CCNP Secure FAQ Configuring and Implementing Switched Data Plane Security Solutions


CCNP Secure FAQ Configuring and Implementing Switched Data Plane Security Solutions

Q1. What is the default inactivity expire time period on a Cisco Catalyst switch CAM table?
A. 1 minute
B. 5 minutes
C. 10 minutes
D. 50 minutes

Answer: B

Q2. Which of the following attack types describes when an attacker tries to take over the root bridge functionality on a network?
A. STP spoofing
B. VLAN hopping
C. CAM flooding
D. ARP spoofing

Answer: A

Q3. Which command enables port security on an interface?
A. switchport mode port-security
B. switchport mode interface-security
C. switchport interface-security
D. switchport port-security

Answer: D

Q4. What is the default action mode for security violations?
A. Protect
B. Restrict
C. Shutdown

Answer: C

Q5. The DTP state on a trunk port can be set to what?
A. Auto, on, off, undesirable, or non-negotiate
B. Auto, on, off, desirable, or non-negotiate
C. Auto, on, off, desirable, or negotiate
D. Auto, on, off, undesirable, or negotiate

Answer: B

Q6. What are the two different types of VLAN hopping attacks?
A. Switch spoofing and double tagging
B. Switch goofing and double teaming
C. Switch impersonation and double grouping
D. Switch imitation and double alliance

Answer: A

Q7. Which features of Cisco IOS Software enable you to mitigate STP manipulation? (Select two.)
A. spanning-tree bpduguard
B. spanning-tree guard root
C. set spantree global-default loopguard enable
D. set udld enable

Answer: A and B

Q8. What are the three types of private VLAN ports?
A. Neighborhood, remote, and loose
B. Community, isolated, and promiscuous
C. Communal, remote, and licentious
D. Area, secluded, and wanton

Answer: B

Q9. Which of the following databases is used by Dynamic ARP inspection?
A. DAI group table
B. IPSG snooping table
C. DHCP snooping binding table
D. CAM filtering table

Answer: C

Q10. Which of the following PVLAN edge ports is unable to communicate with other PVLAN edge ports?
A. Isolated port
B. Nonprotected port
C. Secluded port
D. Protected port

Answer: D

Q11. The trunking mode on a switchport can be sensed using _____.

Answer: Dynamic Trunking Protocol (DTP)

Q12. The _____ in a switch stores information, such as MAC addresses, switchport, and associated VLAN parameters.

Answer: Content Addressable Memory (CAM) table

Q13. The default CAM aging timer on the Cisco Catalyst switch is _____.

Answer: 5 minutes

Q14. _____ prevents bridging loops in a redundant switched network environment.

Answer: STP

Q15. A _____ server dynamically assigns IP addresses to hosts on a network.

Answer: DHCP

Q16. ARP also has another method of identifying host IP-to-MAC associations, which is called _____.

Answer: Gratuitous ARP (GARP)

Q17. The switchport mode that actively attempts to make a switchport a trunk is _____.

Answer: dynamic desirable

Q18. The _____ switchport security classification includes dynamically learned addresses that are automatically added to the running configuration.

Answer: sticky secure

Q19. The _____ includes the client MAC address, IP address, lease time, binding type, VLAN number, and interface information.

Answer: DHCP snooping binding table

Q20. The three different private VLAN classifications are _____, _____, and _____.

Answer: promiscuous, community, isolated.

More Resources

About the author


Leave a Comment