Professional Documents
Culture Documents
- Fast switching, using the cache, is like doing a problem once long hand, and subsequent problems you remember the answer for, (from memory, or the cache). - CEF is like having programmed an excel spreadsheet, and when the numbers hit the cells, the answer is already calculated.
WebLaunch -
39. An administrator wants to prevent a rogue Layer 2 device from intercepting traffic from multiple VLANs on a network. Which two actions help mitigate this type of activity? (Choose two.) +Disable DTP on ports that require trunking. -Place unused active ports in an unused VLAN. -Secure the native VLAN, VLAN 1, with encryption. +Set the native VLAN on the trunk ports to an unused VLAN. Turn off trunking on all trunk ports and manually configure each VLAN as required on each port. --secure boot
--The three security audit tools that are available include: - Security Audit wizard - a security audit feature provided through CCP. The Security Audit wizard provides a list of vulnerabilities and then allows the administrator to choose which potential security-related configuration changes to implement on a router. ---Refer to the exhibit. Which option tab on the CCP screen is used to view the Top Threats table and deploy signatures associated with those threats? Create IPS Edit IPS +Security Dashboard IPS Sensor IPS Migration
AAA authentication using the local database as the default for console line and vty lines access
CORP(config)# aaa new model CORP(config)# aaa authentication login default local CORP(config)# aaa authorization exec default local
CORP(config)# line vty 0 4 CORP(config-line)# login authentication default CORP(config-line)# line vty 5 15 CORP(config-line)# login authentication default CORP(config-line)# line con 0 CORP(config-line)# login authentication default --SW1(config)# interface fa0/24 SW1(config)# storm-control broadcast level 50 --
SW1(config)# interface range fa0/1-23 SW1(config-if-range)# spanning-tree portfast SW1(config-if-range)# spanning-tree bpduguard enable ----
Set the maximum number of learned MAC addresses to 2 on FastEthernet ports 0/1 to 0/23. Allow the MAC address to be learned dynamically and to shutdown the port if a violation occurs.
SW1(config)# interface range fa0/1-23 SW1(config-if-range)# switchport port-security SW1(config-if-range)# switchport port-security maximum 2 SW1(config-if-range)# switchport port-security violation shutdown SW1(config-if-range)# switchport port-security mac-address sticky --. Configure the IPS signature storage location to be flash:ipsdir. CORP(config)# ip ips config location flash:ipsdir/ retries 1