11 What advantage for monitering trafic ews dees using VACLs with the capture option offer aver using SPAN? CO VLAN ACLs can be used to capture denied trafic. CO VLAN ACLs can bo used to capture trafic on a spanning: ree blocked port. VLAN ACLs can be used to capture trafic based on Layer2, 3, or 4 information CO VLAN ACLs can be used to capture traficto the CPU separate from the traffic that is harcware switched. 2 Which configuration guideline applies to using the capture option in VACL? (© Capture ports iransmit raffc thatbelongs to all VLANS, O The capture port captures all packets that are received on the port ©The switch has a restriction on the number of capture ports @ The carture port needsto be in the spanning-tree forwardina state for the VLAN. 3 DWSwitch## show monitor session 1 detail Session 1 Type Local Session Source Ports RX Only: None TX Only None Both Fa0/1 Source VLANS RX Only None TX Only None Both None Source RSPAN VLAN : None Destination Ports: None Reflector Port None Filter VLANs None Dest RSPAN VLAN: None DWSwitch1# Referto he exhibit What isthe state of the monitoring session? CO Thisis @ remete monitored session @ No datais being sent from the session CO SPAN session number? is being used O The session is only monitoring data sent out Fa0/1 4 Whatis one way to mitigate spanning-‘ree compromises? Statically configure the primary and backup ract bridge. O Implement private VLANS G Place all unused ports into a common VLAN (not VLAN 1) © Configure MAC adcress VLAN access maps. s What Ciscotoa! can be used {2 monitor events happening in the switch? [GlEmboddes Event Manager (O Intrusion Pravantion System O Natwork Analysis module © Switened Port AnalyzerS01 (config] # monitor session 1 source vlan 10 2x Wi (config) # monitor session 1 source vlan 20 Ux S01 (config) # monitor session 1 destination interface Fa 3/4 ‘Refer te the eahibi, Which dalementis fue about he VSPAN configuration on swich SVT? (O The VSPAN session thats conf'guted cn port Fas/4 can monltr only the nares traMlc or any of te VLANs, O The VSPAN session hati configured cn pert Faa/t can monitor only the agress rfc for any ofthe VANS Por Faai mustbe associated with VLAN 10 oF VLAN 20 in orderto monitor the traffefor any ofthe VLANs, “The VSPAN session ransmts a copy ofthe ingress raficfor VLAN 10 and the egress tatic for VLAN 20 out ntetace Faia, ALSwitch# configure terminal AL Switch(config}# aaa new-model AL Switch(config}# aaa authentication dottx default group radius ALSwitch(config]# dottx system-auth-control AL Switch(config}# interface fastethernet 0/41 ALSwitch(config-if}# dot1x port-control force-authorized ALSwitch(config-if}# end Rolerto the esfibi: Givan the sonfguration on the AL Switch, whatie he end result? (O forces all hosts that are attached toa portto authenticate before being cllewed accesstothe networks @ cisables 202. 1x port-based authenticalon and causes te port to alow notmal amc wihout authenticaing the cent fenatles 202 ‘wx authentication on the port lobally disables 602. 1x authentication 8 What are two purposes foran attacker launching a MAC table aad? (Choose two) Cteintiate @ man-in-the-middle attack Ute nkiate a denial of service (DoS) stack to capture data from the network te gather network topotegy inormation Cte exraustthe address space aveilabie tothe DHCP 9 How should unused ports on a switch be configured in order to prevent VLAN hopping attacks? © Configure them with the UDLD feature. © Configure them with the PAgF protocol (© Conngure mem as tunk portstortne native VLAN 1 @ Confgure them as access ports and associate them with an unused VLAN.Sil (conrag) anterrace ¥as/1 Sil {conti g-if)# switelport nodo trunk SM (confi g-1£)3 switcmport trunk encapsulation dota Sil (conta git) ond Sit (conta g) amtertace ¥a3/71 Sil (config i£)¥ evitokyort node accose SM (confi g-1f)3 switcmport access YER 10 Sil (conta git) ond S1(contag)# nonttor session 1 cowrce interface Fas/1 Sil (config) noniter session 1 destination interface Pai/21 Sir(eanragi# end ReferTotne omit Wien Salomontrotue stout re Toval SPAN configuration on saToh OW? The SPAN cession transmits to a device on port Faa21 2 copy o allratic hati monitored on port Fast (O The SPAN session tansrntsto a device on powtFa32 2 copy of all tafe thats montored on porta, but only fort Fad is conagured in VLAN 10, © The SPAN coesion tranemitsto a dovice on port Fa82 e copy o all rac hate monitored on port Fe3M, but only por Fe is configured as tun. © The SPAN Session iransmisto a cevice on por Fa$2' only a copy cfunicasttafictet Is montoted on par Fas! all multicast and POU framee will b excliced from the monitoring process14. Whattochnclogy can be uosd ts help mitigate MAC edérass feeding atacke? Oroo'guara O Prvete VLANs HCP snooping ‘VLAN access maps Dynamic ARP Inspection 42 All access ports cn a enitch are configured with the administrative mode of dynamicauto. An atecker, connected to one of re ports, sendsa