CCNP Secure FAQ Configuring and Implementing Switched Data Plane Security Solutions
Q1. What is the default inactivity expire time period on a Cisco Catalyst switch CAM table?
A. 1 minute
B. 5 minutes
C. 10 minutes
D. 50 minutes
Q2. Which of the following attack types describes when an attacker tries to take over the root bridge functionality on a network?
A. STP spoofing
B. VLAN hopping
C. CAM flooding
D. ARP spoofing
Q3. Which command enables port security on an interface?
A. switchport mode port-security
B. switchport mode interface-security
C. switchport interface-security
D. switchport port-security
Q4. What is the default action mode for security violations?
Q5. The DTP state on a trunk port can be set to what?
A. Auto, on, off, undesirable, or non-negotiate
B. Auto, on, off, desirable, or non-negotiate
C. Auto, on, off, desirable, or negotiate
D. Auto, on, off, undesirable, or negotiate
Q6. What are the two different types of VLAN hopping attacks?
A. Switch spoofing and double tagging
B. Switch goofing and double teaming
C. Switch impersonation and double grouping
D. Switch imitation and double alliance
Q7. Which features of Cisco IOS Software enable you to mitigate STP manipulation? (Select two.)
A. spanning-tree bpduguard
B. spanning-tree guard root
C. set spantree global-default loopguard enable
D. set udld enable
Q8. What are the three types of private VLAN ports?
A. Neighborhood, remote, and loose
B. Community, isolated, and promiscuous
C. Communal, remote, and licentious
D. Area, secluded, and wanton
Q9. Which of the following databases is used by Dynamic ARP inspection?
A. DAI group table
B. IPSG snooping table
C. DHCP snooping binding table
D. CAM filtering table
Q10. Which of the following PVLAN edge ports is unable to communicate with other PVLAN edge ports?
A. Isolated port
B. Nonprotected port
C. Secluded port
D. Protected port
Q11. The trunking mode on a switchport can be sensed using _____.
Q12. The _____ in a switch stores information, such as MAC addresses, switchport, and associated VLAN parameters.
Q13. The default CAM aging timer on the Cisco Catalyst switch is _____.
Q14. _____ prevents bridging loops in a redundant switched network environment.
Q15. A _____ server dynamically assigns IP addresses to hosts on a network.
Q16. ARP also has another method of identifying host IP-to-MAC associations, which is called _____.
Q17. The switchport mode that actively attempts to make a switchport a trunk is _____.
Q18. The _____ switchport security classification includes dynamically learned addresses that are automatically added to the running configuration.
Q19. The _____ includes the client MAC address, IP address, lease time, binding type, VLAN number, and interface information.
Q20. The three different private VLAN classifications are _____, _____, and _____.