Top of Form

Top of Form
What Cisco tool can be used to monitor events happening in the switch?
Embedded Event Manager

Intrusion Prevention System

Network Analysis module

Switched Port Analyzer

Bottom of Form

A port can act as the destination port for all SPAN sessions configured on the switch.

A port can be configured to act as a source and destination port for a single SPAN session.
Both Layer 2 and Layer 3 switched ports can be configured as source or destination ports for
a single SPAN session.
Port channel interfaces (EtherChannel) can be configured as source and destination ports for
a single SPAN session.
Top of Form
Which configuration guideline applies to using the capture option in VACL?
Capture ports transmit traffic that belongs to all VLANs.

The capture port captures all packets that are received on the port.

The switch has a restriction on the number of capture ports.

The capture port needs to be in the spanning-tree forwarding state for the VLAN

What technology can be used to help mitigate MAC address flooding

attacks?

root guard

Private VLANs

DHCP snooping

VLAN access maps

Dynamic ARP Inspection

Top of Form
What Cisco tool can be used to monitor events happening in the switch?
 Embedded Event Manager

Intrusion Prevention System

Network Analysis module

Switched Port Analyzer

Bottom of Form

What advantage for monitoring traffic flows does using VACLs with the
capture option offer over using SPAN?

VLAN ACLs can be used to capture denied traffic.

VLAN ACLs can be used to capture traffic on a spanning-tree blocked

port.

VLAN ACLs can be used to capture traffic based on Layer 2, 3, or 4

information.

VLAN ACLs can be used to capture traffic to the CPU separate from the
traffic that is hardware switched.

Top of Form
All access ports on a switch are configured with the administrative mode of dynamic
auto. An attacker, connected to one of the ports, sends a malicious DTP frame. What is
the intent of the attacker?
VLAN hopping

DHCP spoofing attack

MAC flooding attack

ARP poisoning attack

What is the function of the 6500 Network Analysis Module?

monitors traffic on ingress ports sends TCP resets to an attacker

TCP session gathers multilayer information from data flows that pass

through the switch provides remote monitoring of multiple switches

across a switched network

Refer to the exhibit. What is the state of the monitoring session?

This is a remote monitored session.

No data is being sent from the session.

SPAN session number 2 is being used.

The session is only monitoring data sent out Fa0/1.

Refer to the exhibit. After the configuration has been applied to ACSw22,
frames that are bound for the node on port FastEthernet 0/1 are
periodically being dropped. What should be done to correct the issue?

Add the switchport port-security mac-address sticky command

to the interface configuration.

Change the port speed to speed auto with the interface configuration
mode.

Use the switchport mode trunk command in the interface

configuration

Remove the switchportcommand from the interface configuration.

Top of Form
What are two purposes for an attacker launching a MAC table flood? (Choose two.)
to initiate a man-in-the-middle attack

to initiate a denial of service (DoS) attack

to capture data from the network

to gather network topology information

to exhaust the address space available to the DHCP

Bottom of Form
 Top of Form
What is one way to mitigate ARP spoofing?
Enable dynamic ARP inspection.

Configure MAC address VLAN access maps.

Enable root guard.

Implement private VLANs.

Bottom of Form

Top of Form
What is one way to mitigate spanning-tree compromises?
Statically configure the primary and backup root bridge.

Implement private VLANs.

Place all unused ports into a common VLAN (not VLAN 1).

Configure MAC address VLAN access maps.

Bottom of Form

Refer to the exhibit. A switch is being configured to support AAA

authentication on the console connection. Given the information in the
exhibit, which three statements are correct? (Choose three.)

The authentication login admin line console command is required.

The login authentication admin line console command is required.

The configuration creates an authentication list that uses a named

access list called group as the first authentication method, a TACACS+
server as the second method, the local username database as the third
method, the enable password as the fourth method, and none as the last
method.

The configuration creates an authentication list that uses a TACACS+

server as the first authentication method, the local username database
as the second method, the enable password as the third method, and
none as the last method.
 The none keyword enables any user logging in to successfully
authenticate if all other methods return an error.

The none keyword specifies that a user cannot log in if all other
methods have failed.

Refer to the exhibit. Network policy dictates that security functions

should be administered using AAA. Which configuration would create a
default login authentication list that uses RADIUS as the first
authentication method, the enable password as the second method, and
the local database as the final method?

SW-1(config)# aaa new-model

SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius local

SW-1(config)# aaa new-model

SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication default group-radius enable
local

SW-1(config)# aaa new-model

SW-1(config)# radius-server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius
enable local

SW-1(config)# aaa new-model

SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group radius
enable local none

SW-1(config)# aaa new-model

SW-1(config)# radius server host 10.10.10.12 key secret
SW-1(config)# aaa authentication login default group-radius
enable local none

Refer to the exhibit. Given the configuration on the ALSwitch, what is the
end result?

forces all hosts that are attached to a port to authenticate before

being allowed access to the network disables 802.1x port-based

authentication and causes the port to allow normal traffic without

authenticating the client enables 802.1x authentication on the port

 globally disables 802.1x authentication

Top of Form
How should unused ports on a switch be configured in order to prevent VLAN
hopping attacks?
Configure them with the UDLD feature.

Configure them with the PAgP protocol.

Configure them as trunk ports for the native VLAN 1.

Configure them as access ports and associate them with an unused VLAN.
Bottom of Form

Top of Form
Which countermeasure can be implemented to determine the validity of an ARP
packet, based on the valid MAC-address-to-IP address bindings stored in a DHCP
snooping database?
DHCP spoofing

dynamic ARP inspection

CAM table inspection

MAC snooping
Bottom of Form

Refer to the exhibit. A network engineer is securing a network against

DHCP spoofing attacks. On all switches, the engineer applied the ipdhcp
snooping command and enabled DHCP snooping on all VLANs with the
ipdhcp snooping vlan command. What additional step should be taken
to configure the security required on the network?

Issue the ipdhcp snooping trust command on all uplink interfaces

on SW1, SW2 and SW3. Issue the ipdhcp snooping trust command

on all interfaces on SW2 and SW3. Issue the ipdhcp snooping trust
 command on all interfaces on SW1, SW2, and SW3. Issue the ipdhcp
snooping trust command on all interfaces on SW1, SW2, and SW3
except interface Fa0/1 on SW1.
Bottom of Form
Bottom of Form

Refer to the exhibit. Which statement is true about the local SPAN configuration on
switch SW1?

The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is
monitored on port Fa3/1.

The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is
monitored on port Fa3/1, but only if port Fa3/1 is configured in VLAN 10.

The SPAN session transmits to a device on port Fa3/21 a copy of all traffic that is
monitored on port Fa3/1, but only if port Fa3/1 is configured as trunk.

The SPAN session transmits to a device on port Fa3/21 only a copy of unicast traffic that is monitored on port Fa3/1. All
multicast and BPDU frames will be excluded from the monitoring process. Bottom of Form