CCNP Secure FAQ Configuring and Implementing Switched Data Plane Security Solutions

CCNP Secure FAQ Configuring and Implementing Switched Data Plane Security Solutions

Q1. What is the default inactivity expire time period on a Cisco Catalyst switch CAM table?
A. 1 minute
B. 5 minutes
C. 10 minutes
D. 50 minutes

Q2. Which of the following attack types describes when an attacker tries to take over the root bridge functionality on a network?
A. STP spoofing
B. VLAN hopping
C. CAM flooding
D. ARP spoofing

Q3. Which command enables port security on an interface?
A. switchport mode port-security
B. switchport mode interface-security
C. switchport interface-security
D. switchport port-security

Q4. What is the default action mode for security violations?
A. Protect
B. Restrict
C. Shutdown

Q5. The DTP state on a trunk port can be set to what?
A. Auto, on, off, undesirable, or non-negotiate
B. Auto, on, off, desirable, or non-negotiate
C. Auto, on, off, desirable, or negotiate
D. Auto, on, off, undesirable, or negotiate

Q6. What are the two different types of VLAN hopping attacks?
A. Switch spoofing and double tagging
B. Switch goofing and double teaming
C. Switch impersonation and double grouping
D. Switch imitation and double alliance

Q7. Which features of Cisco IOS Software enable you to mitigate STP manipulation? (Select two.)
A. spanning-tree bpduguard
B. spanning-tree guard root
C. set spantree global-default loopguard enable
D. set udld enable

Q8. What are the three types of private VLAN ports?
A. Neighborhood, remote, and loose
B. Community, isolated, and promiscuous
C. Communal, remote, and licentious
D. Area, secluded, and wanton

Q9. Which of the following databases is used by Dynamic ARP inspection?
A. DAI group table
B. IPSG snooping table
C. DHCP snooping binding table
D. CAM filtering table

Q10. Which of the following PVLAN edge ports is unable to communicate with other PVLAN edge ports?
A. Isolated port
B. Nonprotected port
C. Secluded port
D. Protected port

Q11. The trunking mode on a switchport can be sensed using _____.

Q12. The _____ in a switch stores information, such as MAC addresses, switchport, and associated VLAN parameters.

Q13. The default CAM aging timer on the Cisco Catalyst switch is _____.

Q14. _____ prevents bridging loops in a redundant switched network environment.

Q15. A _____ server dynamically assigns IP addresses to hosts on a network.

Q16. ARP also has another method of identifying host IP-to-MAC associations, which is called _____.

Q17. The switchport mode that actively attempts to make a switchport a trunk is _____.

Q18. The _____ switchport security classification includes dynamically learned addresses that are automatically added to the running configuration.

Q19. The _____ includes the client MAC address, IP address, lease time, binding type, VLAN number, and interface information.

Q20. The three different private VLAN classifications are _____, _____, and _____.

More Resources

• CCNP Secure FAQ
• CCNP Secure IPS FAQ
• CCNP Route Notes
• CCNP Route Lab Manual with Solutions
• CCNP Security VPN FAQ
• CCNP Switch FAQ
• CCNP Switch Lab Manual with Solutions