast DHCPACK
unicast DHCPREQUEST
broadcast DHCPREQUEST
Explanation: When a DHCP client receives DHCPOFFER messages, it will send a broadcast DHCPREQUEST message for two purposes. First, it indicates to the offering DHCP server that it would like to accept the offer and bind the IP address. Second, it notifies any other responding DHCP servers that their offers are declined.
Refer to the exhibit. Which destination MAC address is used when frames are sent from the workstation to the default gateway?
MAC address of the virtual router
MAC address of the standby router
MAC addresses of both the forwarding and standby routers
MAC address of the forwarding router
MAC address of the virtual router
Explanation: The IP address of the virtual router acts as the default gateway for all the workstations. Therefore, the MAC address that is returned by the Address Resolution Protocol to the workstation will be the MAC address of the virtual router.
After a host has generated an IPv6 address by using the DHCPv6 or SLAAC process, how does the host verify that the address is unique and therefore usable?
The host sends an ICMPv6 echo request message to the DHCPv6 or SLAAC-learned address and if no reply is returned, the address is considered unique.
The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address and if no neighbor advertisement is returned, the address is considered unique.
The host checks the local neighbor cache for the learned address and if the address is not cached, it it considered unique.
The host sends an ARP broadcast to the local link and if no hosts send a reply, the address is considered unique.
The host sends an ICMPv6 neighbor solicitation message to the DHCP or SLAAC-learned address and if no neighbor advertisement is returned, the address is considered unique.
Explanation: Before a host can actually configure and use an IPv6 address learned through SLAAC or DHCP, the host must verify that no other host is already using that address. To verify that the address is indeed unique, the host sends an ICMPv6 neighbor solicitation to the address. If no neighbor advertisement is returned, the host considers the address to be unique and configures it on the interface.
Which protocol adds security to remote connections?
FTP
HTTP
NetBEUI
POP
SSH
SSH
Explanation: SSH allows a technician to securely connect to a remote network device for monitoring and troubleshooting. HTTP establishes web page requests. FTP manages file transfer. NetBEUI is not routed on the Internet. POP downloads email messages from email servers.
Refer to the exhibit. A network administrator is verifying the configuration of inter-VLAN routing. Users complain that PC2 cannot communicate with PC1. Based on the output, what is the possible cause of the problem?
Gi0/0 is not configured as a trunk port.
The command interface GigabitEthernet0/0.5 was entered incorrectly.
There is no IP address configured on the interface Gi0/0.
The no shutdown command is not entered on subinterfaces.
The encapsulation dot1Q 5 command contains the wrong VLAN.
The no shutdown command is not entered on subinterfaces.
The encapsulation dot1Q 5 command contains the wrong VLAN.
Refer to the exhibit. A network administrator is configuring inter-VLAN routing on a network. For now, only one VLAN is being used, but more will be added soon. What is the missing parameter that is shown as the highlighted question mark in the graphic?
It identifies the subinterface.
It identifies the VLAN number.
It identifies the native VLAN number.
It identifies the type of encapsulation that is used.
It identifies the number of hosts that are allowed on the interface.
It identifies the VLAN number.
Match each DHCP message type with its description. (Not all options are used.)
Place the options in the following order:
a client initiating a message to find a DHCP server – DHCPDISCOVER
a DHCP server responding to the initial request by a client – DHCPOFFER
the client accepting the IP address provided by the DHCP server – DHCPREQUEST
the DHCP server confirming that the lease has been accepted – DHCPACK
What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?
IP address spoofing
DHCP starvation
CAM table attack
DHCP spoofing
DHCP starvation
Explanation: DCHP starvation attacks are launched by an attacker with the intent to create a DoS for DHCP clients. To accomplish this goal, the attacker uses a tool that sends many DHCPDISCOVER messages in order to lease the entire pool of available IP addresses, thus denying them to legitimate hosts.
Refer to the exhibit. If the IP addresses of the default gateway router and the DNS server are correct, what is the configuration problem?
The DNS server and the default gateway router should be in the same subnet.
The IP address of the default gateway router is not contained in the excluded address list.
The default-router and dns-server commands need to be configured with subnet masks.
The IP address of the DNS server is not contained in the excluded address list.
The IP address of the default gateway router is not contained in the excluded address list.
Explanation: In this configuration, the excluded address list should include the address that is assigned to the default gateway router. So the command should be ip dhcp excluded-address 192.168.10.1 192.168.10.9.
Refer to the exhibit. A network administrator has added a new subnet to the network and needs hosts on that subnet to receive IPv4 addresses from the DHCPv4 server.
What two commands will allow hosts on the new subnet to receive addresses from the DHCP4 server? (Choose two.)
R1(config-if)# ip helper-address 10.2.0.250
R1(config)# interface G0/1
R1(config)# interface G0/0
R2(config-if)# ip helper-address 10.2.0.250
R2(config)# interface G0/0
R1(config-if)# ip helper-address 10.1.0.254
R1(config-if)# ip helper-address 10.2.0.250
R1(config)# interface G0/0
Explanation: You need the router interface that is connected to the new subnet and the dhcp server address.
The ip helper-address command is used to configure a router to be a DHCPv4 relay. The command should be placed on the interface facing the DHCPv4 clients. When the command is applied on the router interface, the interface will receive DHCPv4 broadcast messages and forward them as unicast to the IP address of the DHCPv4 server.
