CCNP Switch FAQ : Securing the Campus Infrastructure
Q1. True or False: When configuring SNMP on Cisco routers and switches, use SNMPv2c because SNMP version 2c supports the use of encrypted passwords for authentication rather than the use of simple text or unencrypted passwords, as in version 1.
Q2. True or False: Using the 802.1X access control feature is preferable to using port security because the 802.1X protocol is a standards-based feature that supports centralized management.
Q3. True or False: The DHCP snooping trust interface is enabled only on ports with DHCP clients.
Q4. Which of the following is not a recommended management security configuration on Catalyst switches?
a. Using SSH and disabling Telnet service
b. Disabling unnecessary or unused services, such as MOP or Proxy-ARP
c. Configuring ACLs to restrict specific users to manage the network devices
d. Policing to limit specific types of traffic to specific bandwidth parameters
e. Disabling remote access to switches
f. Physically preventing access to console ports
Q5. Which command correctly enables Catalyst switches to enact AAA security configurations?
a. ppp authentication chap
b. aaa new-model
c. aaa authentication login default group RADIUS
d. username name password password
Q6. Which of the following is not a supported 802.1X port authorization state?
a. Force-authorized
b. Force-unauthorized
c. Auto
d. Desirable
Q7. Which of the following features is a requirement for configuring DAI?
a. IPSG
b. DHCP snooping
c. IGMP snooping
d. Proxy ARP
Q8. Which of the following methods can prevent a single 802.1Q tag VLAN hopping attack?
a. Turn off auto-negotiation of speed/duplex.
b. Turn off trunk negotiation.
c. Turn off PAgP.
d. Turn on PAgP.
Q9. Which of the following prevents MAC address spoofing?
a. Port security
b. DHCP snooping
c. IGMP snooping
d. MAC notification
Q10. Which of the following types of ACLs can be applied to a Layer 2 port? (Choose all that apply.)
a. Router ACL
b. QACL
c. PACL
d. VACL
e. All of the above
11. True or False: Sticky port security allows for easier configuration of MAC addresses that need to be
secured.