Module 24 Exam Back to Main Page 1. You've enabled port security on your switch port. Which command will configure only a static mac address to connect? Switch(config-if)#switchport mac-address 0001.14ac.3298Switch(config-if)#port-security mac-address 0001.14ac.3298Switch(config-if)#switchport port-security mac-address 0001.14ac.3298Switch(config-if)#switchport permit mac-address 0001.14ac.3298Question 1 of 24 2. You configure the below command. Where is the learned mac address added? switchport port-security mac-address sticky running configurationstartup configurationcam tablearp tableQuestion 2 of 24 3. You are asked to configure a switch port to permit only three mac addresses to connect. Which command do you use? Switch(config-if)#switchport port-security maximum 3Switch(config-if)#switchport port-security permit 3Switch(config-if)#switchport port-security 3Switch(config-if)#switchport port-security mac 3Question 3 of 24 4. Which are the options for port security once it is triggered? (choose all that apply) ShutdownProtectRestrictSecureFlowDisableQuestion 4 of 24 5. 802.1x provides which three device roles? Supplicant (or client)AuthenticatorAuthentication ServerControllerSlaveMasterQuestion 5 of 24 6. The 802.1x authentication process uses the _________ between the supplicant and the authenticator as the foundation protocol for authentication. RADIUSTACACS+AAAExtensible Authentication Protocol (EAP)Question 6 of 24 7. 802.1X messages between the authenticator and the server need to feature ______ attributes. SSHMD5TACACS+RADIUSQuestion 7 of 24 8. DHCP snooping features the concept of which port types? (choose two) mastertrusteduntrustedslaveprimarysecondaryQuestion 8 of 24 9. Switch stacking comes in which options? StackWiseFlexstack PlusFlexstackFlexstack GoldFlexWiseQuestion 9 of 24 10. Switchport Protect Mode means – Keep the port up, but do not allow the off ending host to send/receive data. SNMP trap is sent. TrueFalseQuestion 10 of 24 11. The switchport err-disable root causes can vary based on the switch model, but the most common causes include: security-violationpsecure-violationbpduguardarp-inspectionincorrect passwordQuestion 11 of 24 12. The default errdisable recovery timeout is ____ on most switches. 30 seconds300 seconds3 seconds3 minutesQuestion 12 of 24 13. Which command will reveal the below output? Switch#show errdisableSwitch#show recoverySwitch#show errdisable recoverySwitch#show errdisable statusQuestion 13 of 24 14. Common layer 2 attacks include: ARP spoofingCAM table overflow attacksRogue DHCP serversVLAN hoppingQuestion 14 of 24 15. Dynamic ARP Inspection can be used in both Dynamic Host Configuration Protocol (DHCP) and non-DHCP environments. TrueFalseQuestion 15 of 24 16. Dynamic ARP Inspection is supported on? access portstrunk portsEtherChannel portsprivate VLAN (PVLAN) portsQuestion 16 of 24 17. Which command will display the below output? show vlan 5 arpshow ip arp allshow ip arp inspection vlan 5show ip arp activeQuestion 17 of 24 18. This keyword modifies the IP validation test so that ARPs with a sender address of 0.0.0.0 are not denied by the switch. ip arp inspection validate ______ permit 0.0.0.0permit 0permit zerosallow zerosQuestion 18 of 24 19. DHCP uses ____ port __. UDP/68TCP/68UDP/61UDP/53Question 19 of 24 20. DHCP snooping provides network protection from rogue DHCP servers by creating a logical ______ between untrusted hosts and DHCP servers. VLANfirewallDMZNetworkQuestion 20 of 24 21. Globally enable DHCP snooping on the switch by issuing the ______ global configuration command. enable snoopingsnooping enabledhcp snoopingip dhcp snoopingQuestion 21 of 24 22. There are two primary methods used to perform VLAN hopping attacks, as follows: VLAN-taggingSwitch-taggingDouble-taggingSwitch spoofingQuestion 22 of 24 23. By default, traffic in the native VLAN using 802.1Q trunks is not tagged as frames travel between switches in the Layer 2 switched network. TrueFalseQuestion 23 of 24 24. To allow for 802.1x authentication, the 802.1x multiple hosts feature allows multiple users to gain access to a single authenticated 802.1x port. TrueFalseQuestion 24 of 24 Loading...
