Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

OR
Sign inSign in with Facebook
Sign inSign in with Google
Quizzes > Computers & IT

11.6.4 module quiz: Switch Security Configuration

Quick, free switch security practice quiz with 20 questions. Instant results.

Editorial: Review CompletedCreated By: Misaki ZhiyinUpdated Aug 24, 2025
Difficulty: Moderate
Grade: Grade 12
Study OutcomesCheat Sheet
Colorful paper art promoting a trivia quiz on network switch security for students.

This quiz helps you practice switch security configuration in module 11.6.4 and spot gaps before the test. Work through 20 quick questions on port security, SSH, DHCP snooping, BPDU guard, and Layer 2 threats. For related study, try the vlan quiz, the switch acl quiz, and the firewall configuration quiz.

What is port security in a network switch?
It restricts unauthorized devices by limiting MAC addresses on the port.
It automatically configures VLANs.
It enables remote access to the network.
It increases the port speed for high traffic.
Port security involves restricting port usage by limiting the number of MAC addresses that can access the port. This prevents unauthorized devices from connecting to the network.
Which command is commonly used to enable port security on a switch port?
port secure-enable
switchport port-security
enable security-port
configure secure-interface
The command 'switchport port-security' is the widely used syntax to enable port security on many network switches. It locks down the port by limiting the number of valid MAC addresses.
What does MAC address filtering on a switch help prevent?
Faulty cables from being connected.
Network congestion by classifying traffic.
Software bugs in operating systems.
Unauthorized devices from accessing the network by using unrecognized MAC addresses.
MAC address filtering restricts network access to only those devices with pre-approved MAC addresses. This helps prevent unauthorized devices from connecting to the network.
In switch security, what is a secure default measure on switch ports?
Disabling encryption on management traffic.
Increasing port capacity.
Configuring port security to limit the number of allowed MAC addresses.
Allowing all traffic by default.
A common secure default for switch ports is to enable port security, limiting the number of MAC addresses allowed. This reduces the risk of unauthorized access or attacks through unused or misconfigured ports.
Why is securing unused switch ports important?
To prevent unauthorized access and reduce network vulnerabilities.
To enhance data transfer speeds.
To enable remote configuration.
To improve port performance.
Unused switch ports can be entry points for unauthorized devices. Securing these ports minimizes the risk of unauthorized network access and potential security breaches.
Which security feature on a switch helps prevent loops and potential network attacks by disabling ports receiving unexpected BPDUs?
Storm Control
DHCP Snooping
BPDU Guard
Port Fast
BPDU Guard protects the network by shutting down the port if it receives unexpected Bridge Protocol Data Units. This prevents potential misconfigurations or unauthorized devices from disrupting the spanning-tree process.
How does VLAN configuration contribute to switch security?
By segmenting the network to limit broadcast domains.
By disabling interfering protocols.
By merging all devices into a single broadcast domain.
By increasing overall network speed.
VLAN configuration segments a network into smaller broadcast domains, thereby limiting the scope of traffic and potential security breaches. This isolation makes it harder for attackers to move laterally across the network.
What is the purpose of storm control in a switch environment?
To monitor and limit excess broadcast, multicast, or unicast traffic.
To block unauthorized wireless devices.
To automatically update firmware.
To encrypt sensitive traffic.
Storm control is a feature that monitors and limits excessive traffic, such as broadcast or multicast storms, which can overwhelm the network. This helps maintain optimal network performance and prevents potential disruptions.
Which security measure helps mitigate the risk of MAC flooding attacks on switches?
Port security with MAC address limiting.
Increasing the port buffer size.
Activating QoS settings.
SNMP monitoring.
MAC flooding attacks overload the switch's MAC address table. Limiting the number of MAC addresses learned on a port through port security effectively minimizes the risk of such flooding attacks.
How does IP Source Guard enhance switch security?
It encrypts all IP traffic.
It filters traffic based on IP-MAC bindings.
It prioritizes voice data on the network.
It extends the switch port range.
IP Source Guard improves security by filtering incoming traffic based on established IP-to-MAC address bindings. This helps prevent IP spoofing and ensures that only authorized devices communicate on the network.
In the context of switch security, what is dynamic ARP inspection?
A method for rapid reconnection after disconnections.
A process that validates ARP packets against trusted bindings.
An automated update of ARP tables.
A protocol to secure routing information.
Dynamic ARP Inspection (DAI) verifies ARP packets on the network to ensure they match known IP-to-MAC address bindings. This validation helps prevent ARP spoofing, which is a common method for intercepting network traffic.
What role does DHCP snooping play in securing a switch?
It encrypts DHCP traffic to secure IP assignments.
It assigns static IP addresses to devices.
It automatically updates firmware over DHCP.
It filters untrusted DHCP messages and builds a binding table.
DHCP snooping works by filtering out untrusted DHCP messages and constructing a table binding IP addresses to MAC addresses. This prevents rogue DHCP servers from giving out invalid IP assignments.
Which management protocol is considered more secure for switch configuration and management?
HTTP
SSH
FTP
Telnet
SSH (Secure Shell) encrypts remote management sessions, making it far more secure than Telnet, which transmits information in plain text. This helps protect sensitive configuration data from potential interception.
How does 802.1X port-based authentication increase switch security?
It automatically configures VLAN assignments.
It requires devices to authenticate before gaining network access.
It provides encryption for all network traffic.
It increases the speed of data transfer.
802.1X enforces authentication at the network port level before any data is transmitted. This restricts network access to authenticated devices, thereby enhancing overall network security.
Which feature is essential for monitoring and logging security events on a switch?
ICMP
Syslog
FTP logging
RMON
Syslog is a standard protocol used for logging events from network devices, including security-related events. This logging is crucial for monitoring the network, troubleshooting, and performing forensic investigations.
What are the potential security risks if unused switch ports are left without any security configuration?
Increased network speed creates data loss risks.
The switch might overheat due to excessive traffic.
Device drivers might be compromised.
Unauthorized network access and potential attacks through unmonitored ports.
Unsecured unused switch ports can serve as weak points, allowing unauthorized devices to connect and potentially launch attacks. Securing these ports is vital to preserving network integrity.
How can administrators prevent VLAN hopping attacks on switches?
By disabling port security entirely.
By increasing the number of VLANs.
By implementing proper VLAN tagging and avoiding use of the default VLAN on trunk ports.
By enabling BPDU Guard on all ports.
VLAN hopping can be mitigated by properly configuring VLAN tagging and ensuring that trunk ports do not use the default VLAN. This prevents attackers from sending tagged packets into restricted VLANs.
In advanced switch security configurations, why is it important to secure the management plane separately?
Because it increases the bandwidth available for user data.
Because it decreases the load on the security hardware.
Because management traffic does not affect network security.
Because protecting management traffic prevents unauthorized remote access and control.
Securing the management plane ensures that the pathways used to configure and manage the switch are protected from interception and unauthorized access. This separation helps maintain the overall security of the network infrastructure.
Which configuration practice helps mitigate the risk of configuration tampering on a network switch?
Implementing role-based access control (RBAC) and secure remote access.
Disabling authentication to speed up access.
Allowing all users to have full configuration privileges.
Frequently changing VLAN IDs.
Role-based access control (RBAC) ensures that only authorized users can modify configurations, while secure remote access protocols protect against unauthorized changes. This combination significantly reduces the risk of configuration tampering.
What is the significance of securing trunk ports in a switch environment?
Securing trunk ports improves the overall speed of the network.
Securing trunk ports increases the number of allowed VLANs.
Securing trunk ports prevents unauthorized VLAN access and traffic interception between switches.
Securing trunk ports disables inter-VLAN routing.
Trunk ports carry traffic for multiple VLANs, making them vulnerable to unauthorized access if not properly secured. By securing trunk ports, administrators ensure that VLANs remain isolated and that sensitive traffic is protected during inter-switch communication.
0
{"name":"What is port security in a network switch?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What is port security in a network switch?, Which command is commonly used to enable port security on a switch port?, What does MAC address filtering on a switch help prevent?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Study Outcomes

  1. Define fundamental concepts and protocols for securing network switches.
  2. Identify potential vulnerabilities and threats in switch configurations.
  3. Apply best practices to configure secure settings on network switches.
  4. Analyze security configurations to troubleshoot and resolve issues.
  5. Evaluate the effectiveness of implemented security measures on network infrastructure.

11.6.4 Module Quiz: Switch Security Config Cheat Sheet

  1. Change Default Credentials - You wouldn't leave your front door key under a doormat, so don't stick with factory usernames and passwords! Swap those boring defaults for strong, unique credentials to keep unauthorized looky‑loos at bay. A solid password is your first line of defense against network intruders.
  2. Enable Port Security - Think of port security as your switch's bouncer: it only lets known devices into the party. By limiting the number of MAC addresses per port, you slam the door on crashers and rogue gadgets. It's simple, effective, and a must‑have for a secure network.
  3. Update Firmware Regularly - Keep your switch's firmware fresher than your playlist! Regular updates patch security holes, boost performance, and add nifty features. Set a calendar reminder so you never miss an important release.
  4. Implement VLAN Segmentation - VLANs are like private VIP rooms for your most sensitive data. By grouping traffic logically, you reduce the risk of unauthorized snooping or lateral attacks. It's an easy way to keep corporate secrets away from general network chatter.
  5. Secure Remote Access - Disable dusty, outdated remote protocols and roll out secure options like SSH or a VPN instead. Encrypting management sessions stops eavesdroppers cold. It's like speaking in code so only you and your switch understand!
  6. Monitor Switch Activity - Become a network detective by reviewing logs and watching for odd behavior. Early warning signs - like strange login attempts - can help you stop attacks before they spread. Consistent monitoring is your superpower for spotting trouble.
  7. Disable Unused Ports - Open ports are like unlocked windows - invite trouble if left unattended. Shut down any ports you don't need to cut off unauthorized entry points. It's a quick tweak that packs a big security punch.
  8. Deploy Access Control Lists (ACLs) - ACLs let you play traffic cop, defining exactly what traffic is welcome on your switch. By crafting clear allow‑and‑deny rules, you keep unwanted data out and mission‑critical flows in. ACLs are like your network's personal bouncer roster.
  9. Implement 802.1X Authentication - Give every device its VIP pass by enforcing user‑based authentication on switch ports. 802.1X ensures only authorized gadgets can connect, stopping imposters in their tracks. It's the network equivalent of a high‑security checkpoint.
  10. Enable Spanning Tree Protocol (STP) Protections - Guard against STP attacks with features like BPDU Guard and Root Guard. These protections keep malicious or misconfigured switches from seizing control of your topology. Think of it as locking down the network's traffic flow blueprint.
Make a Quiz (FREE) Copy & Edit This Quiz Create a Quiz with AI

Technology Quizzes

Powered by: Quiz Maker