1. As a
recommended practice for Layer 2 security, how should VLAN 1 be treated?
|
|
|
All access ports should be assigned to VLAN 1.
|
|
|
All trunk ports should be assigned to VLAN 1.
|
|
|
VLAN 1 should be used for management traffic.
|
|
>>
|
VLAN 1 should not be used.
|
|
|
|
2. With IP voice
systems on data networks, which two types of attacks target VoIP
specifically? (Choose two.)
|
|
|
CoWPAtty
|
|
|
Kismet
|
|
>>
|
SPIT
|
|
|
virus
|
|
>>
|
vishing
|
|
3. Which option
best describes a MAC address spoofing attack?
|
|
|
An attacker gains access to another host and
masquerades as the rightful user of that device.
|
|
>>
|
An attacker alters the MAC
address of his host to match another known MAC address of a target host.
|
|
|
An attacker alters the MAC address of the switch to
gain access to the network device from a rogue host device.
|
|
|
An attacker floods the MAC address table of a switch so
that the switch can no longer filter network access based on MAC addresses.
|
|
|
|
4. Which attack
relies on the default automatic trunking configuration on most Cisco
switches?
|
|
|
LAN storm attack
|
|
>>
|
VLAN hopping attack
|
|
|
STP manipulation attack
|
|
|
MAC address spoofing attack
|
|
|
|
5. Which two
measures are recommended to mitigate VLAN hopping attacks? (Choose two.)
|
|
>>
|
Use a dedicated native VLAN
for all trunk ports.
|
|
|
Place all unused ports in a separate guest VLAN.
|
|
>>
|
Disable trunk negotiation
on all ports connecting to workstations.
|
|
|
Enable DTP on all trunk ports.
|
|
|
Ensure that the native VLAN is
used for management traffic.
|
|
|
|
6. Which three
are SAN transport technologies? (Choose three.)
|
|
>>
|
Fibre Channel
|
|
|
SATA
|
|
>>
|
iSCSI
|
|
|
IP PBX
|
|
>>
|
FCIP
|
|
|
IDE
|
|
|
|
7. Refer to the
exhibit. What action will the switch take when the maximum number of secure
MAC addresses has reached the allowed limit on the Fa0/2 port?
|
|
|
Packets with unknown source addresses are dropped, but
notification of the dropped packets is sent.
|
|
|
The VLAN that Fa0/2 is on is set to error-disabled and
all traffic on the VLAN is stopped.
|
|
|
The interface immediately becomes error-disabled and
the port LED is turned off.
|
|
>>
|
Packets with unknown source
addresses are dropped without notification.
|
|
|
|
8. Which
software tool can a hacker use to flood the MAC address table of a switch?
|
|
>>
|
macof
|
|
|
Cisco CCP
|
|
|
kiwi syslog server
|
|
|
protocol analyzer
|
|
|
|
9. Which two
methods are used to mitigate VLAN attacks? (Choose two.)
|
|
|
enabling port security on all trunk ports
|
|
>>
|
using a dummy VLAN for the
native VLAN
|
|
|
implementing BPDU guard on all access ports
|
|
>>
|
disabling DTP
autonegotiation on all trunk ports
|
|
|
using ISL instead of 802.1q encapsulation on all trunk
interfaces
|
|
|
|
10. Which three switch security commands are required to enable port
security on a port so that it will dynamically learn a single MAC address and
disable the port if a host with any other MAC address is connected? (Choose
three.)
|
|
>>
|
switchport mode access
|
|
|
switchport mode trunk
|
|
>>
|
switchport port-security
|
|
|
switchport port-security maximum 2
|
|
>>
|
switchport port-security
mac-address sticky
|
|
|
switchport port-security mac-address mac-address
|
|
|
|
11.What is an
example of a trusted path in an operating system?
|
|
|
digital certificate
|
|
|
digital signature
|
|
|
hash message authentication
|
|
>>
|
Ctrl-Alt-Delete key
sequence
|
|
|
|
12. Why are
traditional network security perimeters not suitable for the latest
consumer-based network endpoint devices?
|
|
|
These devices are not managed by the corporate IT
department.
|
|
>>
|
These devices are more
varied in type and are portable.
|
|
|
These devices connect to the corporate network through
public wireless networks.
|
|
|
These devices pose no risk to security as they are not
directly connected to the corporate network.
|
|
|
|
13. Which Cisco
IronPort appliance would an organization install to manage and monitor
security policy settings and audit information?
|
|
|
C-Series
|
|
>>
|
M-Series
|
|
|
S-Series
|
|
|
SenderBase-Series
|
|
|
|
14. Which Cisco
IronPort appliance would an organization install to protect against malware?
|
|
|
C-Series
|
|
|
M-Series
|
|
>>
|
S-Series
|
|
|
SenderBase-Series
|
|
|
|
15. What is the
goal of the Cisco NAC framework and the Cisco NAC appliance?
|
|
>>
|
to ensure that only hosts
that are authenticated and have had their security posture examined and
approved are permitted onto the network
|
|
|
to monitor data from the company to the ISP in order to
build a real-time database of current spam threats from both internal and
external sources
|
|
|
to provide anti-malware scanning at the network
perimeter for both authenticated and non-authenticated devices
|
|
|
to provide protection against a wide variety of
web-based threats, including adware, phishing attacks, Trojan horses, and
worms
|
|
|
|
16. When the
Cisco NAC appliance evaluates an incoming connection from a remote device
against the defined network policies, what feature is being used?
|
|
|
authentication and authorization
|
|
>>
|
posture assessment
|
|
|
quarantining of noncompliant systems
|
|
|
remediation of noncompliant systems
|
|
|
|
17. Which
command is used to configure the PVLAN Edge feature?
|
|
|
switchport block
|
|
|
switchport nonnegotiate
|
|
>>
|
switchport protected
|
|
|
switchport port-security violation protect
|
|
|
|
18. Which
statement is true about a characteristic of the PVLAN Edge feature on a Cisco
switch?
|
|
|
All data traffic that passes between protected ports
must be forwarded through a Layer 2 device.
|
|
>>
|
All data traffic that
passes between protected ports must be forwarded through a Layer 3 device.
|
|
|
Only broadcast traffic is forwarded between protected
ports.
|
|
|
Only unicast traffic is forwarded between protected
ports.
|
|
|
|
19. What is the
default configuration of the PVLAN Edge feature on a Cisco switch?
|
|
|
All active ports are defined as protected.
|
|
|
All ports are defined as protected.
|
|
>>
|
No ports are defined as
protected.
|
|
|
EtherChannel groups are defined as protected ports.
|
|
|
|
20. Under which
circumstance is it safe to connect to an open wireless network?
|
|
|
The connection utilizes the 802.11n standard.
|
|
|
The device has been updated with the latest virus
protection software.
|
|
>>
|
The connection is followed
by a VPN connection to a trusted network.
|
|
|
The user does not plan on accessing the corporate
network when attached to the open wireless network.
|
No comments:
Post a Comment