You need to configure port security on switch R1.
Which two statements are true about this technology? ()
A. Port security can be configured for ports supporting VoIP.
B. With port security configured, four MAC addresses are allowed by default.
C. The network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.
D. Withsecurity configured, only one MAC addresses is allowed by default.
E. Port security cannot be configured for ports supporting VoIP.
您可能感興趣的試卷
你可能感興趣的試題
Refer to the exhibit. Based on the running configuration that is shown for interface FastEthernet0/2,
what two conclusions can be deduced?()
A. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthernet0/2 into error disabled state.
B. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds of inactivity.
C. The sticky secure MAC addresses are treated as static secure MAC addresses after the running configuration is saved to the startup configuration and the switch is restarted.
D. Interface FastEthernet0/2 is a voice VLAN port.
E. The host with address 0000.0000.000b is removed from the secure address list after 300 seconds.
Refer to the exhibit.
Which interface or interfaces on switch SW_A can have the port security feature enabled?()
A. Ports 0/1 and 0/2
B. The trunk port 0/22 and the EtherChannel ports
C. Ports 0/1, 0/2 and 0/3
D. Ports 0/1, 0/2, 0/3, the trunk port 0/22 and the EtherChannel ports
E. Port 0/1
F. Ports 0/1, 0/2, 0/3 and the trunk port 0/22
A Company switch was configured as shown below:
switchport mode access switchport port-security
switchport port-security maximum 2
switchport port-security mac-address 0002.0002.0002
switchport port-security violation shutdown
Given the configuration output shown above,
what happens when a host with the MAC address of 0003.0003.0003 is directly connected to the switch port? ()
A. The host will be allowed to connect.
B. The port will shut down.
C. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.
D. The host will be refused access.
E. None of the other alternatives apply
VLAN maps have been configured on switch R1.
Which of the following actions are taken in a VLAN map that does not contain a match clause? ()
A. Implicit deny feature at end of list.
B. Implicit deny feature at start of list.
C. Implicit forward feature at end of list
D. Implicit forward feature at start of list.
Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other,
although they are located on the same subnet. The servers do need, however, to communicate with a database server located in the inside network.
What configuration will isolate the servers from each other? ()
A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
B. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN community ports.
D. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
pany is implementing 802.1X in order to increase network security. In the use of 802.1X
access control,
which three protocols are allowed through the switch port before authentication takes place? ()
A. EAP-over-LAN
B. EAP MD5
C. STP
D. protocols not filtered by an ACL
E. CDP
F. TACACS+
Refer to the exhibit.
What will happen to traffic within VLAN 14 with a source address of 172.16.10.5?()
A. The traffic will be forwarded to the router processor for further processing.
B. The traffic will be dropped.
C. The traffic will be forwarded to the TCAM for further processing.
D. The traffic will be forwarded without further processing.
The Company security administrator wants to prevent DHCP spoofing.
Which statement is true about DHCP spoofing operation?()
A. DHCP spoofing and SPAN cannot be used on the same port of a switch.
B. To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by a dynamic ARP packet.
C. To prevent a DHCP spoofing, the switch must have DHCP server services disabled and a static entry pointing towards the DHCP server.
D. DHCP spoofing can be prevented by placing all unused ports in an unused VLAN.
E. None of the other alternatives apply.
The Company security administrator is concerned with layer 2 network attacks.
Which two statements about these attacks are true? ()
A. ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.
B. ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.
C. MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.
D. ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.
E. MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
You work as a network technician at Company. Your boss, Mrs. , is interested in
switch spoofing.
She asks you how an attacker would collect information with VLAN hoping through switch spoofing. You should tell her that the attacking station... ()
A、...uses VTP to collect VLAN information that is sent out and then tags itself with the domain information in order to capture the data.
B、...will generate frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.
C、...uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk.
D、...tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.
E、None of the other alternatives apply
最新試題
Refer to the exhibit. STP has been implemented in the network. Switch SW_A is the root switch for the default VLAN. To reduce the broadcast domain, the network administrator decides to split users on the network into VLAN 2 and VLAN 10. The administrator issues the command spanning-tree vlan 2 root primary on switch SW_A. What will happen as a result of this change?()
Which three statements are true of the Link Aggregation Control Protocol (LACP)?()
Based on the show spanning-tree vlan 200 output shown in the exhibit, which two statements about the STP process for VLAN 200 are true? ()
Refer to the exhibit. The command switchport mode access is issued on interface FastEthernet0/13 on switch CAT1. What will be the result?()
Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link?()
Refer to the exhibit. Switch S2 contains the default configuration. Switches S1 and S3 both have had the command spanning-tree mode rapid-pvst issued on them. What will be the result?()
Refer to the exhibit and the partial configuration of switch SW_A and SW_B. STP is configured on all switches in the network. SW_B receives this error message on the console port:00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half duplex), with SW_A FastEthernet0/4 (half duplex) , with TBA05071417(Cat6K-B) 0/4 (half duplex). What would be the possible outcome of the problem?()
Refer to the exhibit. What does the command channel-group 1 mode desirable do? ()
How are STP timers and state transitions affected when a topology change occurs in an STP environment?()
Which router redundancy protocol cannot be configured for interface tracking?()