Ccna certification Practice Tests

ip access-list extended 

named_list will create an extended  

named access list. The command 

access-list 101 allow host 192.168.1.5 any is 

incorrect. The command 

ip access-list 

named_list is incorrect. The command  

ip access-list 101 

named_list is incorrect.

are broad in the traffic they control. Extended ACLs should always be placed closest to the 

source of traffic since they are extremely granular. Dynamic ACLs can be placed in either 

location because they can be standard or extended access lists, with the addition of traffic-

based rules or time of day–based rules. An expanded ACL is not really a type of ACL; it 

specifies the expanded numbering for standard and extended ACLs.

show 

behavior when port security is violated. The command 

show mac address-table is 

incorrect. The command 

show interface is incorrect. The command show security is 

incorrect.

unauthorized equipment such as a WAP. If port security is implemented, the interface can 

be secured to allow only the MAC address of the computer to pass; all other traffic can be 

dropped. Dynamic VLANs will not prevent unauthorized equipment from being plugged 

into the network, such as a WAP. ACLs can mitigate what is accessible on servers but will 

not prevent unauthorized equipment from being plugged in. VLAN pruning is a good 

overall practice to minimize traffic across trunk links, but it does nothing for end device 

security.

make plugging in a wireless access point (WAP) a non-event for a corporate network. 

Access control lists (ACLs) cannot restrict a wireless access point from being plugged 

into the corporate network. Wired Equivalent Privacy (WEP) is a very insecure wireless 

encryption protocol and will not prevent a wireless access point from being plugged into 

the corporate network. Static MAC addresses will not stop a wireless access point from 

being plugged into the corporate network.

 105.  A.  Port security blocks unauthorized access by examining the source address of a network 

device. The destination MAC address is used for forward filter decisions. The source and 

destination IP addresses are used by access control lists (ACLs) to filter traffic.

 106.  C.  Port security is enabled by configuring the command 

switchport port-security. 

This command must be configured on the interface in which you want to enable port 

security. The command 

switchport port-security is incorrect when it is configured 

in a global configuration prompt. The command 

port-security enable is incorrect 

regardless of where it is configured.

Download 8,04 Mb.

Do'stlaringiz bilan baham: