Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
84 Cards in this Set
- Front
- Back
What additional information is contained in the 12-bit extended system ID of a BPDU? |
VLAN ID |
|
During the implementation of Spanning Tree Protocol, all switches are rebooted by the network administrator. What is the first step of the spanning-tree election process? |
All the switches send out BPDUs advertising themselves as the root bridge. |
|
Which STP port role is adopted by a switch port if there is no other port with a lower cost to the root bridge? |
root port |
|
Which two concepts relate to a switch port that is intended to have only end devices attached and intended never to be used to connect to another switch? |
edge port PortFast |
|
Which three components are combined to form a bridge ID? |
extended system ID bridge priority MAC address |
|
In which two port states does a switch learn MAC addresses and process BPDUs in a PVST network? |
forwarding learning |
|
If no bridge priority is configured in PVST, which criteria is considered when electing the root bridge? |
lowest MAC address |
|
When the show spanning-tree vlan 33 command is issued on a switch, three ports are shown in the forwarding state. In which two port roles could these interfaces function while in the forwarding state? |
designated root |
|
What is the function of STP in a scalable network? |
It disables redundant paths to eliminate Layer 2 loops. |
|
What is a characteristic of spanning tree? |
It is enabled by default on Cisco switches. |
|
Which spanning tree standard supports only one root bridge so that traffic from all VLANs flows over the same path? |
802.1D |
|
What is the purpose of the Spanning Tree Protocol (STP)? |
prevent layer 2 loops |
|
What is the value used to determine which port on a non-root bridge will become a root port in a STP network? |
the path cost |
|
What are two drawbacks to turning spanning tree off and having multiple paths through the Layer 2 switch network? |
the MAC address table becomes unstable Broadcast frame are transmitted indefinitely |
|
A small company network has six interconnected Layer 2 switches. Currently all switches are using the default bridge priority value. Which value can be used to configure the bridge priority of one of the switches to ensure that it becomes the root bridge in this design? |
28672 |
|
The administrator tried to create an EtherChannel between S1 and the other two switches via the commands that are shown, but was unsuccessful. What is the problem? |
Traffic cannot be sent to two different switches through the same EtherChannel link. |
|
Which statement is true regarding the use of PAgP to create EtherChannels? |
it is Cisco proprietary |
|
What are two requirements to be able to configure an EtherChannel between two switches? |
all the interfaces need to work at the same speed all the interfaces need to be working in the same duplex mode |
|
On the basis of the output that is shown, what can be determined about the EtherChannel bundle? |
A Cisco proprietary protocol was used to negotiate the EtherChannel link. |
|
Which two parameters must match on the ports of two switches to create a PAgP EtherChannel between the switches? |
speed Vlan information |
|
A network administrator is configuring an EtherChannel link between two switches, SW1 and SW2. Which statement describes the effect after the commands are issued on SW1 and SW2? |
The EtherChannel fails to establish. |
|
A network administrator configured an EtherChannel link with three interfaces between two switches. What is the result if one of the three interfaces is down? |
The remaining two interfaces continue to load balance traffic. |
|
A network administrator is configuring an EtherChannel link between switches SW1 and SW2 by using the command SW1(config-if-range)# channel-group 1 mode auto . Which command must be used on SW2 to enable this EtherChannel? |
SW2(config-if-range)# channel-group 1 mode desirable |
|
Which technology is an open protocol standard that allows switches to automatically bundle physical ports into a single logical link? |
LACP |
|
What is a requirement to configure a trunking EtherChannel between two switches? |
The allowed range of VLANs must be the same on both switches. |
|
What are two advantages of using LACP? |
It allows directly connected switches to negotiate an EtherChannel link. It allows the use of multivendor devices. |
|
A switch is configured to run STP. What term describes a non-root port that is permitted to forward traffic on the network? |
designated port |
|
What are two advantages of EtherChannel? |
Spanning Tree Protocol views the physical links in an EtherChannel as one logical connection. Configuring the EtherChannel interface provides consistency in the configuration of the physical links. |
|
What are the possible port roles for ports A, B, C, and D in this RSTP-enabled network? |
alternate, designated, root, root |
|
Which switching technology would allow each access layer switch link to be aggregated to provide more bandwidth between each Layer 2 switch and the Layer 3 switch? |
EtherChannel |
|
A set of switches is being connected in a LAN topology. Which STP bridge priority value will make it least likely for the switch to be selected as the root? |
61440 |
|
In which two PVST+ port states are MAC addresses learned? |
learning forwarding |
|
Which port role is assigned to the switch port that has the lowest cost to reach the root bridge? |
root port |
|
A switch is configured to run STP. What term describes the switch port closest, in terms of overall cost, to the root bridge? |
root port |
|
A switch is configured to run STP. What term describes a field used to specify a VLAN ID? |
extended system ID |
|
A switch is configured to run STP. What term describes the reference point for all path calculations? |
root bridge |
|
A switch is configured to run STP. What term describes a field that has a default value of 32,768 and is the initial deciding factor when electing a root bridge? |
bridge priority |
