Blog

At which layer of the OSI model does Spanning Tree Protocol operate? Layer 1 Layer 2 Layer 3 Layer 4 Answers Explanation & Hints: Spanning Tree Protocol (STP) is a…

What is involved in an IP address spoofing attack? A legitimate network IP address is hijacked by a rogue node. A rogue node replies to an ARP request with its…

A network administrator is configuring DAI on a switch with the command ip arp inspection validate dst-mac . What is the purpose of this configuration command? to check the destination…

Which procedure is recommended to mitigate the chances of ARP spoofing? Enable port security globally. Enable DHCP snooping on selected VLANs. Enable DAI on the management VLAN. Enable IP Source…

How can DHCP spoofing attacks be mitigated? by disabling DTP negotiations on nontrunking ports by implementing DHCP snooping on trusted ports by implementing port security by the application of the…

Which two ports can send and receive Layer 2 traffic from a community port on a PVLAN? (Choose two.) community ports belonging to other communities promiscuous ports isolated ports within…

What Layer 2 attack is mitigated by disabling Dynamic Trunking Protocol? VLAN hopping DHCP spoofing ARP poisoning ARP spoofing Answers Explanation & Hints: Mitigating a VLAN hopping attack can be…

Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation? BPDU guard DTP PVLAN…

What is the behavior of a switch as a result of a successful CAM table attack? The switch will forward all received frames to all other ports. The switch will…

Which Cisco solution helps prevent MAC and IP address spoofing attacks? Port Security DHCP Snooping IP Source Guard Dynamic ARP Inspection Answers Explanation & Hints: Cisco provides solutions to help…

Which command is used as part of the 802.1X configuration to designate the authentication method that will be used? aaa new-model dot1x pae authenticator aaa authentication dot1x dot1x system-auth-control Answers…

An 802.1X client must authenticate before being allowed to pass data traffic onto the network. During the authentication process, between which two devices is the EAP data encapsulated into EAPOL…

A company implements 802.1X security on the corporate network. A PC is attached to the network but has not authenticated yet. Which 802.1X state is associated with this PC? disabled…

In an 802.1x deployment, which device is a supplicant? end-user station access point switch RADIUS server Answers Explanation & Hints: In 802.1x, a supplicant is the end-user device (such as…

Which protocol defines port-based authentication to restrict unauthorized hosts from connecting to the LAN through publicly accessible switch ports? 802.1x RADIUS TACACS+ SSH Answers Explanation & Hints: 802.1x is an…

What are two examples of traditional host-based security measures? (Choose two.) NAS 802.1X host-based IPS host-based NAC antimalware software Answers Explanation & Hints: Traditional host-based security measures include antivirus/antimalware software,…

What two internal LAN elements need to be secured? (Choose two.) switches IP phones edge routers fiber connections cloud-based hosts Answers Explanation & Hints: Internal network protection is just as…

Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices? These devices are not managed by the corporate IT department. These devices are more varied…

What is the goal of the Cisco NAC framework and the Cisco NAC appliance? to ensure that only hosts that are authenticated and have had their security posture examined and…

What type of data does the DLP feature of Cisco Email Security Appliance scan in order to prevent customer data from being leaked outside of the company? inbound messages outbound…