CCNP Practice Exam 2 - IP With Ease

Advertisements

Which two of the following methods does a switch use to detect spoofed addresses
when IP Source Guard is enabled?

DHCP snooping database

Static IP source binding entries

Reverse path-forwarding entries

DHCP database

ARP entries

Which one of the following commands can be used to prevent a switch spoofing attack on an end-user port?

spanning-tree spoof-guard

switchport mode trunk

switchport mode access

no switchport spoof

In a switch spoofing attack, an attacker makes use of which one of the following?

DTP to negotiate a trunk

The switch management IP address

CDP message exchanges

Spanning Tree Protocol

Which of the following private VLANs is the most restrictive?

Promiscuous VLAN

Restricted VLAN

Isolated VLAN

Community VLAN

What is the maximum cable distance for a Category 5 100BASE-TX connection?

328 m

100 feet

100 m

500 m

What type of port configuration should you use for private VLAN interfaces that connect to a router?

Transparent

Promiscuous

Host

Gateway

Which one of the following should be configured as a trusted port for dynamic ARP inspection?

The port where the ARP server is located.

The port where an end-user host is located.

The port where another switch is located.

None; all ports are untrusted.

Which of these is not a standard type of gigabit interface converter (GBIC) or small form factor pluggable (SFP) module?

1000BASE-ZX

1000BASE-FX

1000BASE-LX/LH

1000BASE-T

What information is used to forward frames in a Layer 2 switch?

Destination MAC address

IP addresses

Source switch port

Source MAC address

Which of the following devices performs transparent bridging?

Router

Ethernet hub

Layer 2 switch

Layer 3 switch

When a PC is connected to a Layer 2 switch port, how far does the collision domain spread?

No collision domain exists.

One switch port.

One VLAN.

All ports on the switch.

In a switch, frames are placed in which buffer after forwarding decisions are made?

Ingress queues

Egress queues

TCAM

CAM table

Which two of the following methods should you use to secure inbound CLI sessions to a switch?

Apply an access list to the vty lines.

Use Telnet only.

Use SSH only.

Disable all inbound CLI connections.

Which answer describes multilayer switching with CEF?

The switching hardware learns station addresses and builds a routing database.

A single database of routing information is built for the switching hardware.

The first packet is routed and then the flow is cached.

The switch supervisor CPU forwards each packet.

Multilayer switches using CEF are based on which of these techniques?

Route caching

Netflow switching

Topology-based switching

The users in a department are using a variety of host platforms, some old and some new. All of them have been approved with a user ID in a RADIUS server database.Which one of these features should be used to restrict access to the switch ports in the building?

AAA authentication

AAA authorization

Port security

Port-based authentication

The vlan 100 command has just been entered. What is the next command needed to configure VLAN 100 as a secondary isolated VLAN?

private-vlan isolated

No further configuration necessary

pvlan secondary isolated

private-vlan isolated 100

Suppose you need to disable CDP advertisements on a switch port so that untrusted devices cannot learn anything about your switch. Which one of the following interface configuration commands should be used?

no cdp trust

no cdp enable

cdp disable

no cdp

Which one of the following methods can be used to prevent a VLAN hopping attack?

Prune the native VLAN off a trunk link.

Avoid using EtherChannel link bundling.

Use VTP throughout the network.

Set the native VLAN to the user access VLAN.

Access list rules are compiled as TCAM entries. When a packet is matched against an access list, in what order are the TCAM entries evaluated?

Sequentially in the order of the original access list.

Numerically by the access list number.

Alphabetically by the access list name.

All entries are evaluated in parallel.

Which of the following show interface output information can you use to diagnose a switch port problem?

Port state.

Port speed.

Input errors.

Collisions.

All these answers are correct.

What does a switch do if a MAC address cannot be found in the CAM table?

The frame is forwarded to the default port.

The switch generates an ARP request for the address.

The switch floods the frame out all ports (except the receiving port).

The switch drops the frame.

At what layer are traditional 10-Mbps Ethernet, Fast Ethernet, and Gigabit Ethernet the same?

Layer 1

Layer 2

Layer 3

Layer 4

Suppose an LAP/WLC combination is used to provide connectivity from SSID “staff’’ to VLAN 17. Which one of the following is the correct extent for the VLAN?

VLAN 17 exists on the LAP only.

VLAN 17 extends from the LAP to the access switch and from the distribution switch to the WLC.

VLAN 17 extends from the LAP to the WLC.

VLAN 17 extends from the LAP to the access switch only.

In the Catalyst 6500, frames can be filtered with access lists for security and QoS purposes. This filtering occurs according to which of the following?

Simultaneously with a CAM table lookup

Before a CAM table lookup

After a CAM table lookup

According to how the access lists are configured

In what part of a Catalyst switch are VLAN ACLs implemented?

TCAM

NVRAM

CAM

RAM

Ethernet autonegotiation determines which of the following?

Quality of service mode

Error threshold

Duplex mode

Spanning-tree mode

Which one of the following represents the spoofed information an attacker sends in a VLAN hopping attack?

802.1x information

802.1Q tags

DTP information

VTP information

Promiscuous ports must be ______________ to primary and secondary VLANs, and host ports must be ________________.

Associated, associated

Associated, mapped

Mapped, mapped

Mapped, associated

What does the IEEE 802.3 standard define?

Switched Ethernet

Spanning Tree Protocol

Ethernet

Token Ring