named_list
B.
Switch#show ip access-list
named_list
C.
Switch#show running-configuration
D.
Switch#show ip access-list
99. Which type of ACL should be placed closest to the source of
traffic?
A. Extended
B. Standard
C. Dynamic
D. Expanded
100. Which command will create an extended named access list?
A.
Router(config)#access-list 101 allow host 192.168.1.5
any
B.
Router(config)#ip access-list
named_list
C.
Router(config)#ip access-list extended
named_list
D.
Router(config)#ip access-list 101
named_list
101. Which type of ACL should be placed closest to the destination of
traffic?
A. Extended
B. Standard
C. Dynamic
D. Expanded
102. Which command should you start with when trying to diagnose
port security issues?
A.
Switch
#
show port-security
B.
Switch
#
show mac address-table
C.
Switch
#
show interface
D.
Switch
#
show security
103. You have configured an access port for a remote office
computer. The office has no IT persons on site. You want to stop
workers from plugging in a WAP and exposing your company’s
internal network. Which feature should you configure?
A. Dynamic VLANs
B. Port security
C. ACLs
D. VLAN pruning
104. Which method can restrict a user from plugging a wireless
access point into a corporate network?
A. Access control lists
B. Port security
C. Wired Equivalent Privacy
D. Static MAC addresses
105. What does port security use to block unauthorized access?
A. Source MAC addresses
B. Destination MAC addresses
C. Source IP addresses
D. Destination IP addresses
106. Which command will enable port security?
A.
Switch(config)#switchport port-security
B.
Switch(config)#port-security enable
C.
Switch(config-if)#switchport port-security
D.
Switch(config-if)#port-security enable
107. If port security is enabled on an interface, what is the maximum
number of MAC addresses allowed by default?
A. 1 MAC address
B. 2 MAC addresses
C. 0 MAC addresses
D. 10 MAC addresses
108. Which layer of the OSI model does port security use for securing
a port?
A. Layer 0
B. Layer 1
C. Layer 2
D. Layer 3
109. Why would a network admin choose to configure port security
on an interface?
A. To allow or disallow VLANs
B. To allow or disallow IP addresses
C. To prevent unauthorized access by MAC address
D. To prevent unauthorized access by users
110. Which statement is correct about port security?
A. Port security works best in mobile environments.
B. Port security requires a higher amount of memory.
C. Port security works best in static environments.
D. Port security always results in admin intervention to reset
the port.
111. When configuring port security on a port that contains a VoIP
phone with a voice VLAN and a computer connected to the
phone, how many MAC addresses must you allow?
A. 1 MAC address
B. 2 MAC addresses
C. 0 MAC addresses
D. 10 MAC addresses
112. What is the default action of port security on the interface when
the maximum number of MAC addresses is exceeded?
A. Administrative shutdown
B. Err-disabled shutdown
C. Restricted access without logging
D. Restricted access with logging
113. You are configuring a port for port security and receive the error
Command rejected: FastEthernet0/1 is a dynamic port.
Which
commands will help you configure the port?
A.
SwitchA(config-if)#no switchport dynamic
SwitchA(config-if)#switchport port-security
B.
SwitchA(config-if)#switchport mode access
SwitchA(config-if)#switchport port-security
C.
SwitchA(config-if)#switchport mode access
SwitchA(config-if)#switchport
nonnegotiateSwitchA(config-if)#switchport port-security
D.
SwitchA(config-if)#switchport mode access
SwitchA(config-if)#no dynamicSwitchA(config-
if)#switchport port-security
114. Which command will allow you to configure two MAC addresses
for port security?
A.
SwitchA(config-if)#switchport maximum 2
B.
SwitchA(config-if)#switchport port-security maximum 2
C.
SwitchA(config-if)#port-security maximum 2
D.
SwitchA(config-if)#switchport port-security limit 2
115. Which command will limit devices via port security without
disabling the port and logging the restricted device?
A.
Switch(config-if)#switchport port-security violation
shutdown
B.
