CCNA Security - Chapter 6

1.

1 point

Which frames are spoofed in STP manipulation attacks?

ISL

BPDU

802.1q

DTP

2.

1 point

Which option best describes a MAC address spoofing attack?

An attacker alters the MAC address of the switch to gain access to the network device from a rogue host device.

An attacker alters the MAC address of his host to match another known MAC address of a target host.

An attacker gains access to another host and masquerades as the rightful user of that device.

An attacker floods the MAC address table of a switch so that the switch can no longer filter network access based on MAC addresses.

3.

1 point

As a recommended practice for Layer 2 security, how should VLAN 1 be treated?

VLAN 1 should be used for management traffic.

All trunk ports should be assigned to VLAN 1.

VLAN 1 should not be used.

All access ports should be assigned to VLAN 1.

4.

1 point

Which Cisco endpoint security product helps maintain network stability by providing posture assessment, quarantining of noncompliant systems, and remediation of noncompliant systems?

Cisco Security Agent workstation

Cisco Intrusion Prevention System router

Cisco Network Admission Control appliance

Cisco Access Control Server

5.

1 point

An administrator wants to prevent a rogue Layer 2 device from intercepting traffic from multiple VLANs on a network. Which two actions help mitigate this type of activity? (Choose two.)

Set the native VLAN on the trunk ports to an unused VLAN.

Secure the native VLAN, VLAN 1, with encryption.

Disable DTP on ports that require trunking.

Turn off trunking on all trunk ports and manually configure each VLAN as required on each port.

Place unused active ports in an unused VLAN.

6.

1 point

Which device supports the use of SPAN to enable monitoring of malicious activity?

Cisco NAC

Cisco Security Agent

Cisco IronPort

Cisco Catalyst switch

7.

1 point

When configuring a switch port for port security, what is the default violation mode?

protect

restrict

reset

shutdown

8.

1 point

If a switch is configured with the storm-control command and the action shutdown and action trap parameters, which two actions does the switch take when a storm occurs on a port? (Choose two.)

An SNMP log message is sent.

The switch is rebooted.

The switch forwards control traffic only.

The port is placed in a blocking state.

The port is disabled.

9.

1 point

Which technology is used to protect the switched infrastructure from problems caused by receiving BPDUs on ports that should not be receiving them?

RSPAN

PortFast

Root guard

BPDU guard

Loop guard

10.

1 point

Which three statements are true regarding SPAN and RSPAN? (Choose three.)

RSPAN is required for syslog and SNMP implementation.

RSPAN can be used to forward traffic to reach an IDS that is analyzing traffic for malicious behavior.

SPAN can copy traffic on a source port or source VLAN to a destination port on the same switch.

SPAN can send a copy of traffic to a port on another switch.

SPAN can be configured to send a copy of traffic to a destination port on the same switch.

RSPAN is required to copy traffic on a source VLAN to a destination port on the same switch.

11.

1 point

Which three switch security commands are required to enable port security on a port so that it will dynamically learn a single MAC address and disable the port if a host with any other MAC address is connected? (Choose three.)

switchport port-security

switchport port-security mac-address sticky

switchport port-security maximum 2

switchport mode access

switchport mode trunk

switchport port-security mac-address mac-address

12.

1 point

Which attack relies on the default automatic trunking configuration on most Cisco switches?

STP manipulation attack

MAC address spoofing attack

LAN storm attack

VLAN hopping attack

13.

1 point

Which attack is mitigated by using port security?

STP manipulation

MAC address table overflow

LAN storm

VLAN hopping

14.

1 point

How is a reflector port used in an RSPAN configuration?

It acts like a loopback interface in that it reflects the captured traffic to the RSPAN VLAN.

It allows an RSPAN session to be backward compatible with a SPAN session.

It provides a dedicated connection for the IDS device.

It allows an IDS device to direct malicious traffic to it, isolating that traffic from other areas of the network.

15.

1 point

Which two elements are part of the Cisco strategy for addressing endpoint security? (Choose two.)

risk assessment compliance using products such as Cisco Security Agent

attack detection using products such as Cisco NAC

network infection monitoring using products such as Cisco Secure ACS

policy compliance using products such as Cisco NAC

threat protection using products such as Cisco Security Agent

16.

1 point

How many Cisco Security Agent clients can one Management Center for CSA console support?

100,000

1,000

1,000,000

10,000

17.

1 point

Which two measures are recommended to mitigate VLAN hopping attacks? (Choose two.)

Place all unused ports in a separate guest VLAN.

Use a dedicated native VLAN for all trunk ports.

Disable trunk negotiation on all ports connecting to workstations.

Ensure that the native VLAN is used for management traffic.

Enable DTP on all trunk ports.

18.

1 point

What happens when the MAC address notification feature is enabled on a switch?

An SNMP trap is sent to the network management system whenever a new MAC address is added to or an old address is deleted from the forwarding tables.

An SDEE alert is generated, and the switch resets the interface when an invalid MAC address is detected.

A port violation occurs when a MAC address outside of the range of allowed addresses transmits traffic over a secure port.

An STP multicast notification packet is forwarded to all switches any time a change in the network topology is detected.

19.

1 point

Refer to the exhibit. Based on the output generated by the show monitor session 1 command, how will SPAN operate on the switch?

All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.

All traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1.

Native VLAN traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.

Native VLAN traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1.

20.

1 point

Which three are SAN transport technologies? (Choose three.)

Fibre Channel

FCIP

IP PBX

iSCSI

SATA

IDE

21.

1 point

With IP voice systems on data networks, which two types of attacks target VoIP specifically? (Choose two.)

vishing

Kismet

CoWPAtty

virus

SPIT