No student devices needed. Know more
15 questions
What is a recommended best practice when dealing with the native VLAN?
Use port security.
Turn off DTP.
Assign it to an unused VLAN.
Assign the same VLAN number as the management VLAN.
On what switch ports should PortFast be enabled to enhance STP stability?
only ports that are elected as designated ports
all trunk ports that are not root ports
all end-user ports
only ports that attach to a neighboring switch
Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?
switchport port-security mac-address sticky mac-address
ip dhcp snooping
shutdown
switchport port-security violation shutdown
switchport port-security mac-address sticky
Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.)
DHCP server failover
extended ACL
port security
DHCP snooping
strong password on DHCP servers
What is the best way to prevent a VLAN hopping attack?
Use ISL encapsulation on all trunk links.
Disable STP on all nontrunk ports.
Use VLAN 1 as the native VLAN on trunk ports.
Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.
Which procedure is recommended to mitigate the chances of ARP spoofing?
Enable port security globally.
Enable DHCP snooping on selected VLANs.
Enable IP Source Guard on trusted ports.
Enable DAI on the management VLAN.
What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.)
unknown port
trusted DHCP port
unauthorized port
established DHCP port
untrusted port
Which two commands can be used to enable PortFast on a switch? (Choose two.)
S1(config-if)# enable spanning-tree portfast
S1(config-if)# spanning-tree portfast
S1(config)# enable spanning-tree portfast default
S1(config)# spanning-tree portfast default
S1(config-line)# spanning-tree portfast
An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation?
Reboot the switch.
Issue the shutdown command followed by the no shutdown command on the interface.
Issue the no switchport port-security command, then re-enable port security.
Issue the no switchport port-security violation shutdown command on the interface.
A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first?
ip dhcp snooping
ip dhcp snooping limit rate
ip dhcp snooping vlan
ip dhcp snooping trust
A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac. What is the purpose of this configuration command?
to check the destination MAC address in the Ethernet header against the MAC address table
to check the destination MAC address in the Ethernet header against the source MAC address in the ARP body
to check the destination MAC address in the Ethernet header against the user-configured ARP ACLs
to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body
Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?
storm control
port security
BPDU filter
BPDU filter
What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol?
VLAN hopping
DHCP spoofing
ARP poisoning
ARP spoofing
A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?
ip arp inspection trust
ip dhcp snooping
ip arp inspection vlan
spanning-tree portfast
Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?
flash
NVRAM
RAM
ROM
Explore all questions with a free account