Kopieren und bearbeiten

CCNA Security Chapter 6 Exam

Beschreibung

CCNA Security Chapter 6 Exam
d94829 d94829
Quiz von d94829 d94829, aktualisiert more than 1 year ago
d94829 d94829
Erstellt von d94829 d94829 vor fast 6 Jahre
572
3
0

Zusammenfassung der Ressource

Frage 1

Frage
Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown?
Image:
Gu Qod Y7 Dl Tr1 Tlvef Yswu Mz9v F Tav J Ux Jw D Dn Nv Numxw Za Rrqt Do Wy R Lr41 Xd L V Lj Y Uy9xdh P Dd Jyh Vi Jk Ylpnagjh Lg R3 Re Vi17 I9 Zfol2 I9y Gn5ysd6ok B4y2i2n Ub4 Vkfz8 Ez Uj L3xv7gpl4vvwc0z0we R7ey3 T F Akb Oxa4j M Fxov Ll6nc9 Kng Fv Bxq Apa8s (image/png)
Antworten
  • The connection between S1 and PC1 is via a crossover cable
  • The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface
  • S1 has been configured with a switchport port-security aging command
  • The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address

Frage 2

Frage
Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation?
Antworten
  • PVLAN Edge
  • DTP
  • SPAN
  • BPDU guard

Frage 3

Frage
Which two functions are provided by Network Admission Control?
Antworten
  • protecting a switch from MAC address table overflow attacks
  • enforcing network security policy for hosts that connect to the network
  • ensuring that only authenticated hosts can access the network
  • stopping excessive broadcasts from disrupting network traffic
  • limiting the number of MAC addresses that can be learned on a single switch port

Frage 4

Frage
Which spanning-tree enhancement prevents the spanning-tree topology from changing by blocking a port that receives a superior BPDU?
Antworten
  • BDPU filter
  • PortFast
  • BPDU guard
  • root guard

Frage 5

Frage
Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?
Antworten
  • root guard
  • port security
  • storm control
  • BPDU filter

Frage 6

Frage
In what situation would a network administrator most likely implement root guard?
Antworten
  • on all switch ports (used or unused)
  • on all switch ports that connect to a Layer 3 device
  • on all switch ports that connect to host devices
  • on all switch ports that connect to another switch
  • on all switch ports that connect to another switch that is not the root bridge

Frage 7

Frage
What component of Cisco NAC is responsible for performing deep inspection of device security profiles?
Antworten
  • Cisco NAC Profiler
  • Cisco NAC Agent
  • Cisco NAC Manager
  • Cisco NAC Server

Frage 8

Frage
What is the role of the Cisco NAC Manager in implementing a secure networking infrastructure?
Antworten
  • to define role-based user access and endpoint security policies
  • to assess and enforce security policy compliance in the NAC environment
  • to perform deep inspection of device security profiles
  • to provide post-connection monitoring of all endpoint devices

Frage 9

Frage
What is the role of the Cisco NAC Server within the Cisco Secure Borderless Network Architecture?
Antworten
  • providing the ability for company employees to create guest accounts
  • providing post-connection monitoring of all endpoint devices
  • defining role-based user access and endpoint security policies
  • assessing and enforcing security policy compliance in the NAC environment

Frage 10

Frage
What is the role of the Cisco NAC Guest Server within the Cisco Borderless Network architecture?
Antworten
  • It defines role-based user access and endpoint security policies.
  • It provides the ability for creation and reporting of guest accounts
  • It provides post-connection monitoring of all endpoint devices
  • It performs deep inspection of device security profiles

Frage 11

Frage
Which three functions are provided under Cisco NAC framework solution? (Choose three.)
Antworten
  • VPN connection
  • AAA services
  • intrusion prevention
  • scanning for policy compliance
  • secure connection to servers
  • remediation for noncompliant devices

Frage 12

Frage
Which feature is part of the Antimalware Protection security solution?
Antworten
  • file retrospection
  • user authentication and authorization
  • data loss prevention
  • spam blocking

Frage 13

Frage
What security countermeasure is effective for preventing CAM table overflow attacks?
Antworten
  • DHCP snooping
  • Dynamic ARP Inspection
  • IP source guard
  • port security

Frage 14

Frage
What is the behavior of a switch as a result of a successful CAM table attack?
Antworten
  • The switch will forward all received frames to all other ports
  • The switch will drop all received frames
  • The switch interfaces will transition to the error-disabled state
  • The switch will shut down

Frage 15

Frage
What additional security measure must be enabled along with IP Source Guard to protect against address spoofing?
Antworten
  • port security
  • BPDU Guard
  • root guard
  • DHCP snooping

Frage 16

Frage
What are three techniques for mitigating VLAN hopping attacks? (Choose three.)
Antworten
  • Set the native VLAN to an unused VLAN
  • Disable DTP
  • Enable Source Guard
  • Enable trunking manually
  • Enable BPDU guard
  • Use private VLANs

Frage 17

Frage
What two mechanisms are used by Dynamic ARP inspection to validate ARP packets for IP addresses that are dynamically assigned or IP addresses that are static? (Choose two.)
Antworten
  • MAC-address-to-IP-address bindings
  • RARP
  • ARP ACLs
  • IP ACLs
  • Source Guard

Frage 18

Frage
What protocol should be disabled to help mitigate VLAN hopping attacks?
Antworten
  • STP
  • ARP
  • CDP
  • DTP

Frage 19

Frage
What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?
Antworten
  • DHCP spoofing
  • CAM table attack
  • IP address spoofing
  • DHCP starvation

Frage 20

Frage
What is the only type of port that an isolated port can forward traffic to on a private VLAN
Antworten
  • a community port
  • a promiscuous port
  • another isolated port
  • any access port in the same PVLAN

Frage 21

Frage
Which STP stability mechanism is used to prevent a rogue switch from becoming the root switch?
Antworten
  • Source Guard
  • BPDU guard
  • root guard
  • loop guard

Frage 22

Frage
How can a user connect to the Cisco Cloud Web Security service directly?
Antworten
  • through the connector that is integrated into any Layer 2 Cisco switch
  • by using a proxy autoconfiguration file in the end device
  • by accessing a Cisco CWS server before visiting the destination web site
  • by establishing a VPN connection with the Cisco CWS

Frage 23

Frage
What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?
Antworten
  • enforcing the placement of root bridges
  • preventing buffer overflow attacks
  • preventing rogue switches from being added to the network
  • protecting against Layer 2 loops

Frage 24

Frage
Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients
Antworten
  • implementing port-security on edge ports
  • implementing port security
  • turning on DHCP snooping
  • disabling CDP on edge ports
Zusammenfassung anzeigen Zusammenfassung ausblenden

Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.

ähnlicher Inhalt

CCNA Security HW 3 & 4 (also exam review)
Anthony Schulmeister
CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
CCNA Security 210-260 IINS - Exam 3
Mike M
CCNA Security Final Exam
Maikel Degrande
CCNA Part 1
Axiom42
CCNA Answers – CCNA Exam
Abdul Demir
CCNA Part 2
Axiom42
Hálózat 5
Cougar
CCNA Security Chapter 1 Exam
d94829 d94829
Hálózat 10
Cougar
Bibliothek durchsuchen