LAN Attacks
Which Layer 2 attack will result in legitimate users not getting valid IP addresses?
a. ARP spoofing
b. DHCP starvation
c. IP address spoofing
d. MAC address flooding
what is b. DHCP starvation
Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices?
a. SNMP
b. TFTP
c. SSH
d. SCP
what is
c. SSH
Which two Cisco solutions help prevent DHCP starvation attacks? (Choose two.)
a. DHCP Snooping
b. IP Source Guard
c. Dynamic ARP Inspection
d. Port Security
e. Web Security Appliance
what is
a. DHCP Snooping
d. Port Security
Which IEEE standard operates at wireless frequencies in both the 5 GHz and 2.4 GHz ranges?
a. 802.1 1b
b. 802.1 1a
c. 802.1 1n
d. 802.1 1g
what is
c. 802.1 1n
What functionality is required on routers to provide remote workers with VoIP and videoconferencing capabilities?
a. QoS
b. VPN
c. SSH
what is
a. QoS
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
a. Disable DTP.
b. Disable STP.
c. Enable port security.
what is
c. Enable port security
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?
a. LLDP
b. CDP
c. FTP
d. HTTP
what is
b. CDP
What is a recommended best practice when dealing with the native VLAN?
a. Assign it to an unused VLAN.
b. Use port security.
c. Assign the same VLAN number as the management VLAN.
d. Turn off DTP
what is
a. Assign it to an unused VLAN.
Which type of telecommunication technology is used to provide Internet access to vessels at sea?
a. cellular
b. WiMax
c. satellite
d. municipal WiFi
what is
c. satellite
A user is configuring a wireless access point and wants to prevent any neighbors from discovering the network. What action does the user need to take?
a. enable WPA encryption
b. Disable SSID broadcast
c. Configure DMZ settings
b. disable SSID broadcast
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
a. place unused ports in an unused VLAN
b. Enable port security
c. Disable DTP
d. Disable STP
what is
b. enable port security
When security is a concern, which OSI Layer is considered to be the weakest link in a network system?
a. layer 4
b. layer 5
c. layer 2
d. layer 3
what is
c. layer 2
Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?
a. switchport port-security violation shutdown
b. shutdown
c. switchport port-security mac-address sticky
what is
b. shutdown
What Wi-Fi management frame is regularly broadcast by APs to announce their presence?
a. beacon
b. probe
c. authentication
d. association
what is
a. beacon
A user has just purchased a generic home router and would like to secure it. What should be done to help secure the wireless home router?
a. change the default administrator password
b. set the private IPv4 network for the internal network
c. Allow only IPv6 traffic to enter the router
a. change the default administrator password
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
a. accessibility
b. authentication
c. authorization
d. auditing
e. accounting
what is
authorization
What is involved in an IP address spoofing attack?
a. legitimate network IP address is hijacked by a rogue node.
b. bogus DHCPDISCOVEr messages are sent to consume all the available IP addresses on a DHCP server.
c. A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients
what is
a. legitimate network IP address is hijacked by a rogue node.
Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.)
a. port security
b. DHCP snooping
c. strong password on DHCP servers
d. DHCP server failover
what is
a. port security
b. DHCP snooping
If three 802.11b access points need to be deployed in close proximity, which three frequency channels should be used? (Choose three.)
a. 1
b. 11
c. 8
d. 6
e. 3
what is
a. 1
b. 11
d. 6
Why would a technician configure a passphrase for a WLAN on a wireless router?
a. to protect the SSID from being changed
b. to configure wireless client authentication
c. to protect someone from changing the configuration
what is
b. to configure wireless client authentication
What three services are provided by the AAA framework? (Choose three.)
a. accounting
b. authentication
c. authorization
d. automation
e. autobalancing
f. autoconfiguration
what is
a. accounting
b. authentication
c. authorization
Which three Cisco products focus on endpoint security solutions? (Choose three.)
a. Web Security Appliance
b. Adaptive Security Appliance
c. NAC Appliance
d. Email Security Appliance
what is
a. Web Security Appliance
c. NAC Appliance
d. Email Security Appliance
Which two commands can be used to enable PortFast on a switch? (Choose two.)
a. S1(config-if)# spanning-tree portfast
b. S1(config)#spanning-tree portfast default
c. S1(config-if)#enable spanning-tree portfast
what is
a. S1(config-if)# spanning-tree portfast
b. S1(config)#spanning-tree portfast default
Which two roles are typically performed by a wireless router that is used in a home or small business? (Choose two.)
a. access point
b. WLAN controller
c. Ethernet switch
d. repeater
what is
a. access point
c. Ethernet switch
A laptop cannot connect to a wireless access point. Which two troubleshooting steps should be taken first? (Choose two.)
a. ensure the laptop antenna is attached
b. ensure that the wireless NIC is enabled
c. ensure that the wireless SSID is chosen
what is
b. ensure that the wireless NIC is enabled
c. ensure that the wireless SSID is chosen