Switch(config-if)#switchport port-security restrict
C.
Switch(config-if)#switchport port-security violation
protect
D.
Switch(config-if)#switchport port-security violation
restrict
116. Which command will allow you to inspect the status of a port
that has been configured for port security?
A.
Switch#show running-configuration
B.
Switch#show port-security interface gi 2/13
C.
Switch#show port-security details interface gi 2/13
D.
Switch#show port-security gi 2/13
117. Which command will limit devices via port security and send an
SNMP trap notification?
A.
Switch(config-if)#switchport port-security violation
shutdown
B.
Switch(config-if)#switchport port-security restrict
C.
Switch(config-if)#switchport port-security violation
protect
D.
Switch(config-if)#switchport port-security violation
restrict
118. Which command will limit devices via port security without
disabling the port and not provide logging for a security
violation counter?
A.
Switch(config-if)#switchport port-security violation
shutdown
B.
Switch(config-if)#switchport port-security restrict
C.
Switch(config-if)#switchport port-security violation
protect
D.
Switch(config-if)#switchport port-security violation
restrict
119. Which command will allow you to see logged security violations
for port security?
A.
Switch#show violations
B.
Switch#show port-security violations
C.
Switch#show port-security
D.
Switch#show psec violations
120. You have been tasked to secure ports with port security. You
need to make sure that only the computers installed can access
the network. The computers are installed already. Which type of
configuration for port security would require the least amount of
administration?
A. Static port security
B. Dynamic port security
C. Sticky port security
D. Time limit port security
121. Refer to the following exhibit. You received a call that a port is
no longer active. The port has port security configured on it.
What is the problem?
A. The port has been administratively shutdown.
B. The port has an access violation on it.
C. The port has bad wiring.
D. The port on the switch is configured as a trunk.
122. Which command will allow the first MAC address learned on the
port to be allowed to only pass traffic on the port via port
security?
A.
SwitchA(config-if)#switchport port-security mac-address
sticky
B.
SwitchA(config-if)#switchport port-security mac-address
dynamic
C.
SwitchA(config-if)#switchport port-security mac-address
static
D.
SwitchA(config-if)#switchport port-security mac-address
learn
123. Refer to the following exhibit. You receive a call that a port on
the switch is not working. You determine that a port-security
violation has been experienced. Once the violation has been
remediated, how will you reset the port so that it functions
again?
A.
SwitchA(config-if)#no port-security
B.
SwitchA(config-if)#no shutdown
C.
SwitchA(config-if)#no switchport port-security
D.
SwitchA(config-if)#shutdown
SwitchA(config-if)#no shutdown
124. Which command will configure the port with only the MAC
address you want to allow via port security?
A.
SwitchA(config-if)#switchport port-security mac-address
sticky
B.
SwitchA(config-if)#switchport port-security mac-address
0334.56f3.e4e4
C.
SwitchA(config-if)#switchport port-security mac-address
static 0334.56f3.e4e4
D.
SwitchA(config-if)#switchport port-security static
0334.56f3.e4e4
125. Which command is used to see the output in the following
exhibit?
A.
Switch#show port-security details
B.
Switch#show mac address-table secure
C.
Switch#show port-security address
D.
Switch#show port-security
126. Which command will allow you to globally reset all ports with an
err-disable state with minimal disruption?
A.
Switch#clear err-disable
B.
Switch#clear switchport port-security
C.
Switch#clear port-security violation
D.
Switch(config)#errdisable recovery cause
psecure_violation
127. You need to verify the sticky MAC addresses learned on a port
on the switch. Which command will allow you to verify the
addresses learned?
A.
SwitchA#show running-config
B.
SwitchA#show port-security
C.
SwitchA#show port-security details
D.
SwitchA#show port-security status
128. Which server will centralize authentication for all Cisco routers
and switches?
A. Active Directory server
B. AAA server
C. 802.1X server
D. Terminal server
129. Which protocol and port does RADIUS authentication use?
A. UDP/1845
B. UDP/1645
C. TCP/1645
D. UDP/1911
130. Which is an authentication protocol for AAA servers to secure
Telnet authentication?
