CCNA Security Chapter 9 - Securing Layer 2 Technologies

Which is the primary Layer 2 mechanism that allows multiple devices in the same VLAN to communicate with each other even though those devices are physically connected to different switches?
IP address
Default gateway
Trunk
802.1D
How does a switch know about parallel Layer 2 paths?
802.1Q
BPDU
CDP
NTP
When implemented, which of the following helps prevent CAM table overflows?
802.1w
BPDU Guard
Root Guard
Port security
Which of the following is not a best practice for security?
Leaving the native VLAN as VLAN 1
Shutting down all unused ports and placing them in an unused VLAN
Limiting the number of MAC addresses learned on a specific port
Disabling negotiation of switch port mode
What is the default number of MAC addresses allowed on a switch port that is config- ured with port security?
1
5
15
Depends on the switch model
Which two items normally have a one-to-one correlation?
VLANs
Classful IP networks
IP subnetworks
Number of switches
Number of routers
What is a typical method used by a device in one VLAN to reach another device in a second VLAN?
ARP for the remote device’s MAC address
Use a remote default gateway
Use a local default gateway
Use trunking on the PC
Which two configuration changes prevent users from jumping onto any VLAN they choose to join?
Disabling negotiation of trunk ports
Using something else other than VLAN 1 as the “native” VLAN
Configuring the port connecting to the client as a trunk
Configuring the port connecting to the client as an access port
If you limit the number of MAC addresses learned on a port to five, what benefits do you get from the port security feature? (Choose all that apply.)
Protection for DHCP servers against starvation attacks
Protection against IP spoofing
Protection against VLAN hopping
Protection against MAC address spoofing
Protection against CAM table overflow attacks
Why should you implement Root Guard on a switch?
To prevent the switch from becoming the root
To prevent the switch from having any root ports
To prevent the switch from having specific root ports
To protect the switch against MAC address table overflows
Why should CDP be disabled on ports that face untrusted networks?
CDP can be used as a DDoS vector.
CDP can be used as a reconnaissance tool to determine information about the device.
Disabling CDP will prevent the device from participating in spanning tree with untrusted devices.
CDP can conflict with LLDP on ports facing untrusted networks.
Which of the following is not a true statement for DHCP snooping?
DHCP snooping validates DHCP messages received from untrusted sources and filters out invalid messages
DHCP snooping information is stored in a binding database.
DHCP snooping is enabled by default on all VLANs.
DHCP snooping rate-limits DHCP traffic from trusted and untrusted sources.
Which of the following is not a true statement regarding dynamic ARP inspection (DAI)?
DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings.
DAI helps to mitigate MITM attacks.
DAI determines validity of ARP packets based on IP-to-MAC address bindings found in the DHCP snooping database.
DAI is enabled on a per-interface basis.
0
{"name":"CCNA Security Chapter 9 - Securing Layer 2 Technologies", "url":"https://www.quiz-maker.com/Q9C1GW0","txt":"Which is the primary Layer 2 mechanism that allows multiple devices in the same VLAN to communicate with each other even though those devices are physically connected to different switches?, How does a switch know about parallel Layer 2 paths?, When implemented, which of the following helps prevent CAM table overflows?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
Powered by
Quiz Maker
Powered by: Quiz Maker