SWRE Final Exam 6 Flashcards
What protocol or technology uses source IP to destination IP as a load-balancing mechanism?
VTP
EtherChannel
DTP
STP
EtherChannel
What protocol should be disabled to help mitigate VLAN attacks?
CDP
ARP
STP
DTP
DTP
. What protocol or technology requires switches to be in server mode or client mode?
EtherChannel
STP
VTP
DTP
VTP
What are two reasons a network administrator would segment a network with a Layer 2 switch? (Choose two.)
to create fewer collision domains
to enhance user bandwidth
to create more broadcast domains
to eliminate virtual circuits
to isolate traffic between segments
to isolate ARP request messages from the rest of the network
to enhance user bandwidth
to isolate traffic between segments
Explanation: A switch has the ability of creating temporary point-to-point connections between the directly-attached transmitting and receiving network devices. The two devices have full-bandwidth full-duplex connectivity during the transmission.
What command will enable a router to begin sending messages that allow it to configure a link-local address without using an IPv6 DHCP server?
a static route
the ipv6 route ::/0 command
the ipv6 unicast-routing command
the ip routing command
the ipv6 unicast-routing command
Explanation: To enable IPv6 on a router you must use the ipv6 unicast-routing global configuration command or use the ipv6 enable interface configuration command. This is equivalent to entering ip routing to enable IPv4 routing on a router when it has been turned off. Keep in mind that IPv4 is enabled on a router by default. IPv6 is not enabled by default.
A network administrator is using the router-on-a-stick model to configure a switch and a router for inter-VLAN routing. What configuration should be made on the switch port that connects to the router?
Configure it as a trunk port and allow only untagged traffic.
Configure the port as an access port and a member of VLAN1.
Configure the port as an 802.1q trunk port.
Configure the port as a trunk port and assign it to VLAN1.
Configure the port as an 802.1q trunk port.
Explanation: The port on the switch that connects to the router interface should be configured as a trunk port. Once it becomes a trunk port, it does not belong to any particular VLAN and will forward traffic from various VLANs.
What are three techniques for mitigating VLAN attacks? (Choose three.)
Use private VLANs.
Enable BPDU guard.
Enable trunking manually
Enable Source Guard.
Disable DTP.
Set the native VLAN to an unused VLAN.
Enable trunking manually
Disable DTP.
Set the native VLAN to an unused VLAN.
Explanation: Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setting the native VLAN of trunk links to VLANs not in use.
Match the DHCP message types to the order of the DHCPv4 process. (Not all options are used.)
The broadcast DHCPDISCOVER message finds DHCPv4 servers on the network. When the DHCPv4 server receives a DHCPDISCOVER message, it reserves an available IPv4 address to lease to the client and sends the unicast DHCPOFFER message to the requesting client. When the client receives the DHCPOFFER from the server, it sends back a DHCPREQUEST. On receiving the DHCPREQUEST message the server replies with a unicast DHCPACK message. DHCPREPLY and DHCPINFORMATION-REQUEST are DHCPv6 messages.
In which situation would a technician use the show interfaces switch command?
to determine if remote access is enabled
when packets are being dropped from a particular directly attached host
when an end device can reach local devices, but not remote devices
to determine the MAC address of a directly attached network device on a particular interface
when packets are being dropped from a particular directly attached host
Explanation: The show interfaces command is useful to detect media errors, to see if packets are being sent and received, and to determine if any runts, giants, CRCs, interface resets, or other errors have occurred. Problems with reachability to a remote network would likely be caused by a misconfigured default gateway or other routing issue, not a switch issue. The show mac address-table command shows the MAC address of a directly attached device.
What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?
There is no ability to provide accountability.
User accounts must be configured locally on each device, which is an unscalable authentication solution.
It is very susceptible to brute-force attacks because there is no username.
The passwords can only be stored in plain text in the running configuration.
User accounts must be configured locally on each device, which is an unscalable authentication solution.
Explanation: The local database method of securing device access utilizes usernames and passwords that are configured locally on the router. This allows administrators to keep track of who logged in to the device and when. The passwords can also be encrypted in the configuration. However, the account information must be configured on each device where that account should have access, making this solution very difficult to scale.
What action does a DHCPv4 client take if it receives more than one DHCPOFFER from multiple DHCP servers?
It sends a DHCPREQUEST that identifies which lease offer the client is accepting.
It sends a DHCPNAK and begins the DHCP process over again.
It discards both offers and sends a new DHCPDISCOVER.
It accepts both DHCPOFFER messages and sends a DHCPACK.
It sends a DHCPREQUEST that identifies which lease offer the client is accepting.
Refer to the exhibit. The network administrator is configuring the port security feature on switch SWC. The administrator issued the command show port-security interface fa 0/2 to verify the configuration. What can be concluded from the output that is shown? (Choose three.)
Three security violations have been detected on this interface.
This port is currently up.
The port is configured as a trunk link.
Security violations will cause this port to shut down immediately.
There is no device currently connected to this port.
The switch port mode for this interface is access mode.
This port is currently up.
Security violations will cause this port to shut down immediately.
The switch port mode for this interface is access mode.
Explanation: Because the security violation count is at 0, no violation has occurred. The system shows that 3 MAC addresses are allowed on port fa0/2, but only one has been configured and no sticky MAC addresses have been learned. The port is up because of the port status of secure-up. The violation mode is what happens when an unauthorized device is attached to the port. A port must be in access mode in order to activate and use port security.
What method of wireless authentication is dependent on a RADIUS authentication server?
WEP
WPA Personal
WPA2 Personal
WPA2 Enterprise
WPA2 Enterprise
A network administrator has found a user sending a double-tagged 802.1Q frame to a switch. What is the best solution to prevent this type of attack?
The native VLAN number used on any trunk should be one of the active data VLANs.
The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.
Trunk ports should be configured with port security.
Trunk ports should use the default VLAN as the native VLAN number.
The VLANs for user access ports should be different VLANs than any native VLANs used on trunk ports.
Refer to the exhibit. Which two conclusions can be drawn from the output? (Choose two.)
The EtherChannel is down.
The port channel ID is 2.
The port channel is a Layer 3 channel.
The bundle is fully operational.
The load-balancing method used is source port to destination port.
The EtherChannel is down.
The port channel ID is 2.