A. 802.1X
B. TACACS+
C. AD
D. EAP
131. Which command will configure the router to use a TACACS+
server and a backup of local for authentication of logins?
A.
Router(config)#aaa authentication login default group
tacacs+ local
B.
Router(config)#authentication login group tacacs+ local
C.
Router(config)#aaa-authentication login default tacacs+
local
D.
Router(config)#aaa authentication login tacacs+ local
132. You configured the AAA authentication for login to default local
but forgot to create a local AAA user. What will happen when
you log out?
A. The enable secret will work.
B. The console will still be available.
C. The router will lock you out.
D. Nothing, since a username and password have not been set.
133. You were routinely looking at logs and found that a security
incident occurred. Which type of incident detection is
described?
A. Passive
B. Active
C. Proactive
D. Auditing
134. A RADIUS server is an example of which type of server?
A. DNS
B. Email
C. Proxy
D. Authentication
135. Matilda is interested in securing her SOHO wireless network.
What should she do to be assured that only her devices can join
her wireless network?
A. Enable WPA2
B. Enable MAC filtering
C. Enable port security
D. Disable SSID broadcasts
136. Which is a requirement of WPA2-Enterprise?
A. Creation of a PSK
B. Certificate infrastructure
C. 192-bit key strength
D. 802.11ac
137. Which mechanism in WPA prevents the altering and replay of
data packets?
A. TKIP
B. MIC
C. AES
D. CRC
138. Which security mode does WPA3-Enterprise use that offers the
highest level of security?
A. 64-bit
B. 128-bit
C. 192-bit
D. 256-bit
139. Which statement is correct about WPA?
A. WPA was released at the same time as WEP.
B. WPA was released as a fix for poor coverage.
C. WPA was released as a fix for poor encryption.
D. The Wi-Fi Alliance wanted to rebrand WEP with WPA.
140. Which feature does 802.11i add to the WPA security protocol?
A. The use of certificates
B. Frame-level encryption
C. Pre-shared keys
D. CRC checking
141. Which mode of encryption does 802.11i (WPA2) introduce?
A. RC4
B. MD5
C. AES-CCMP
D. SHA1
142. Which feature was introduced with WPA3 to enhance security?
A. Certificate support
B. Per-frame encryption
C. SAE authentication
D. TKIP
143. When configuring WPA2-Enterprise mode on a wireless LAN
controller, what must be configured?
A. NTP server
B. RADIUS server
C. PSK
D. Captive portal
144. When configuring WPA2, you want to ensure that it does not fall
back to the older WPA specification. What parameter should you
disable?
A. 802.1X
B. AES
C. TKIP
D. MAC filtering
145. What is the mechanism that allows for authentication using a
symmetrical key with WPA2?
A. PSK
B. AES
C. Certificates
D. TKIP
146. After configuring a WLAN, your users complain that they do not
see the SSID. What could be wrong?
A. SSID beaconing is enabled.
B. Multicast support is disabled.
C. Radio Policy is configured to all.
D. Status is disabled.
147. How many pre-shared keys can be configured for a specific
WPA2 WLAN?
A. One PSK (one hex or one ASCII)
B. Two PSKs (one hex and one ASCII)
C. Four PSKs (two hex and two ASCII)
D. Unlimited number of PSKs
148. You are configuring a WPA2 WLAN. Which security
configuration should you use for the highest level of security?
A. WPA-AES
B. WPA2-TKIP
C. WPA2-RC4
D. WPA2-AES
149. You are setting up a wireless network for a client. Their
requirements are to minimize the infrastructure and support the
highest security. Which wireless encryption standard should be
configured to satisfy the requirements?
A. WPA-Enterprise
B. WPA2-Personal
C. WPA3-Enterprise
D. WPA-Personal
150. Which protocol will restrict you from achieving high throughput
rates?
A. AES
Do'stlaringiz bilan baham: |