多項(xiàng)選擇題

pany is implementing 802.1X in order to increase network security. In the use of 802.1X  
access control, 
which three protocols are allowed through the switch port before authentication  takes place? ()

A. EAP-over-LAN
B. EAP MD5
C. STP
D. protocols not filtered by an ACL
E. CDP
F. TACACS+


您可能感興趣的試卷

你可能感興趣的試題

1.單項(xiàng)選擇題

Refer to the exhibit. 
What will happen to traffic within VLAN 14 with a source address of  172.16.10.5?()

A. The traffic will be forwarded to the router processor for further processing.
B. The traffic will be dropped.
C. The traffic will be forwarded to the TCAM for further processing.
D. The traffic will be forwarded without further processing.

2.單項(xiàng)選擇題

The Company security administrator wants to prevent DHCP spoofing. 
Which statement is true  about DHCP spoofing operation?()

A. DHCP spoofing and SPAN cannot be used on the same port of a switch.
B. To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be  updated by a dynamic ARP packet.
C. To prevent a DHCP spoofing, the switch must have DHCP server services disabled and a static  entry pointing towards the DHCP server.
D. DHCP spoofing can be prevented by placing all unused ports in an unused VLAN.
E. None of the other alternatives apply.

3.多項(xiàng)選擇題

The Company security administrator is concerned with layer 2 network attacks. 
Which two  statements about these attacks are true? ()

A. ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a  false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.
B. ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP  message with a forged identity to a transmitting host.
C. MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.
D. ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP  packet that contains the forged address of the next hop router.
E. MAC address flooding is an attempt to redirect traffic to a single port by associating that port  with all MAC addresses in the VLAN.

4.單項(xiàng)選擇題

You work as a network technician at Company. Your boss, Mrs.   , is interested in  
switch spoofing. 
She asks you how an attacker would collect information with VLAN hoping  through switch spoofing. You should tell her that the attacking station... ()

A、...uses VTP to collect VLAN information that is sent out and then tags itself with the domain  information in order to capture the data.
B、...will generate frames with two 802.1Q headers to cause the switch to forward the frames to a  VLAN that would be inaccessible to the attacker through legitimate means.
C、...uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the  trunk.
D、...tags itself with all usable VLANs to capture data that is passed through the switch, regardless  of the VLAN to which the data belongs.
E、None of the other alternatives apply

5.單項(xiàng)選擇題

You are responsible for increasing the security within the Company LAN. Of the following choices  listed below,
 which is true regarding layer 2 security and mitigation techniques? ()


A. Enable root guard to mitigate ARP address spoofing attacks.
B. Configure DHCP spoofing to mitigate ARP address spoofing attacks.
C. Configure PVLANs to mitigate MAC address flooding attacks.
D. Enable root guard to mitigate DHCP spoofing attacks.
E. Configure dynamic APR inspection (DAI) to mitigate IP address spoofing on DHCP untrusted  ports.
F. Configure port security to mitigate MAC address flooding  
G. None of the other alternatives apply


6.單項(xiàng)選擇題

Refer to the exhibit. An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to  establish a DHCP server for a man-in-middle attack.
 Which recommendation, if followed, would  mitigate this type of attack?()


A. All switch ports in the Building Access block should be configured as DHCP untrusted ports.  
B. All switch ports in the Building Access block should be configured as DHCP trusted ports.
C. All switch ports connecting to servers in the Server Farm block should be configured as DHCP  untrusted ports.
D. All switch ports connecting to hosts in the Building Access block should be configured as DHCP  trusted ports.
E. All switch ports in the Server Farm block should be configured as DHCP untrusted ports.
F. All switch ports connecting to hosts in the Building Access block should be configured as DHCP  untrusted ports.


7.多項(xiàng)選擇題

Refer to the exhibit. On the basis of the output generated by the show commands, 
which two  statements are true?()

A. Because it is configured as a trunk interface, interface gigabitethernet 0/1 does not appear in  the show vlan output.
B. VLAN 1 will not be encapsulated with an 802.1q header.
C. There are no native VLANs configured on the trunk.
D. VLAN 2 will not be encapsulated with an 802.1q header.
E. All interfaces on the switch have been configured as access ports.
F. Because it has not been assigned to any VLAN, interface gigabitethernet 0/1 does not appear in  the show vlan output.

8.單項(xiàng)選擇題

Refer to the exhibit. Based upon the output of show vlan on switch CAT2,
 what can we conclude  about interfaces Fa0/13 and Fa0/14? ()

A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1
B. that interfaces Fa0/13 and Fa0/14 are down
C. that interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. that interfaces Fa0/13 and Fa0/14have a domain mismatch with another switch
E. that interfaces Fa0/13 and Fa0/14have a duplex mismatch with another switch

9.多項(xiàng)選擇題

Refer to the exhibit. Switch P1S1 is not applying VLAN updates from switch P2S1.
 What are three  reasons why this is not occurring?()

A. Switch P2S1 is in server mode.
B. Switch P1S1 is in transparent mode.
C. The MD5 digests do not match.
D. The passwords do not match.
E. The VTP domains are different.
F. VTP trap generation is disabled on both switches.

10.多項(xiàng)選擇題

Refer to the show interface Gi0/1 switchport command output shown in the exhibit. 
Which two  statements are true about this interface?()

A. This interface is a member of a voice VLAN.
B. This interface is configured for access mode.
C. This interface is a dot1q trunk passing all configured VLANs.
D. This interface is a member of VLAN7.
E. This interface is a member of VLAN1.

最新試題

Which two statements are true when the extended system ID feature is enabled? ()

題型:多項(xiàng)選擇題

Which statement is correct about the use of the virtual interface on a WLC ?()

題型:?jiǎn)雾?xiàng)選擇題

During routine maintenance, G1/0/1 on DS1 was shutdown. All other interface were up. DS2 became the active HSRP device for Vlan101 as desired. However, after G1/0/1 on DS1 was reactivated. DS1 did not become the active HSRP device as desired. What need to be done to make the group for Vlan101 function properly ? ()

題型:?jiǎn)雾?xiàng)選擇題

Which two statements are true about BPDU port-guard and BPDU filtering?()

題型:多項(xiàng)選擇題

If G1/0/1 on DS1 is shutdown, what will be the current priority value of the Vlan105’s group on DS1 ?()

題型:?jiǎn)雾?xiàng)選擇題

Which three statements about STP timers are true?()

題型:多項(xiàng)選擇題

Refer to the exhibit. Switch S2 contains the default configuration. Switches S1 and S3 both have had the command spanning-tree mode rapid-pvst issued on them. What will be the result?()

題型:?jiǎn)雾?xiàng)選擇題

Refer to the exhibit. What will happen when one more user is connected to interface FastEthernet 5/1? ()

題型:?jiǎn)雾?xiàng)選擇題

DS2 has not become the active device for Vlan103’s HSRP group even though all interfaces are active. As related to Vlan103’s HSRP group. What can be done to make the group function properly ? ()

題型:?jiǎn)雾?xiàng)選擇題

Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link?()

題型:多項(xiàng)選擇題