Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Netwrk-2 > 11.1_Impelement Port Security > Flashcards

11.1_Impelement Port Security Flashcards

1
Q

___are considered to be the weakest link in a company’s security infrastructure.

A

Layer 2 devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A simple method that many administrators use to help secure the network from unauthorized access is to _____

A

disable all unused ports on a switch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

to disable a port

A

shutdown

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

to enable a port

A

no shutdown

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

to configure a range or ports

A

interface range TYPE MODULE/FIRST-NUMBER–LAST NUMBER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The simplest and most effective method to prevent MAC address table overflow attacks is to enable ___.

A

port security

When a port configured with port security receives a frame, the source MAC address of the frame is compared to the list of secure source MAC addresses that were manually configured or dynamically learned on the port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Port security limits the number of ___allowed on a port.

A

valid MAC addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

To set the maximum number of MAC addresses allowed on a port, use the command __

A

switchport port-security maximum VALUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The default port security value is___

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

TRUE OR FALSE
The maximum number of secure MAC addresses that can be configured is fixed.

A

FALSE
It depends the switch and the IOS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

3 WAYS FOR MAC LEARNING
1. ____

The administrator manually configures a static MAC address(es) by using the following command for each secure MAC address on the port:____

A

Manually Configured
switchport port-security mac-address MAC-ADDRESS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

3 WAYS FOR MAC LEARNING
2. ____

When the ___ command is entered, the current source MAC for the device connected to the port is automatically secured but is not added to the startup configuration. If the switch is rebooted, the port will have to re-learn the device’s MAC address.

A

Dynamically Learned
switchport port-security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

3 WAYS FOR MAC LEARNING
3. ____
The administrator can enable the switch to dynamically learn the MAC address and “stick” them to the running configuration by using the following command:____

A

Dynamically Learned – Sticky
switchport port-security mac-address sticky

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The output of the ___command lists the two learned MAC addresses.

A

show port-security address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

____can be used to set the aging time for static and dynamic secure addresses on a port.

A

Port security aging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Two types of aging are supported per port:
____: The secure addresses on the port are deleted after the specified aging time.

A

Absolute

17
Q

Two types of aging are supported per port:
__: The secure addresses on the port are deleted only if they are inactive for the specified aging time.

A

Inactivity

18
Q

Use ___to remove secure MAC addresses on a secure port without manually deleting the existing secure MAC addresses

A

aging

19
Q

Use the ____ command to enable or disable static aging for the secure port, or to set the aging time or type.

A

switchport port-security aging

20
Q

PARAMETERS FOR switchport port-security aging { static | time time | type {absolute | inactivity}}

Enable aging for statically configured secure addresses on this port.

A

static

21
Q

PARAMETERS FOR switchport port-security aging { static | time time | type {absolute | inactivity}}

Specify the aging time for this port. The range is 0 to 1440 minutes. If the time is 0, aging is disabled for this port.

A

time TIME

22
Q

PARAMETERS FOR switchport port-security aging { static | time time | type {absolute | inactivity}}

Set the absolute aging time. All the secure addresses on this port age out exactly after the time (in minutes) specified and are removed from the secure address list

A

type absolute

23
Q

PARAMETERS FOR switchport port-security aging { static | time time | type {absolute | inactivity}}

Set the inactivity aging type. The secure addresses on this port age out only if there is no data traffic from the secure source address for the specified time period.

A

type inactivity

24
Q

If the MAC address of a device attached to the port differs from the list of secure addresses, then a port violation occurs. By default, the port enters the ____ state.

A

error-disabled

25
Q

To set the port security violation mode, use the following command:

A

switchport port-security violation { protect | restrict | shutdown}

26
Q

Security Violation Mode Descriptions
switchport port-security violation { protect | restrict | shutdown}

The port transitions to the error-disabled state immediately, turns off the port LED, and sends a syslog message. It increments the violation counter. When a secure port is in the error-disabled state, an administrator must re-enable it by entering the ***and no ** commands.

A

shutdown

27
Q

Security Violation Mode Descriptions
switchport port-security violation { protect | restrict | shutdown}

The port drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the maximum value. This mode causes the Security Violation counter to increment and generates a syslog message.

A

restrict

28
Q

Security Violation Mode Descriptions
switchport port-security violation { protect | restrict | shutdown}

This is the least secure of the security violation modes. The port drops packets with unknown MAC source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value or increase the maximum value. No syslog message is sent.

A

protect

29
Q

Security Violation Mode Comparison
Violation Mode| Discards Offending Traffic| Sends Syslog Message| Increase Violation Counter| Shuts Down Port

YES-NO-NO-NO

A

Protect

30
Q

Security Violation Mode Comparison
Violation Mode| Discards Offending Traffic| Sends Syslog Message| Increase Violation Counter| Shuts Down Port
YES-YES-YES-NO

A

restrict

31
Q

Security Violation Mode Comparison
Violation Mode| Discards Offending Traffic| Sends Syslog Message| Increase Violation Counter| Shuts Down Port

YES-YES-YES-YES

A

shutdown

32
Q

To verify that MAC addresses are “sticking” to the configuration, use the ___ command as shown in the example for FastEthernet 0/19

A

show run INTERFACE

Netwrk-2 (34 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions