SWRE Unit 11 University Quiz

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the effect of entering the spanning-tree portfast configuration command on a switch?

It disables an unused port.

It disables all trunk ports.

It enables portfast on a specific switch interface.

It checks the source L2 address in the Ethernet header against the sender L2 address in the ARP body.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In what switch ports should BPDU guard be enabled to enhance STP stability?

all PortFast-enabled ports

only ports that are elected as designated ports

only ports that attach to a neighboring switch

all trunk ports that are not root ports

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which network attack is mitigated by enabling BPDU guard?

CAM table overflow attacks

rogue switches on a network

MAC address spoofing

rogue DHCP servers on a network

Answer explanation

There are several recommended STP stability mechanisms to help mitigate STP manipulation attacks:
PortFast – used to immediately bring an interface configured as an access or trunk port to the forwarding state from a blocking state. Applied to all end-user ports.

BPDU guard – immediately error-disables a port that receives a BPDU. Applied to all end-user ports.The receipt of BPDUs may be part of an unauthorized attempt to add a switch to the network.

Root guard – prevents a switch from becoming the root switch. Applied to all ports where the root switch should not be located.

Loop guard – detects unidirectional links to prevent alternate or root ports from becoming designated ports. Applied to all ports that are or can become nondesignated.

4.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

A network administrator uses the spanning-tree portfast bpduguard default global configuration command to enable BPDU guard on a switch. However, BPDU guard is not activated on all access ports. What is the cause of the issue?

BPDU guard needs to be activated in the interface configuration command mode.

Access ports configured with root guard cannot be configured with BPDU guard.

Access ports belong to different VLANs.

PortFast is not configured on all access ports.

5.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

A network administrator is preparing the implementation of Rapid PVST+ on a production network. How are the Rapid PVST+ link types determined on the switch interfaces?

Link types can only be configured on access ports configured with a single VLAN.

Link types can only be determined if PortFast has been configured.

Link types are determined automatically.

Link types must be configured with specific port configuration commands.

Answer explanation

When Rapid PVST+ is being implemented, link types are automatically determined but can be specified manually. Link types can be either point-to-point, shared, or edge.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A cybersecurity analyst is using the macof tool to evaluate configurations of switches deployed in the backbone network of an organization. Which type of LAN attack is the analyst targeting during this evaluation?

VLAN hopping

DHCP spoofing

MAC address table overflow

VLAN double-tagging

Answer explanation

Macof is a network attack tool and is mainly used to flood LAN switches with MAC addresses.

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company security policy requires that all MAC addressing be dynamically learned and added to both the MAC address table and the running configuration on each switch. Which port security configuration will accomplish this?

auto secure MAC addresses

dynamic secure MAC addresses

static secure MAC addresses

sticky secure MAC addresses

Answer explanation

With sticky secure MAC addressing, the MAC addresses can be either dynamically learned or manually configured and then stored in the address table and added to the running configuration file. In contrast, dynamic secure MAC addressing provides for dynamically learned MAC addressing that is stored only in the address table.

8.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients?

implementing port security

turning on DHCP snooping

disabling CDP on edge ports

implementing port-security on edge ports

Answer explanation

Like Dynamic ARP Inspection (DAI), IP Source Guard (IPSG) needs to determine the validity of MAC-address-to-IP-address bindings. To do this IPSG uses the bindings database built by DHCP snooping.

9.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A network administrator configures the port security feature on a switch. The security policy specifies that each access port should allow up to two MAC addresses. When the maximum number of MAC addresses is reached, a frame with the unknown source MAC address is dropped and a notification is sent to the syslog server. Which security violation mode should be configured for each access port?

Shutdown

Restrict

Warning

Protect

Answer explanation

In port security implementation, an interface can be configured for one of three violation modes:
Protect – a port security violation causes the interface to drop packets with unknown source addresses and no notification is sent that a security violation has occurred.

Restrict – a port security violation causes the interface to drop packets with unknown source addresses and to send a notification that a security violation has occurred.

Shutdown – a port security violation causes the interface to immediately become error-disabled and turns off the port LED. No notification is sent that a security violation has occurred.

10.

MULTIPLE CHOICE QUESTION

45 sec • 1 pt

What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?

Disable DTP.

Disable STP.

Enable port security.

Place unused ports in an unused VLAN.

Answer explanation

A MAC address (CAM) table overflow attack, buffer overflow, and MAC address spoofing can all be mitigated by configuring port security. A network administrator would typically not want to disable STP because it prevents Layer 2 loops. DTP is disabled to prevent VLAN hopping. Placing unused ports in an unused VLAN prevents unauthorized wired connectivity.

Create a free account and access millions of resources

Similar Resources on Quizizz

Popular Resources on Quizizz

Discover more resources for Computers