|
Which statement describes an EtherChannel implementation? |
A trunked port can be part of an EtherChannel bundle. |
|
Which statement describes a characteristic of EtherChannel? |
It is made by combining multiple physical links that are seen as one link between two switches. |
|
Which two channel group modes would place an interface in a negotiating state using PAgP? |
desirable auto |
|
Which mode configuration setting would allow formation of an EtherChannel link between switches SW1 and SW2 without sending negotiation traffic? |
SW1: on SW2: on |
|
When EtherChannel is configured, which mode will force an interface into a port channel without exchanging aggregation protocol packets? |
on |
|
What are two load-balancing methods in the EtherChannel technology? |
source IP to destination IP source MAC to destination MAC |
|
Which protocol provides up to 16 instances of RSTP, combines many VLANs with the same physical and logical topology into a common RSTP instance, and provides support for PortFast, BPDU guard, BPDU filter, root guard, and loop guard? |
MST |
|
What is the outcome of a Layer 2 broadcast storm? |
New traffic is discarded by the switch because it is unable to be processed. |
|
Which two network design features require Spanning Tree Protocol (STP) to ensure correct network operation? |
redundant links between Layer 2 switches removing single points of failure with multiple Layer 2 switches |
|
A network administrator has configured an EtherChannel between two switches that are connected via four trunk links. If the physical interface for one of the trunk links changes to a down state, what happens to the EtherChannel? |
The EtherChannel will remain functional. |
|
Which attack encrypts the data on hosts in an attempt to extract a monetary payment from the victim? |
Ransomware |
|
Which devices are specifically designed for network security? |
VPN-enabled router NGFW NAC |
|
Which device monitors SMTP traffic to block threats and encrypt outgoing messages to prevent data loss? |
ESA |
|
Which device monitors HTTP traffic to block access to risky sites and encrypt outgoing messages? |
WSA |
|
Which AAA component is responsible for collecting and reporting usage data for auditing and billing purposes? |
Accounting |
|
Which AAA component is responsible for controlling who is permitted to access the network? |
Authentication |
|
Which AAA component is responsible for determining what the user can access? |
Authorization |
|
In an 802.1X implementation, which device is responsible for relaying responses? |
Authenticator |
|
Which of the following mitigation techniques are used to protect Layer 3 through Layer 7 of the OSI Model? |
VPN Firewalls IPS devices |
|
Which of the following mitigation techniques prevents many types of attacks including MAC address table overflow and DHCP starvation attacks? |
Port security |
|
Which of the following mitigation techniques prevents MAC and IP address spoofing? |
IPSG |
|
Which of the following mitigation techniques prevents ARP spoofing and ARP poisoning attacks? |
DAI |
|
Which of the following mitigation techniques prevents DHCP starvation and DHCP spoofing attacks? |
DHCP snooping |
|
What is the behavior of a switch as a result of a successful MAC address table attack? |
The switch will forward all received frames to all other ports within the VLAN |
|
What would be the primary reason a threat actor would launch a MAC address overflow attack? |
So that the threat actor can see frames that are destined for other devices. |
|
What mitigation technique must be implemented to prevent MAC address overflow attacks? |
Port security |
|
A threat actor changes the MAC address of the threat actor's device to the MAC address of the default gateway. What type of attack is this? |
Address spoofing |
|
A threat actor sends a BPDU message with priority 0. What type of attack is this? |
STP Attack |
|
A threat actor leases all the available IP addresses on a subnet. What type of attack is this? |
DHCP starvation |
|
A threat actor sends a message that causes all other devices to believe the MAC address of the threat actor's device is the default gateway. What type of attack is this? |
ARP spoofing |
|
A threat actor configures a host with the 802.1Q protocol and forms a trunk with the connected switch. What type of attack is this? |
VLAN hopping |
|
A threat actor discovers the IOS version and IP addresses of the local switch. What type of attack is this? |
CDP reconnaissance |
|
What two protocols are supported on Cisco devices for AAA communications? |
TACACS+ RADIUS |
|
Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack? |
CDP |
|
When security is a concern, which OSI Layer is considered to be the weakest link in a network system? |
Layer 2 |
|
Which Layer 2 attack will result in a switch flooding incoming frames to all ports? |
MAC address overflow |
|
Why is authentication with AAA preferred over a local database method? |
It provides a fallback authentication method if the administrator forgets the username or password |
|
In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server? |
RADIUS |
|
Which Cisco solution helps prevent MAC and IP address spoofing attacks? |
IP source guard |
|
What is the purpose of AAA accounting? |
to collect and report application usage |
|
Which Layer 2 attack will result in legitimate users not getting valid IP addresses? |
DHCP starvation |
|
Which three Cisco products focus on endpoint security solutions? |
Web security appliance Email security appliance NAC appliance |
|
In the 802.1X standard, the client attempting to access the network is referred to as the supplicant. |
True |
|
What is involved in an IP address spoofing attack? |
A legitimate network IP address is hijacked by a rogue node. |
|
What three services are provided by the AAA framework? |
accounting authentication authorization |
|
Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this? |
authorization |
|
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow? |
enable port security |