Ccna ® Certification Practice Tests Jon Buhagiar

A. 

Switch

#

show port-security

B. 

Switch

#

show mac address-table

C. 

Switch

#

show interface

D. 

Switch

#

show security

103. You have configured an access port for a remote office

computer. The office has no IT persons on site. You want to stop

workers from plugging in a WAP and exposing your company’s

internal network. Which feature should you configure?

A. Dynamic VLANs

B. Port security

C. ACLs

D. VLAN pruning

104. Which method can restrict a user from plugging a wireless

access point into a corporate network?

A. Access control lists

B. Port security

C. Wired Equivalent Privacy

D. Static MAC addresses

105. What does port security use to block unauthorized access?

A. Source MAC addresses

B. Destination MAC addresses

C. Source IP addresses

D. Destination IP addresses

106. Which command will enable port security?

A. 

Switch(config)#switchport port-security

B. 

Switch(config)#port-security enable

C. 

Switch(config-if)#switchport port-security

D. 

Switch(config-if)#port-security enable

107. If port security is enabled on an interface, what is the maximum

number of MAC addresses allowed by default?

A. 1 MAC address

B. 2 MAC addresses

C. 0 MAC addresses

D. 10 MAC addresses

108. Which layer of the OSI model does port security use for securing

a port?

A. Layer 0

B. Layer 1

C. Layer 2

D. Layer 3

109. Why would a network admin choose to configure port security

on an interface?

A. To allow or disallow VLANs

B. To allow or disallow IP addresses

C. To prevent unauthorized access by MAC address

D. To prevent unauthorized access by users

110. Which statement is correct about port security?

A. Port security works best in mobile environments.

B. Port security requires a higher amount of memory.

C. Port security works best in static environments.

D. Port security always results in admin intervention to reset

the port.

111. When configuring port security on a port that contains a VoIP

phone with a voice VLAN and a computer connected to the

phone, how many MAC addresses must you allow?

A. 1 MAC address

B. 2 MAC addresses

C. 0 MAC addresses

D. 10 MAC addresses

112. What is the default action of port security on the interface when

the maximum number of MAC addresses is exceeded?

A. Administrative shutdown

B. Err-disabled shutdown

C. Restricted access without logging

D. Restricted access with logging

113. You are configuring a port for port security and receive the error

Command rejected: FastEthernet0/1 is a dynamic port.

 Which

commands will help you configure the port?

A. 

SwitchA(config-if)#no switchport dynamic

SwitchA(config-if)#switchport port-security

B. 

SwitchA(config-if)#switchport mode access

SwitchA(config-if)#switchport port-security

C. 

SwitchA(config-if)#switchport mode access

SwitchA(config-if)#switchport

nonnegotiateSwitchA(config-if)#switchport port-security

D. 

SwitchA(config-if)#switchport mode access

SwitchA(config-if)#no dynamicSwitchA(config-

if)#switchport port-security

114. Which command will allow you to configure two MAC addresses

for port security?

A. 

SwitchA(config-if)#switchport maximum 2

B. 

SwitchA(config-if)#switchport port-security maximum 2

C. 

SwitchA(config-if)#port-security maximum 2

D. 

SwitchA(config-if)#switchport port-security limit 2

115. Which command will limit devices via port security without

disabling the port and logging the restricted device?

A. 

Switch(config-if)#switchport port-security violation

shutdown

B. 

Switch(config-if)#switchport port-security restrict

C. 

Switch(config-if)#switchport port-security violation

protect

D. 

Switch(config-if)#switchport port-security violation

restrict

116. Which command will allow you to inspect the status of a port

that has been configured for port security?

A. 

Switch#show running-configuration

B. 

Switch#show port-security interface gi 2/13

C. 

Switch#show port-security details interface gi 2/13

D. 

Switch#show port-security gi 2/13

117. Which command will limit devices via port security and send an

SNMP trap notification?

A. 

Switch(config-if)#switchport port-security violation

shutdown

B. 

Switch(config-if)#switchport port-security restrict

C. 

Switch(config-if)#switchport port-security violation

protect

D. 

Switch(config-if)#switchport port-security violation

restrict

118. Which command will limit devices via port security without

disabling the port and not provide logging for a security

violation counter?

A. 

Switch(config-if)#switchport port-security violation

shutdown

B. 

Switch(config-if)#switchport port-security restrict

C. 

Switch(config-if)#switchport port-security violation

protect

D. 

Switch(config-if)#switchport port-security violation

restrict

119. Which command will allow you to see logged security violations

for port security?

A. 

Switch#show violations

B. 

Switch#show port-security violations

C. 

Switch#show port-security

D. 

Switch#show psec violations

120. You have been tasked to secure ports with port security. You

need to make sure that only the computers installed can access

the network. The computers are installed already. Which type of

configuration for port security would require the least amount of

administration?

A. Static port security

B. Dynamic port security

C. Sticky port security

D. Time limit port security

121. Refer to the following exhibit. You received a call that a port is

no longer active. The port has port security configured on it.

What is the problem?

A. The port has been administratively shutdown.

B. The port has an access violation on it.

C. The port has bad wiring.

D. The port on the switch is configured as a trunk.

122. Which command will allow the first MAC address learned on the

port to be allowed to only pass traffic on the port via port

security?

A. 

SwitchA(config-if)#switchport port-security mac-address

sticky

B. 

SwitchA(config-if)#switchport port-security mac-address

dynamic

C. 

SwitchA(config-if)#switchport port-security mac-address

static

D. 

SwitchA(config-if)#switchport port-security mac-address

learn

123. Refer to the following exhibit. You receive a call that a port on

the switch is not working. You determine that a port-security

violation has been experienced. Once the violation has been

remediated, how will you reset the port so that it functions

again?

