CCNA Security Chapter 6 Exam Answers
1.
Refer to the exhibit. The Fa0/2 interface
on switch S1 has been configured with the switchport port-security mac-address
0023.189d.6456 command and a workstation has been connected.
What could be the
reason that the Fa0/2 interface is shutdown?
·
The connection between S1 and PC1 is via
a crossover cable *
· The Fa0/24 interface of S1 is configured
with the same MAC address as the Fa0/2 interface.
·
S1 has been configured with a switchport
port-security aging command.
·
The MAC address of PC1
that connects to the Fa0/2 interface is not the configured MAC address.
2.
Two devices that are connected to the same
switch need to be totally isolated from one another. Which Cisco switch
security feature will provide this isolation?
·
PVLAN Edge
·
DTP
·
SPAN
·
BPDU guard
3.
Which two functions are provided by
Network Admission Control? (Choose two.)
·
protecting a switch from MAC address
table overflow attacks
·
enforcing network
security policy for hosts that connect to the network
·
ensuring that only
authenticated hosts can access the network
·
stopping excessive broadcasts from
disrupting network traffic
·
limiting the number of MAC addresses
that can be learned on a single switch port
4.
Which spanning-tree enhancement prevents
the spanning-tree topology from changing by blocking a port that receives a
superior BPDU?
·
BDPU filter
·
PortFast
·
BPDU guard
·
root guard
5.
Which security feature should be enabled
in order to prevent an attacker from overflowing the MAC address table of a
switch?
·
root guard
·
port security
·
storm control
·
BPDU filter
6.
In what situation would a network
administrator most likely implement root guard?
·
on all switch ports (used or unused)
·
on all switch ports that connect to a
Layer 3 device
·
on all switch ports that connect to host
devices
·
on all switch ports that connect to
another switch
·
on all switch ports that
connect to another switch that is not the root bridge
7.
What component of Cisco NAC is responsible
for performing deep inspection of device security profiles?
·
Cisco NAC Profiler
·
Cisco NAC Agent
·
Cisco NAC Manager
·
Cisco NAC Server
8.
What is the role of the Cisco NAC Manager
in implementing a secure networking infrastructure?
·
to define role-based
user access and endpoint security policies
·
to assess and enforce security policy
compliance in the NAC environment
·
to perform deep inspection of device
security profiles
·
to provide post-connection monitoring of
all endpoint devices
9.
What is the role of the Cisco NAC Server
within the Cisco Secure Borderless Network Architecture?
·
providing the ability for company
employees to create guest accounts
·
providing post-connection monitoring of
all endpoint devices
·
defining role-based user access and
endpoint security policies
·
assessing and enforcing
security policy compliance in the NAC environment
10.
What is the role of the Cisco NAC Guest
Server within the Cisco Borderless Network architecture?
·
It defines role-based user access and
endpoint security policies.
·
It provides the ability
for creation and reporting of guest accounts.
·
It provides post-connection monitoring
of all endpoint devices.
·
It performs deep inspection of device
security profiles.
11.
Which three functions are provided under
Cisco NAC framework solution? (Choose three.)
·
VPN connection
·
AAA services
·
intrusion prevention
·
scanning for policy
compliance
·
secure connection to servers
·
remediation for
noncompliant devices
12.
Which feature is part of the Antimalware
Protection security solution?
·
file retrospection
·
user authentication and authorization
·
data loss prevention
·
spam blocking
13.
What security countermeasure is effective
for preventing CAM table overflow attacks?
·
DHCP snooping
·
Dynamic ARP Inspection
·
IP source guard
·
port security
14.
What is the behavior of a switch as a
result of a successful CAM table attack?
·
The switch will forward
all received frames to all other ports.
·
The switch will drop all received
frames.
·
The switch interfaces will transition to
the error-disabled state.
·
The switch will shut down.
15.
What additional security measure must be
enabled along with IP Source Guard to protect against address spoofing?
·
port security
·
BPDU Guard
·
root guard
·
DHCP snooping
16.
What are three techniques for mitigating
VLAN hopping attacks? (Choose three.)
·
Set the native VLAN to
an unused VLAN.
·
Disable DTP.
·
Enable Source Guard.
·
Enable trunking
manually.
·
Enable BPDU guard.
·
Use private VLANs.
17.
What two mechanisms are used by Dynamic
ARP inspection to validate ARP packets for IP addresses that are dynamically
assigned or IP addresses that are static? (Choose two.)
·
MAC-address-to-IP-address
bindings
·
RARP
·
ARP ACLs
·
IP ACLs
·
Source Guard
18.
What protocol should be disabled to help
mitigate VLAN hopping attacks?
·
STP
·
ARP
·
CDP
·
DTP
19.
What network attack seeks to create a DoS
for clients by preventing them from being able to obtain a DHCP lease?
·
DHCP spoofing
·
CAM table attack
·
IP address spoofing
·
DHCP starvation
20.
What is the only type of port that an
isolated port can forward traffic to on a private VLAN?
·
a community port
·
a promiscuous port
·
another isolated port
·
any access port in the same PVLAN
21.
Which STP stability mechanism is used to
prevent a rogue switch from becoming the root switch?
·
Source Guard
·
BPDU guard
·
root guard
·
loop guard
22.
How can a user connect to the Cisco Cloud
Web Security service directly?
·
through the connector that is integrated
into any Layer 2 Cisco switch
·
by using a proxy
autoconfiguration file in the end device
·
by accessing a Cisco CWS server before
visiting the destination web site
·
by establishing a VPN connection with
the Cisco CWS
23.
What security benefit is gained from
enabling BPDU guard on PortFast enabled interfaces?
·
enforcing the placement of root bridges
·
preventing buffer overflow attacks
·
preventing rogue
switches from being added to the network
·
protecting against Layer 2 loops
24.
DHCP snooping is
a mitigation technique to prevent rogue DHCP servers from providing false IP
configuration parameters.
0 التعليقات :
إرسال تعليق