Exam Prep Questions

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Exam Prep Questions

Examine the following partial switch configuration and choose all the statements that correctly describe what is being accomplished.

interface GigabitEthernet0/1
storm-control broadcast level 62.50
storm-control multicast level pps 3k 2k
storm-control unicast level bps 50m 25m
storm-control action shutdown

	A.	When the level of broadcasts has reached 62.5% of total traffic, the multicasts will be limited to 3,000 packets per second (pps) and unicast traffic will be limited to 50 Mbps.
	B.	Broadcast traffic will be allowed up to 62.5% of total bandwidth on the interface. When this is exceeded, frames will be discarded until the broadcast traffic falls back below that level.
	C.	Multicast traffic will be discarded above 3,000 packets per second (pps) on this port, and will only start being forwarded again after it has fallen below the 2,000 pps lower threshold.
	D.	Unicast traffic will be discarded above 50 Mbps on this port, and will only start being forwarded again after it has fallen below the 25 Mbps lower threshold.
	E.	A shutdown notification message will be sent to the SNMP NMS when all of the three configured thresholds (broadcast, multicast, and unicast) have been reached.

True or false. A CAM table overflow attack is an attack whereby the attacker injects frames into a switch port with the source address of a known station. This is done in an attempt to fool the switch into forwarding frames that are supposed to go to the known station to the attacker’s switch port instead.

Which statements best describe the effect or application of the following interface configuration command? (Choose all that apply.)

Catalyst1(config-if)#spanning-tree portfast

	A.	BPDU guard is enabled, ensuring that the switch will refuse BPDUs on this port.
	B.	Root guard is enabled, ensuring that the switch will refuse root bridge BPDUs that have a superior Bridge ID (BID) to the current root bridge.
	C.	The port immediately transitions to a forwarding state when a link is established, bypassing spanning tree blocking mode.
	D.	The assumption is that there is no possibility of topological loops on this port as this command will prevent the root bridge from blocking on this port.
	E.	None of the above.

True or false. The switchport port-security interface configuration command cannot be used on a trunk port.

What are the two methods for bringing a port out of the err-disabled state?

	A.	Enter the errdisable recovery cause psecure-violation command in global configuration.
	B.	Enter the recover-lockout enable command in global configuration.
	C.	Enter the shutdown and no shutdown commands in order in interface configuration mode on the affected port.
	D.	Enter the no port-shutdown sticky-learn command in interface configuration mode on the affected port.
	E.	None of the above.

True or false. The switched port analyzer (SPAN) feature on Cisco Catalyst switches can be configured to copy all the traffic only from a specific VLAN to a dedicated monitoring port.

Answers to Exam Prep Questions

1.	The correct answers are b, c, and d. Answer a is incorrect because the thresholds for multicast and unicast traffic are independent of one another. Answer e is incorrect because the action shutdown command will shut down the port if any of the configured thresholds have been reached.
2.	False. The attack described is a MAC address spoofing attack. A CAM table overflow attack sends many frames into a switch port with various source MAC addresses in an attempt to overflow the CAM table and make the switch act like a hub for subsequent frames; this floods frames out all ports, including the one that the attacker is connected to.
3.	Answers c and d are correct. A and b are incorrect because, though the descriptions are accurate, BPDU guard and root guard are enabled with different commands.
4.	True. The switchport port-security command can only be used on an access port. Access ports are used for endpoint connectivity.
5.	Answers a and c are correct. Answers b and d are non-existent commands.
6.	False. SPAN can copy (replicate) traffic from specific ports as well as VLANs to a dedicated monitoring port. It is very useful when certain flows through the switch need to be monitored for signs of intrusion and other purposes.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Exam Prep Questions

Create new playlist

Sign In

Sign Up

Exam Prep Questions

Answers to Exam Prep Questions

Table of Contents for
Exam Prep Questions