A. 

SwitchA(config-if)#no port-security

B. 

SwitchA(config-if)#no shutdown

C. 

SwitchA(config-if)#no switchport port-security

D. 

SwitchA(config-if)#shutdown

SwitchA(config-if)#no shutdown

124. Which command will configure the port with only the MAC

address you want to allow via port security?

A. 

SwitchA(config-if)#switchport port-security mac-address

sticky

B. 

SwitchA(config-if)#switchport port-security mac-address

0334.56f3.e4e4

C. 

SwitchA(config-if)#switchport port-security mac-address

static 0334.56f3.e4e4

D. 

SwitchA(config-if)#switchport port-security static

0334.56f3.e4e4

125. Which command is used to see the output in the following

exhibit?

A. 

Switch#show port-security details

B. 

Switch#show mac address-table secure

C. 

Switch#show port-security address

D. 

Switch#show port-security

126. Which command will allow you to globally reset all ports with an

err-disable state with minimal disruption?

A. 

Switch#clear err-disable

B. 

Switch#clear switchport port-security

C. 

Switch#clear port-security violation

D. 

Switch(config)#errdisable recovery cause

psecure_violation

127. You need to verify the sticky MAC addresses learned on a port

on the switch. Which command will allow you to verify the

addresses learned?

A. 

SwitchA#show running-config

B. 

SwitchA#show port-security

C. 

SwitchA#show port-security details

D. 

SwitchA#show port-security status

128. Which server will centralize authentication for all Cisco routers

and switches?

A. Active Directory server

B. AAA server

C. 802.1X server

D. Terminal server

129. Which protocol and port does RADIUS authentication use?

A. UDP/1845

B. UDP/1645

C. TCP/1645

D. UDP/1911

130. Which is an authentication protocol for AAA servers to secure

Telnet authentication?

A. 802.1X

B. TACACS+

C. AD

D. EAP

131. Which command will configure the router to use a TACACS+

server and a backup of local for authentication of logins?

A. 

Router(config)#aaa authentication login default group

tacacs+ local

B. 

Router(config)#authentication login group tacacs+ local

C. 

Router(config)#aaa-authentication login default tacacs+

local

D. 

Router(config)#aaa authentication login tacacs+ local

132. You configured the AAA authentication for login to default local

but forgot to create a local AAA user. What will happen when

you log out?

A. The enable secret will work.

B. The console will still be available.

C. The router will lock you out.

D. Nothing, since a username and password have not been set.

133. You were routinely looking at logs and found that a security

incident occurred. Which type of incident detection is

described?

A. Passive

B. Active

C. Proactive

D. Auditing

134. A RADIUS server is an example of which type of server?

A. DNS

B. Email

C. Proxy

D. Authentication

135. Matilda is interested in securing her SOHO wireless network.

What should she do to be assured that only her devices can join

her wireless network?

A. Enable WPA2

B. Enable MAC filtering

C. Enable port security

D. Disable SSID broadcasts

136. Which is a requirement of WPA2-Enterprise?

A. Creation of a PSK

B. Certificate infrastructure

C. 192-bit key strength

D. 802.11ac

137. Which mechanism in WPA prevents the altering and replay of

data packets?

A. TKIP

B. MIC

C. AES

D. CRC

138. Which security mode does WPA3-Enterprise use that offers the

highest level of security?

A. 64-bit

B. 128-bit

C. 192-bit

D. 256-bit

139. Which statement is correct about WPA?

A. WPA was released at the same time as WEP.

B. WPA was released as a fix for poor coverage.

C. WPA was released as a fix for poor encryption.

D. The Wi-Fi Alliance wanted to rebrand WEP with WPA.

140. Which feature does 802.11i add to the WPA security protocol?

A. The use of certificates

B. Frame-level encryption

C. Pre-shared keys

D. CRC checking

141. Which mode of encryption does 802.11i (WPA2) introduce?

A. RC4

B. MD5

C. AES-CCMP

D. SHA1

142. Which feature was introduced with WPA3 to enhance security?

A. Certificate support

B. Per-frame encryption

C. SAE authentication

D. TKIP

143. When configuring WPA2-Enterprise mode on a wireless LAN

controller, what must be configured?

A. NTP server

B. RADIUS server

C. PSK

D. Captive portal

144. When configuring WPA2, you want to ensure that it does not fall

back to the older WPA specification. What parameter should you

disable?

A. 802.1X

B. AES

C. TKIP

D. MAC filtering

145. What is the mechanism that allows for authentication using a

symmetrical key with WPA2?

A. PSK

B. AES

C. Certificates

D. TKIP

146. After configuring a WLAN, your users complain that they do not

see the SSID. What could be wrong?

A. SSID beaconing is enabled.

B. Multicast support is disabled.

C. Radio Policy is configured to all.

D. Status is disabled.

147. How many pre-shared keys can be configured for a specific

WPA2 WLAN?

A. One PSK (one hex or one ASCII)

B. Two PSKs (one hex and one ASCII)

C. Four PSKs (two hex and two ASCII)

D. Unlimited number of PSKs

148. You are configuring a WPA2 WLAN. Which security

configuration should you use for the highest level of security?

A. WPA-AES

B. WPA2-TKIP

C. WPA2-RC4

D. WPA2-AES

149. You are setting up a wireless network for a client. Their

requirements are to minimize the infrastructure and support the

highest security. Which wireless encryption standard should be

configured to satisfy the requirements?

A. WPA-Enterprise

B. WPA2-Personal

C. WPA3-Enterprise

D. WPA-Personal

150. Which protocol will restrict you from achieving high throughput

rates?

A. AES

B. TKIP

C. CCMP

D. PSK

Download 10,86 Mb.

Do'stlaringiz bilan baham: