Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Routing > Module 11 > Flashcards

Module 11 Flashcards

(46 cards)

Start Studying
1
Q

What command is used to verify if PortFast is enabled globally?

A

show spanning-tree summary

Alternatively, you can use show running-config | begin span.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three ways a VLAN hopping attack can be launched?

A
  • Spoofing DTP messages to cause trunking mode
  • Introducing a rogue switch enabling trunking
  • Performing a double-tagging attack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the first step to mitigate VLAN hopping attacks?

A

Disable DTP negotiations on non-trunking ports using the switchport mode access command.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What command is used to display all secure MAC addresses?

A

show port-security address

This command shows both manually configured and dynamically learned MAC addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does DHCP snooping do?

A

Filters DHCP messages and rate-limits DHCP traffic on untrusted ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the goal of a DHCP starvation attack?

A

To create a Denial of Service (DoS) for connecting clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can DHCP spoofing attacks be mitigated?

A

By using DHCP snooping on trusted ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What command is used to enable DHCP snooping?

A

ip dhcp snooping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What happens when a port is in the error-disabled state?

A

No traffic is sent or received on that port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What command is used to re-enable a port in the error-disabled state?

A

shutdown followed by no shutdown.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the function of Dynamic ARP Inspection (DAI)?

A

Prevents ARP spoofing and ARP poisoning by verifying IP-to-MAC bindings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What command is used to configure DAI to drop invalid ARP packets?

A

ip arp inspection validate {src-mac | dst-mac | ip}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does BPDU Guard do?

A

Immediately error disables a port that receives a BPDU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can BPDU Guard be enabled globally?

A

spanning-tree portfast bpduguard default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What command is used to verify port security settings for a specific interface?

A

show port-security interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Fill in the blank: To manually enable the trunk link on a trunking port, use the _______ command.

A

switchport mode trunk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the three port security violation modes?

A
  • shutdown
  • restrict
  • protect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does the ‘restrict’ mode do in port security?

A

Drops packets with unknown source addresses and increments the violation counter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

True or False: PortFast can be enabled on inter-switch links.

Study These Flashcards
A

False

PortFast should only be enabled on access ports.

20
Q

What is the purpose of the DHCP snooping binding table?

Study These Flashcards
A

It binds the source MAC address to the IP address assigned by the DHCP server.

21
Q

What command is used to view the clients that have received DHCP information?

Study These Flashcards
A

show ip dhcp snooping binding

22
Q

What should be configured as trusted interfaces for DHCP snooping and ARP inspection?

Study These Flashcards
A

Uplink ports connected to other switches.

23
Q

What is the default mode for port security violations?

24
Q

What command is used to limit the number of DHCP discovery messages on untrusted interfaces?

Study These Flashcards
A

ip dhcp snooping limit rate packets-per-second

25
What must be done if an unauthorized device is connected to a secure port?
Eliminate the security threat before re-enabling the port.
26
What should be done to all switch ports before deployment for production use?
All switch ports should be secured. ## Footnote This includes configuring port security and disabling unused ports.
27
What is the default setting for Layer 2 switch ports?
Dynamic auto (trunking on). ## Footnote This means they can automatically negotiate trunking.
28
What is the simplest method to prevent MAC address table overflow attacks?
Enable port security. ## Footnote This limits the number of valid MAC addresses allowed on a port.
29
How can a switch learn about MAC addresses on a secure port?
In one of three ways: * Manually configured * Dynamically learned * Dynamically learned – sticky
30
What occurs when a port violation happens due to a differing MAC address?
The port enters the error-disabled state. ## Footnote In this state, no traffic is sent or received on that port.
31
How can VLAN hopping attacks be mitigated?
By: * Disabling DTP negotiations * Disabling unused ports * Manually setting trunking * Using a native VLAN other than VLAN 1
32
What does DHCP snooping do?
It determines whether DHCP messages are from a trusted or untrusted source and filters them. ## Footnote It also rate-limits DHCP traffic from untrusted sources.
33
What is required for Dynamic ARP Inspection (DAI) to function?
DHCP snooping.
34
What is the purpose of implementing Dynamic ARP Inspection?
To mitigate ARP spoofing and ARP poisoning.
35
How can Spanning Tree Protocol (STP) manipulation attacks be mitigated?
By using PortFast and Bridge Protocol Data Unit (BPDU) Guard.
36
What command is used to enable port security on an interface?
switchport port-security.
37
What does the command 'switchport port-security maximum' do?
Sets the maximum number of MAC addresses allowed on a port.
38
What are the two types of aging supported by port security?
1. Absolute 2. Inactivity
39
What command is used to verify port security configurations?
show port-security interface and show port-security address.
40
What is the default port security value for the maximum number of MAC addresses allowed on a port?
1.
41
Fill in the blank: The command to manually configure a static MAC address on a secure port is 'switchport port-security mac-address _______'.
[mac-address]
42
True or False: Port security can be configured on dynamic access ports.
False. ## Footnote Port security can only be configured on manually configured access or trunk ports.
43
What happens if a port configured with port security has more than one device connected to it?
The port will transition to the error-disabled state.
44
What command is used to disable an unused port on a switch?
shutdown.
45
What command is used to reactivate a previously disabled port?
no shutdown.
46
What is the command to set the aging type for secure MAC addresses?
switchport port-security aging.

Routing (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions