- Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?- DTP spoofing
- DHCP spoofing
- VLAN double-tagging*
- DHCP starvation
 
- What component of Cisco NAC is responsible for performing deep inspection of device security profiles?- Cisco NAC Profiler
- Cisco NAC Agent*
- Cisco NAC Manager
- Cisco NAC Server
 
- Which three functions are provided under Cisco NAC framework solution? (Choose three.)- VPN connection
- AAA services*
- intrusion prevention
- scanning for policy compliance*
- secure connection to servers
- remediation for noncompliant devices*
 
- Which feature is part of the Antimalware Protection security solution?- file retrospection*
- user authentication and authorization
- data loss prevention
- spam blocking
 
- What protocol should be disabled to help mitigate VLAN hopping attacks?- STP
- ARP
- CDP
- DTP*
 
- What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?- DHCP spoofing
- CAM table attack
- IP address spoofing
- DHCP starvation*
 
- What is the only type of port that an isolated port can forward traffic to on a private VLAN?- a community port
- a promiscuous port*
- another isolated port
- any access port in the same PVLAN
 
- What security countermeasure is effective for preventing CAM table overflow attacks?- DHCP snooping
- Dynamic ARP Inspection
- IP source guard
- port security*
 
- In what situation would a network administrator most likely implement root guard?- on all switch ports (used or unused)
- on all switch ports that connect to a Layer 3 device
- on all switch ports that connect to host devices
- on all switch ports that connect to another switch
- on all switch ports that connect to another switch that is not the root bridge*
 
- Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown? - The connection between S1 and PC1 is via a crossover cable.
- The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface.
- S1 has been configured with a switchport port-security aging command.
- The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.*
 
- Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation?- PVLAN Edge*
- DTP
- SPAN
- BPDU guard
 
- Which two functions are provided by Network Admission Control? (Choose two.)- protecting a switch from MAC address table overflow attacks
- enforcing network security policy for hosts that connect to the network*
- ensuring that only authenticated hosts can access the network*
- stopping excessive broadcasts from disrupting network traffic
- limiting the number of MAC addresses that can be learned on a single switch port
 
- Which spanning-tree enhancement prevents the spanning-tree topology from changing by blocking a port that receives a superior BPDU?- BDPU filter
- PortFast
- BPDU guard
- root guard*
 
- What is the role of the Cisco NAC Manager in implementing a secure networking infrastructure?- to define role-based user access and endpoint security policies*
- to assess and enforce security policy compliance in the NAC environment
- to perform deep inspection of device security profiles
- to provide post-connection monitoring of all endpoint devices
 
- What is the role of the Cisco NAC Server within the Cisco Secure Borderless Network Architecture?- providing the ability for company employees to create guest accounts
- providing post-connection monitoring of all endpoint devices
- defining role-based user access and endpoint security policies
- assessing and enforcing security policy compliance in the NAC environment*
 
- What is the role of the Cisco NAC Guest Server within the Cisco Borderless Network architecture?- It defines role-based user access and endpoint security policies.
- It provides the ability for creation and reporting of guest accounts.*
- It provides post-connection monitoring of all endpoint devices.
- It performs deep inspection of device security profiles.
 
- Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?- root guard
- port security*
- storm control
- BPDU filter
 
- What is the behavior of a switch as a result of a successful CAM table attack?- The switch will forward all received frames to all other ports.*
- The switch will drop all received frames.
- The switch interfaces will transition to the error-disabled state.
- The switch will shut down.
 
- What additional security measure must be enabled along with IP Source Guard to protect against address spoofing?- port security
- BPDU Guard
- root guard
- DHCP snooping*
 
- Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients?- turning on DHCP snooping*
- implementing port security
- implementing port-security on edge ports
- disabling CDP on edge ports
 
- What are three techniques for mitigating VLAN hopping attacks? (Choose three.)- Set the native VLAN to an unused VLAN.*
- Disable DTP.*
- Enable Source Guard.
- Enable trunking manually.*
- Enable BPDU guard.
- Use private VLANs.
 
- What two mechanisms are used by Dynamic ARP inspection to validate ARP packets for IP addresses that are dynamically assigned or IP addresses that are static? (Choose two.)- MAC-address-to-IP-address bindings*
- RARP
- ARP ACLs*
- IP ACLs
- Source Guard
 
- Which STP stability mechanism is used to prevent a rogue switch from becoming the root switch?- Source Guard
- BPDU guard
- root guard*
- loop guard
 
- How can a user connect to the Cisco Cloud Web Security service directly?- through the connector that is integrated into any Layer 2 Cisco switch
- by using a proxy autoconfiguration file in the end device*
- by accessing a Cisco CWS server before visiting the destination web site
- by establishing a VPN connection with the Cisco CWS
 
- What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?- enforcing the placement of root bridges
- preventing buffer overflow attacks
- preventing rogue switches from being added to the network*
- protecting against Layer 2 loops
 
- Fill in the blank.
 DHCP snooping is a mitigation technique to prevent rogue DHCP servers from providing false IP configuration parameters.
| cisco | |||||
| Ccna1 | Ccna2 | Ccna3 | Ccna4 | IT |  | 
|  |  |  |  |  |  | 
dimanche 25 novembre 2018
CCNA Security v2.0 Chapter 6 Exam Answers 2018
Inscription à :
Publier les commentaires (Atom)
CCNA Security v2.0 Final Exam Answers 2018
Which security implementation will provide control plane protection for a network device? encryption for remote access connections AAA f...
 
- 
Which routing protocol is designed to use areas to scale large hierarchical networks? RIP OSPF* EIGRP BGP OSPF works best for a ...
- 
A network administrator enters the command copy running-config startup-config. Which type of memory will the startup configuration be plac...
- 
In which configuration would an outbound ACL placement be preferred over an inbound ACL placement? when the ACL is applied to an outbound...
Aucun commentaire:
Enregistrer un commentaire