Which two commands can be used to enable PortFast on a switch? (Choose two.)

S1(config)# spanning-tree portfast default

S1(config-if)#spanning-tree portfast

S1(config-line)# spanning-tree portfast

S1(config)# enable spanning-tree portfast default

S1(config-if)#enable spanning-tree portfast

An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation?

Issue the shutdown command followed by the no shutdown command on the interface

Issue the no switchport port-security command, then re-enable port security

Issue the no switchport port-security violation shutdown command on the interface

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac . What is the purpose of this configuration command?

to check the destination MAC address in the Ethernet header against the target MAC address in the ARP body

to check the destination MAC address in the Ethernet header against the user-configured ARP ACLs

to check the destination MAC address in the Ethernet header against the MAC address table

to check the destination MAC address in the Ethernet header against the source MAC address in the ARP body

Which method would mitigate a MAC address flooding attack?

Increasing the size of the CAM table

Increasing the speed of switch ports

Using ACLs to filter broadcast traffic on the switch

Which action will bring an error-disabled switch port back to an operational state?

Issue the shutdown and no shutdown interface config commands.

Clear the MAC address table on the switch.

Issue the switchport mode access interface config command.

Remove and reconfigure port security on the interface.

Which two statements are true regarding switch port security? (Choose two.)

Dynamically learned secure MAC addresses are lost when the switch reboots.

If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.

After entering the sticky parameter, only MAC addresses subsequently learned are converted to secure MAC addresses.

The three configurable violation modes all log violations via SNMP.

The three configurable violation modes all require user intervention to reenable ports.

Assume that BPDU Guard has been enabled globally on all access ports. However, one port must not be configured with the feature. Which command would explicitly disable BPDU Guard on that switch port?

S1(config-if)# no spanning-tree bpduguard enable

S1(config)# no spanning-tree bpduguard default

S1(config)# no spanning-tree portfast bpduguard default

S1(config-if)# no enable spanning-tree bpduguard

S1(config-if)# no spanning-tree portfast bpduguard

Which DAI command checks the source MAC address in the Ethernet header against the target MAC address in the ARP body?

ip arp inspection validate src-mac

ip arp inspection validate dst-mac

ip arp inspection validate dst-mac ip

What is the result of entering the ip dhcp snooping limit rate 4 interface configuration command?

The port can receive up to 4 DHCP discovery messages per second.

The port can receive up to 4 DHCP offer messages per second.

The port can send up to 4 DHCP messages per second.

The port can send up to 4 DHCP offer discovery messages per second.

What techniques should be done to mitigate VLAN attacks? (Choose three.)

Set the native VLAN to an unused VLAN.

Port security has been enabled on interface Fa0/1 and the show port-security interface fa0/1 command has been entered. What does the Port Status “Secure-up” message indicate?

There is a host connected to the secured Fa0/1 port.

The Fa0/1 port is currently error-disabled.

The Fa0/1 port violation mode is “protect”.

There are no hosts connected to the secured Fa0/1 port.

CCNA2 MODULE 11

Quiz

•

Life Skills

•

5th Grade

•

Practice Problem

•

Medium

Matthew Mendoza

Used 7+ times

FREE Resource

27 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is a recommended best practice when dealing with the native VLAN?

Assign it to an unused VLAN

Assign the same VLAN number as the management VLAN

turn off DTP

Use port security

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

On what switch ports should PortFast be enabled to enhance STP stability?

all trunk ports that are not root ports

only ports that attach to a neighboring switch

only ports that are elected as designated ports

all end-user ports

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?

shutdown

ip dhcp snooping

switchport port-security mac-address sticky mac address

switchport port-security violation shutdown

switchport port-security mac-address sticky

4.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.)

DHCP server failover

strong password on DHCP server

port security

DHCP snooping

extended ACL

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the best way to prevent a VLAN hopping attack?

Disable STP on all nontrunk ports

Use ISL encapsulation on all trunk links

Disable trunk negotiation for trunk ports and statistically set nontrunk ports as access ports

Use VLAN 1 as the native VLAN on trunk ports

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which procedure is recommended to mitigate the chances of ARP spoofing?

Enable DHCP snooping on selected VLANs

Enable DAI on the management VLAN

Enable IP Source Guard on trusted ports

Enable port security globally

7.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.)

untrusted port

authorized DHCP port

unauthorized port

established DHCP port

trusted DHCP port

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

30 questions

Inazuma Eleven

Quiz

•

1st - 12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Life Skills

3 questions

Grade 5: Lesson 7 Navigating Online Friendships

Lesson

•

5th Grade

CCNA2 MODULE 11

27 questions

What is a recommended best practice when dealing with the native VLAN?

On what switch ports should PortFast be enabled to enhance STP stability?

Which command would be best to use on an unused switch port if a company adheres to the best practices as recommended by Cisco?

Which two features on a Cisco Catalyst switch can be used to mitigate DHCP starvation and DHCP spoofing attacks? (Choose two.)

What is the best way to prevent a VLAN hopping attack?

Which procedure is recommended to mitigate the chances of ARP spoofing?

What are two types of switch ports that are used on Cisco switches as part of the defense against DHCP spoofing attacks? (Choose two.)

Which two commands can be used to enable PortFast on a switch? (Choose two.)

An administrator who is troubleshooting connectivity issues on a switch notices that a switch port configured for port security is in the err-disabled state. After verifying the cause of the violation, how should the administrator re-enable the port without disrupting network operation?

A network administrator is configuring DHCP snooping on a switch. Which configuration command should be used first?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Life Skills