Professional Documents
Culture Documents
1 / 1 pts
How should unused ports on a switch be configured in order to prevent
VLAN hopping attacks?
Configure them with the UDLD feature.
Configure them with the PAgP protocol.
Configure them as trunk ports for the native VLAN 1.
Correct!
Configure them as access ports and associate them with an unused VLAN.
The CAM table will be full, causing legitimate frames to be forwarded out
all ports within the VLAN and allowing unauthorized users to capture data.
An attacking device can send or receive packets on various VLANs and
bypass Layer 3 security measures.
An attacking device can exhaust the address space available to the DHCP
servers for a period of time or establish itself as a DHCP server in man-inthe-middle attacks.
Information that is sent through CDP is transmitted in clear text and is
unauthenticated, allowing it to be captured and to divulge network topology
information.
root guard
Private VLANs
DHCP snooping
Correct!
VLAN access maps
Dynamic ARP Inspection
The web servers WS_1 and WS_2 need to be accessed by external and
internal users. For security reasons, the servers do not have to communicate
with each other although they are located on the same subnet. Both servers
need to communicate with the data server that is located on the inside
network. Which configuration will isolate the servers from inside attacks?
Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary
VLAN promiscuous ports.
Ports Fa3/1, Fa3/2, Fa3/34, and Fa3/35 on DSW1 will be defined as primary
VLAN community ports.
Correct!
Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN isolated
ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN promiscuous
ports.
Ports Fa3/1 and Fa3/2 on DSW1 will be defined as secondary VLAN
community ports. Ports Fa3/34 and Fa3/35 will be defined as primary VLAN
promiscuous ports.
After the configuration has been applied to ACSw22, frames that are bound
for the node on port FastEthernet 0/1 are periodically being dropped. What
should be done to correct the issue?
Correct!
Add the switchport port-security mac-address sticky command to the
interface configuration.
Change the port speed to speed auto with the interface configuration
mode.
Use the switchport mode trunk command in the interface configuration.
Remove the switchport command from the interface configuration.
All access ports on a switch are configured with the administrative mode of
dynamic auto. An attacker, connected to one of the ports, sends a malicious
DTP frame. What is the intent of the attacker?
Correct!
VLAN hopping
DHCP spoofing attack
MAC flooding attack
ARP poisoning attack
The DNS servers DNS1 and DNS2 are redundant copies so they need to
communicate with each other and to the Internet. The SMTP server should
not be reachable from the DNS Servers. Based on the partial configuration
that is provided, what private VLANs design will be implemented?
Correct!
Community VLAN 202 will be created to host both DNS servers, and this
VLAN will be associated with the primary VLAN 100.
Isolated VLAN 202 will be created to host both DNS servers, and this VLAN
will be associated with the primary VLAN 100.
Community VLAN 100 will be created to host both DNS servers, and this
VLAN will be associated with the primary VLAN 202.
Isolated VLAN 100 will be created to host both DNS servers, and this VLAN
will be associated with the primary VLAN 202.
Correct!
Issue the ip dhcp snooping trust command on all uplink interfaces on SW1,
SW2 and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW2 and
SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2,
and SW3.
Issue the ip dhcp snooping trust command on all interfaces on SW1, SW2,
and SW3 except interface Fa0/1 on SW1.