Test 7 - CCNA 2

What is a recommended best practice when dealing with the native VLAN?

Explanation: Port security cannot be enabled on a trunk and trunks are the only types of ports that have a native VLAN. Even though turning DTP off on a trunk is a best practice, it does not have anything to do with native VLAN risks. To prevent security breaches that take advantage of the native VLAN, place the native VLAN in an unused VLAN other than VLAN 1. The management VLAN should also be an unused VLAN that is different from the native VLAN and something other than VLAN 1.

Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?

What is the best way to prevent a VLAN hopping attack?

Explanation: VLAN hopping attacks rely on the attacker being able to create a trunk link with a switch. Disabling DTP and configuring user-facing ports as static access ports can help prevent these types of attacks. Disabling the Spanning Tree Protocol (STP) will not eliminate VLAN hopping attacks.

Which two commands can be used to enable PortFast on a switch? (Choose two.)

Explanation: PortFast can be configured on all nontrunking ports using the spanning-tree portfast default global configuration command. Alternatively, PortFast can be enabled on an interface using the spanning-tree portfast interface configuration command.

A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first?

A network administrator is configuring DAI on a switch. Which command should be used on the uplink interface that connects to a router?

Where are dynamically learned MAC addresses stored when sticky learning is enabled with the switchport port-security mac-address sticky command?

Explanation: When MAC addresses are automatically learned by using the sticky command option, the learned MAC addresses are added to the running configuration, which is stored in RAM.