malicious DTP fame. What iethe intent ofthe atacker? (@ VLAN mopping OBIE spooring atack OMAC flooding attack (ARP atsoning attack AcSw22 (config) # interface FastRthernet 0/1 AcSw22 (config-if] # switchport ACSw22 (config-if] f ewitchport mode access ACSw22 (config-if]# switchport access vian 103 AcSw22 (config-if)# switchport block unicast AcSw22 (config-if] # speed 100 ACSw22 (config-if]# duplex full AcSw22 (config-if) end ACSw22# copy running-config startup-config Refer o he exnitit After tne configuration has baen applied 1@ ACSN22,flamestnat are Lound fer he ode on port Fastethemet O71 {te pertoaicaly being dropped. What should be done to correct ne Issue? @ Add the owitchpert port-security mac 2 sticky commenc te the interface configuration, Change tne por speed to speec auto win ihe interace configuration moce O Use the switehport mode trunk commandin the interface configuration Femeve the switehpert command from he interface contguratin, 414. Which etateriantie rua about alocal SPAN configuration? (OA port can act as ne destination pot for all SPAN sessions eennigured on the saith GA port can be configured to actas a source and destination por fora single SPAN session otn Layer? ane Layer Ssuitened parts can be configured as source cr cestination pons fora single SPAN session © Fort channel interfaces CtherCharnel) can be configured as seurce and destnalicn ports fora single SPAN session. 48 8, Rafer to We exhib A newark enginew SGU A NBWOTK AGAINST OHGP spocting atacks On all switches the engineer applied the Ip dhep snooping command anc enatied DHCP snooping cn all VLANS wih the ip dhcp snooping vian command. What {ddtional stp should be taken fo caigure he security required cn the natwerk? |@]jssue me ip dnep snooping trust command cn all uplink inertaces.on SW1, SW2 and SWS. (O lscue the ip dhep snooping trust command on all interfaces on SW2 and SW3. (Cleeve the ip dhep enooping trust command cn allintrfacos on SW, SWZ, and SW. C issue me ip anep snooping trust command cn allinteraces on SW, SIV2, and SMS exoeprInterace FA0/1 on SW DHCP Sener SW16 a What othe function ofthe 6500 Network Analysie Module? 5 ments rete on ingress pots G sends To? reseiso.an attacker TCP session @ oatrers multtayeritormation Korn data rows that pass though ihe swten © provides remote monitoring of multiple switches across a switched network eas new-nodel gaa authentication iogin aonin group tacacs+ iocsi enable none ‘Rote To he ean. A suid = Daing GONOUTEd To SuppOTARA auTeniicaTOn On re Gansow connection, Given Me ifermation inthe exhib which trea etstamants are correc? (Chooes three) 1 The authentication login admin ine console commanc is required 7 The login authentication admin line concole command is equited The configuration ereatos on authentication ist that uoae a named aocece let cllac group asthe ret authentication metho, a TACACS# server asthe second mathod the local usemanve dalabase as he third method. he enable passw or a8 the Tet ‘method, and nona aethe let method & The configuration creates an authentication is that uses a TACACS server ac the first authentication method, the local sernaine cstabase 2s ihe second Method, the enable password as ive rd meted, and nane as he ast meio Z The none keyword enables any user logging inte Successtaly authenticate Wal ther memods rein an ert 0 the none keyword epecties that a usar cannct og in fall ther methods have alee 18 Whatis one way to mitigate ARP spoofing? @ Enabie dynamic ARP inspection. (O Configure MAC address VLAN access maps. Enable root guar. CO lmplement private VLANs.TACACS+ Server 10.210.70.11 Fat st, =o Pd ey ror SW-1 RADIUS Serve 10.10.10.12 Fifer tothe aihibt Network policy ddatas Wat secunyTunctions should be administered using /MWA. Which configuration weulé ‘create a cetaul login autnentcation ist nat ses RADIUS as he frst authentication metnos, the enable password as ie second ‘metnod, anc tie local database asthe inal menioa? © SW-1(configy# aaa new-model V/-{(corfigi# radiue-server host 10.10.10.12 key secret SU {(corfigit aaa authentication di © SW-A(configi# aaa new-modi SW-{(config# radiua-server host 10.10.10.42 key secret SU/-{(corfig# aaa authentication default group-radius enable local @ S¥Y-1(conftayt aaanew-model SV/- (config radius-server host 10.10.10.12 key secret SV/-1(corfigt aaa authentication login default group radius enable toc: © SW-(corfigh# aaa new-m SV/-{(corfigit radiue server host 10.10.10.12key eecret SU/-1(corfigt aaa authentication login detault group radius enable local none (© SW-1(cornigi# aaa new-modet 'SW/- (config? radius server host 10.10.10.12 Key secret SV/-{(corfigit aaa authentication login default group-radius enable local none: 20 Wich countermeasure can be Implemented to determine the validty of an ARP packet based on the valid MAC-adoress-t0-IF address bindings stored in a DHCP stooping database? OOMGP spooning (dynamic ARPinspecion O CAM tatle inspection OAC snooping