單項選擇題

An attacker is launching a DoS attack on the Company network using a hacking tool designed to  exhaust the IP address space available from the DHCP servers for a period of time.
 Which  procedure would best defend against this type of attack? ()

A. Configure only trusted interfaces with root guard.
B. Implement private VLANs (PVLANs) to carry only user traffic.
C. Implement private VLANs (PVLANs) to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients.
F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
G. None of the other alternatives apply


您可能感興趣的試卷

你可能感興趣的試題

1.單項選擇題

The Company is concerned about Layer 2 security threats. 
Which statement is true about these  threats? ()

A. MAC spoofing attacks allow an attacking device to receive frames intended for a different  network host.
B. Port scanners are the most effective defense against dynamic ARP inspection.
C. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable  attack points.
D. Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP  snooping attacks.
E. DHCP snooping sends unauthorized replies to DHCP queries.
F. ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
G. None of the other alternatives apply.

2.單項選擇題

Refer to the exhibit. Port security has been configured on the switch port Fa0/5. 
What would  happen if another device is connected to the port after the maximum number of devices has been  reached, even if one or more of the original MAC addresses are inactive?()

A. The port will permit the new MAC address because one or more of the original MAC addresses  are inactive.
B. The port will permit the new MAC address because one or more of the original MAC addresses  will age out.
C. Because the new MAC address is not configured on the port, the port will not permit the new  MAC address.
D. Although one or more of the original MAC addresses are inactive, the port will not permit the  new MAC address.

3.單項選擇題

Refer to the exhibit. 
What is the problem with this configuration?()

 

A. Spanning tree PortFast cannot be configured on a port where a voice VLAN is configured.
B. Sticky secure MAC addresses cannot be used on a port when a voice VLAN is configured.
C. Spanning tree PortFast cannot be configured on a port when a sticky secure MAC address is  used.
D. The switch port must be configured as a trunk.

4.多項選擇題

You need to configure port security on switch R1.
 Which two statements are true about this  technology? ()


A. Port security can be configured for ports supporting VoIP.
B. With port security configured, four MAC addresses are allowed by default.
C. The network administrator must manually enter the MAC address for each device in order for  the switch to allow connectivity.
D.  Withsecurity configured, only one MAC addresses is allowed by default.  
E. Port security cannot be configured for ports supporting VoIP.


5.多項選擇題

Refer to the exhibit. Based on the running configuration that is shown for interface  FastEthernet0/2, 
what two conclusions can be deduced?()

A. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthernet0/2 into  error disabled state.
B. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds  of inactivity.
C. The sticky secure MAC addresses are treated as static secure MAC addresses after the  running configuration is saved to the startup configuration and the switch is restarted.
D. Interface FastEthernet0/2 is a voice VLAN port.
E. The host with address 0000.0000.000b is removed from the secure address list after 300  seconds.

6.單項選擇題

Refer to the exhibit.
 Which interface or interfaces on switch SW_A can have the port security  feature enabled?()

A. Ports 0/1 and 0/2
B. The trunk port 0/22 and the EtherChannel ports
C. Ports 0/1, 0/2 and 0/3
D. Ports 0/1, 0/2, 0/3, the trunk port 0/22 and the EtherChannel ports
E. Port 0/1
F. Ports 0/1, 0/2, 0/3 and the trunk port 0/22

8.單項選擇題

VLAN maps have been configured on switch R1.
 Which of the following actions are taken in a  VLAN map that does not contain a match clause?  ()

A. Implicit deny feature at end of list.
B. Implicit deny feature at start of list.
C. Implicit forward feature at end of list
D. Implicit forward feature at start of list.

9.單項選擇題

Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and  internal users. For security reasons, the servers should not communicate with each other,  
although they are located on the same subnet. The servers do need, however, to communicate  with a database server located in the inside network.
 What configuration will isolate the servers  from each other? ()

A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports  connecting to the two firewalls will be defined as primary VLAN promiscuous ports.
B. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as  primary VLAN promiscuous ports.
C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as  primary VLAN community ports.
D. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports  connecting to the two firewalls will be defined as primary VLAN promiscuous ports.

最新試題

Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences. Based on the exhibit, which two statements are true?()

題型:多項選擇題

Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link?()

題型:多項選擇題

Based on the show spanning-tree vlan 200 output shown in the exhibit, which two statements about the STP process for VLAN 200 are true? ()

題型:多項選擇題

During routine maintenance, it became necessary to shutdown G1/0/1 on DS1 and DS2. All other interface were up. During this time, DS1 became the active device for Vlan104’s HSRP group. As related to Vlan104’s HSRP group. What can be done to make the group function properly ? ()

題型:單項選擇題

Refer to the exhibit. On the basis of the output of the show spanning-tree inconsistentports command, which statement about interfaces FastEthernet 0/1 and FastEthernet 0/2 is true?()

題型:單項選擇題

What will occur when a nonedge switch port that is configured for Rapid Spanning Tree does not receive a BPDU from its neighbor for three consecutive hello time intervals?()

題型:單項選擇題

Refer to the exhibit. What does the command channel-group 1 mode desirable do? () 

題型:單項選擇題

DS2 has not become the active device for Vlan103’s HSRP group even though all interfaces are active. As related to Vlan103’s HSRP group. What can be done to make the group function properly ? ()

題型:單項選擇題

Which statement is correct about RSTP port roles?()

題型:單項選擇題

Refer to the exhibit and the partial configuration of switch SW_A and SW_B. STP is configured on all switches in the network. SW_B receives this error message on the console port:00:06:34: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half  duplex), with SW_A FastEthernet0/4 (half duplex) , with TBA05071417(Cat6K-B) 0/4 (half duplex). What would be the possible outcome of the problem?()

題型:單項選擇題