CCNA Security Chapter 9 - Securing Layer 2 Technologies | Take the Quiz

A visually engaging representation of network security concepts, featuring switches, VLANs, and security mechanisms in a digital format.

Securing Layer 2 Technologies Quiz

Test your knowledge on securing Layer 2 technologies with this comprehensive quiz designed for CCNA Security enthusiasts. Dive into critical concepts such as VLAN security, port security, and ARP inspection to enhance your understanding of network security.

Challenge yourself with questions that cover:

Fundamental Layer 2 mechanisms
Best practices for switch configuration
Protection against common network attacks

13 Questions3 MinutesCreated by GuardingSwitch512

Which is the primary Layer 2 mechanism that allows multiple devices in the same VLAN to communicate with each other even though those devices are physically connected to different switches?

IP address

Default gateway

Trunk

802.1D

Which of the following is not a best practice for security?

Leaving the native VLAN as VLAN 1

Shutting down all unused ports and placing them in an unused VLAN

Limiting the number of MAC addresses learned on a specific port

Disabling negotiation of switch port mode

What is the default number of MAC addresses allowed on a switch port that is config- ured with port security?

Depends on the switch model

What is a typical method used by a device in one VLAN to reach another device in a second VLAN?

ARP for the remote device’s MAC address

Use a remote default gateway

Use a local default gateway

Use trunking on the PC

Which two configuration changes prevent users from jumping onto any VLAN they choose to join?

Disabling negotiation of trunk ports

Using something else other than VLAN 1 as the “native” VLAN

Configuring the port connecting to the client as a trunk

Configuring the port connecting to the client as an access port

If you limit the number of MAC addresses learned on a port to five, what benefits do you get from the port security feature? (Choose all that apply.)

Protection for DHCP servers against starvation attacks

Protection against IP spoofing

Protection against VLAN hopping

Protection against MAC address spoofing

Protection against CAM table overflow attacks

Why should you implement Root Guard on a switch?

To prevent the switch from becoming the root

To prevent the switch from having any root ports

To prevent the switch from having specific root ports

To protect the switch against MAC address table overflows

Why should CDP be disabled on ports that face untrusted networks?

CDP can be used as a DDoS vector.

CDP can be used as a reconnaissance tool to determine information about the device.

Disabling CDP will prevent the device from participating in spanning tree with untrusted devices.

CDP can conflict with LLDP on ports facing untrusted networks.

Which of the following is not a true statement for DHCP snooping?

DHCP snooping validates DHCP messages received from untrusted sources and filters out invalid messages

DHCP snooping information is stored in a binding database.

DHCP snooping is enabled by default on all VLANs.

DHCP snooping rate-limits DHCP traffic from trusted and untrusted sources.

Which of the following is not a true statement regarding dynamic ARP inspection (DAI)?

DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings.

DAI helps to mitigate MITM attacks.

DAI determines validity of ARP packets based on IP-to-MAC address bindings found in the DHCP snooping database.

DAI is enabled on a per-interface basis.

Unlock and Upgrade

Remove all limits from your Quizzes

CCNA Security Chapter 9 - Securing Layer 2 Technologies

Securing Layer 2 Technologies Quiz

More Quizzes