CCNP Switch FAQ : Securing the Campus Infrastructure

CCNP Switch FAQ : Securing the Campus Infrastructure

Q1. True or False: When configuring SNMP on Cisco routers and switches, use SNMPv2c because SNMP version 2c supports the use of encrypted passwords for authentication rather than the use of simple text or unencrypted passwords, as in version 1.

Answer: True

Q2. True or False: Using the 802.1X access control feature is preferable to using port security because the 802.1X protocol is a standards-based feature that supports centralized management.

Answer: True

Q3. True or False: The DHCP snooping trust interface is enabled only on ports with DHCP clients.

Answer: False

Q4. Which of the following is not a recommended management security configuration on Catalyst switches?
a. Using SSH and disabling Telnet service
b. Disabling unnecessary or unused services, such as MOP or Proxy-ARP
c. Configuring ACLs to restrict specific users to manage the network devices
d. Policing to limit specific types of traffic to specific bandwidth parameters
e. Disabling remote access to switches
f. Physically preventing access to console ports

Answer: F

Q5. Which command correctly enables Catalyst switches to enact AAA security configurations?
a. ppp authentication chap
b. aaa new-model
c. aaa authentication login default group RADIUS
d. username name password password

Answer: B

Q6. Which of the following is not a supported 802.1X port authorization state?
a. Force-authorized
b. Force-unauthorized
c. Auto
d. Desirable

Answer: D

Q7. Which of the following features is a requirement for configuring DAI?
a. IPSG
b. DHCP snooping
c. IGMP snooping
d. Proxy ARP

Answer: B

Q8. Which of the following methods can prevent a single 802.1Q tag VLAN hopping attack?
a. Turn off auto-negotiation of speed/duplex.
b. Turn off trunk negotiation.
c. Turn off PAgP.
d. Turn on PAgP.

Answer: B

Q9. Which of the following prevents MAC address spoofing?
a. Port security
b. DHCP snooping
c. IGMP snooping
d. MAC notification

Answer: B

Q10. Which of the following types of ACLs can be applied to a Layer 2 port? (Choose all that apply.)
a. Router ACL
b. QACL
c. PACL
d. VACL
e. All of the above

Answer: B, C, and D

11. True or False: Sticky port security allows for easier configuration of MAC addresses that need to be
secured.

Answer: True

About the author

Prasanna

Leave a Comment