Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
CCNA Security Module 6

CCNA Security Module 6

Ratings: (0)|Views: 8,111 |Likes:
Published by Akbal Larios

More info:

Published by: Akbal Larios on Nov 08, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





CCNAS Module 6
What happens when the MAC address notification feature is enabled on a switch?An SDEE alert is generated, and the switch resets the interface when an invalid MAC address is detected.An STP multicast notification packet is forwarded to all switches any time a change in the network topology is detected.A port violation occurs when a MAC address outside of the range of allowed addresses transmits traffic over a secure port.An SNMP trap is sent to the network management system whenever a new MAC address is added to or an old address is deletedfrom the forwarding tables.
Which Cisco endpoint security product helps maintain network stability by providing posture assessment, quarantining of noncompliantsystems, and remediation of noncompliant systems?Cisco Access Control Server Cisco Security Agent workstationCisco Intrusion Prevention System router Cisco Network Admission Control appliance
Which two measures are recommended to mitigate VLAN hopping attacks? (Choose two.)Use a dedicated native VLAN for all trunk ports.Place all unused ports in a separate guest VLAN.Disable trunk negotiation on all ports connecting to workstations.Enable DTP on all trunk ports.Ensure that the native VLAN is used for management traffic.
Which two elements are part of the Cisco strategy for addressing endpoint security? (Choose two.)policy compliance using products such as Cisco NACnetwork infection monitoring using products such as Cisco Secure ACSthreat protection using products such as Cisco Security Agentattack detection using products such as Cisco NACrisk assessment compliance using products such as Cisco Security Agent
Which three are SAN transport technologies? (Choose three.)Fibre ChannelSATAiSCSIIP PBXFCIPIDE
Which attack relies on the default automatic trunking configuration on most Cisco switches?LAN storm attack
VLAN hopping attackSTP manipulation attackMAC address spoofing attack
If a switch is configured with the
command and the
action shutdown
action trap
parameters, which two actionsdoes the switch take when a storm occurs on a port? (Choose two.)The port is disabled.The switch is rebooted.An SNMP log message is sent.The port is placed in a blocking state.The switch forwards control traffic only.
Which software tool can a hacker use to flood the MAC address table of a switch?macof Cisco SDMkiwi syslog server protocol analyzer 
Which technology is used to protect the switched infrastructure from problems caused by receiving BPDUs on ports that should not bereceiving them?RSPANPortFastRoot guardLoop guardBPDU guard
When configuring a switch port for port security, what is the default violation mode?protectresetrestrictshutdown
Which three statements are true regarding SPAN and RSPAN? (Choose three.)SPAN can send a copy of traffic to a port on another switch.RSPAN is required for syslog and SNMP implementation.SPAN can be configured to send a copy of traffic to a destination port on the same switch.SPAN can copy traffic on a source port or source VLAN to a destination port on the same switch.RSPAN is required to copy traffic on a source VLAN to a destination port on the same switch.RSPAN can be used to forward traffic to reach an IDS that is analyzing traffic for malicious behavior.
How is a reflector port used in an RSPAN configuration?It provides a dedicated connection for the IDS device.It allows an RSPAN session to be backward compatible with a SPAN session.It acts like a loopback interface in that it reflects the captured traffic to the RSPAN VLAN.It allows an IDS device to direct malicious traffic to it, isolating that traffic from other areas of the network.
Which attack is mitigated by using port security?LAN stormVLAN hoppingSTP manipulationMAC address table overflow
With IP voice systems on data networks, which two types of attacks target VoIP specifically? (Choose two.)CoWPAttyKismetSPITvirusvishing
As a recommended practice for Layer 2 security, how should VLAN 1 be treated?All access ports should be assigned to VLAN 1.All trunk ports should be assigned to VLAN 1.VLAN 1 should be used for management traffic.VLAN 1 should not be used.
An administrator wants to prevent a rogue Layer 2 device from intercepting traffic from multiple VLANs on a network. Which two actionshelp mitigate this type of activity? (Choose two.)Disable DTP on ports that require trunking.Place unused active ports in an unused VLAN.Secure the native VLAN, VLAN 1, with encryption.Set the native VLAN on the trunk ports to an unused VLAN.Turn off trunking on all trunk ports and manually configure each VLAN as required on each port.
How many Cisco Security Agent clients can one Management Center for CSA console support?1,00010,000100,0001,000,000
Which option best describes a MAC address spoofing attack?

Activity (206)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
sccdare18 liked this
Sohail Iqbal liked this
wamrojas liked this
Adrian Badiu liked this
iezahm liked this
Wanlop Sampaokit liked this
Edder Leonor liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->