The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address. he Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown? The connection between S1 and PC1 is via a crossover cable. The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface. S1 has been configured with a switchport port-security aging command. The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address. PVLAN Edge does not allow one device to see traffic that is generated by another device. Ports configured with the PVLAN Edge feature are also known as protected ports. Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation? BPDU guard ensuring that only authenticated hosts can access the network enforcing network security policy for hosts that connect to the network Which two functions are provided by Network Admission Control? (Choose two.) protecting a switch from MAC address table overflow attacks ensuring that only authenticated hosts can access the network stopping excessive broadcasts from disrupting network traffic enforcing network security policy for hosts that connect to the network limiting the number of MAC addresses that can be learned on a single switch port root guard Which spanning-tree enhancement prevents the spanning-tree topology from changing by blocking a port that receives a superior BPDU? BDPU filter port security Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch? BPDU filter on all switch ports that connect to another switch that is not the root bridge In what situation would a network administrator most likely implement root guard? on all switch ports (used or unused) on all switch ports that connect to host devices on all switch ports that connect to another switch on all switch ports that connect to a Layer 3 device on all switch ports that connect to another switch that is not the root bridge Cisco NAC Agent What component of Cisco NAC is responsible for performing deep inspection of device security profiles? Cisco NAC Agent to define role-based user access and endpoint security policies What is the role of the Cisco NAC Manager in implementing a secure networking infrastructure? to perform deep inspection of device security profiles to provide post-connection monitoring of all endpoint devices to define role-based user access and endpoint security policies to assess and enforce security policy compliance in the NAC environment assessing and enforcing security policy compliance in the NAC environment What is the role of the Cisco NAC Server within the Cisco Secure Borderless Network Architecture? providing the ability for company employees to create guest accounts assessing and enforcing security policy compliance in the NAC environment defining role-based user access and endpoint security policies providing post-connection monitoring of all endpoint devices It provides the ability for creation and reporting of guest accounts.
What is the role of the Cisco NAC Guest Server within the Cisco Borderless Network architecture? It provides post-connection monitoring of all endpoint devices. It performs deep inspection of device security profiles. It defines role-based user access and endpoint security policies. It provides the ability for creation and reporting of guest accounts. AAA services scanning for policy compliance remediation for noncompliant devices Which three functions are provided under Cisco NAC framework solution? (Choose three.) AAA services VPN connection intrusion prevention secure connection to servers scanning for policy compliance remediation for noncompliant devices file retrospection Which feature is part of the Antimalware Protection security solution? spam blocking port security What security countermeasure is effective for preventing CAM table overflow attacks? port security The switch will forward all received frames to all other ports. What is the behavior of a switch as a result of a successful CAM table attack? The switch will forward all received frames to all other ports. The switch will shut down. The switch will drop all received frames. The switch interfaces will transition to the error-disabled state. DHCP snooping What additional security measure must be enabled along with IP Source Guard to protect against address spoofing? DHCP snooping Disable DTP. What are three techniques for mitigating VLAN hopping attacks? (Choose three.) Disable DTP. MAC-address-to-IP-address bindings ARP ACLs What two mechanisms are used by Dynamic ARP inspection to validate ARP packets for IP addresses that are dynamically assigned or IP addresses that are static? (Choose two.) MAC-address-to-IP-address bindings ARP ACLs Source Guard IP ACLs RARP DTP What protocol should be disabled to help mitigate VLAN hopping attacks? DTP DHCP starvation What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease? DHCP starvation a promiscuous port What is the only type of port that an isolated port can forward traffic to on a private VLAN? a promiscuous port root guard Which STP stability mechanism is used to prevent a rogue switch from becoming the root switch? root guard by using a proxy autoconfiguration file in the end device How can a user connect to the Cisco Cloud Web Security service directly? by establishing a VPN connection with the Cisco CWS by using a proxy autoconfiguration file in the end device by accessing a Cisco CWS server before visiting the destination web site through the connector that is integrated into any Layer 2 Cisco switch preventing rogue switches What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces? preventing rogue switches protecting against Layer 2 loops enforcing the placement of root bridges preventing buffer overflow attacks turning on DHCP snooping Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients? disabling CDP on edge ports implementing port-security on edge ports turning on DHCP snooping implementing port security What is the goal of the Cisco NAC framework and the Cisco NAC Appliance?The NAC framework uses the Cisco network infrastructure and third-party software to ensure the wired and wireless endpoints that want to gain access to the network adheres to the requirements defined by the security policy. The Cisco NAC Appliance is the device that enforces security policy compliance.
What is the Cisco Borderless network What is the importance of it in networking?The Cisco Borderless Networks architecture authenticates users and devices using the identity-enabled network approach, and enables the government workforce to connect securely from anywhere, using new virtual private network (VPN) technologies.
|