“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin. Table 9-1 details the major topics discussed in this chapter and their corresponding quiz questions.
1. Which is the primary Layer 2 mechanism that allows multiple devices in the same VLAN to communicate with each other even though those devices are physically connected to different switches?
a. IP address
b. Default gateway
c. Trunk
d. 802.1D
2. How does a switch know about parallel Layer 2 paths?
a. 802.1Q
b. BPDU
c. CDP
d. NTP
3. When implemented, which of the following helps prevent CAM table overflows?
a. 802.1w
b. BPDU Guard
c. Root Guard
d. Port security
4. Which of the following is not a best practice for security?
a. Leaving the native VLAN as VLAN 1
b. Shutting down all unused ports and placing them in an unused VLAN
c. Limiting the number of MAC addresses learned on a specific port
d. Disabling negotiation of switch port mode
5. What is the default number of MAC addresses allowed on a switch port that is configured with port security?
a. 1
b. 5
c. 15
d. Depends on the switch model
6. Which two items normally have a one-to-one correlation?
a. VLANs
b. Classful IP networks
c. IP subnetworks
d. Number of switches
e. Number of routers
7. What is a typical method used by a device in one VLAN to reach another device in a second VLAN?
a. ARP for the remote device’s MAC address
b. Use a remote default gateway
c. Use a local default gateway
d. Use trunking on the PC
8. Which two configuration changes prevent users from jumping onto any VLAN they choose to join?
a. Disabling negotiation of trunk ports
b. Using something else other than VLAN 1 as the “native” VLAN
c. Configuring the port connecting to the client as a trunk
d. Configuring the port connecting to the client as an access port
9. If you limit the number of MAC addresses learned on a port to five, what benefits do you get from the port security feature? (Choose all that apply.)
a. Protection for DHCP servers against starvation attacks
b. Protection against IP spoofing
c. Protection against VLAN hopping
d. Protection against MAC address spoofing
e. Protection against CAM table overflow attacks
10. Why should you implement Root Guard on a switch?
a. To prevent the switch from becoming the root
b. To prevent the switch from having any root ports
c. To prevent the switch from having specific root ports
d. To protect the switch against MAC address table overflows
11. Why should CDP be disabled on ports that face untrusted networks?
a. CDP can be used as a DDoS vector.
b. CDP can be used as a reconnaissance tool to determine information about the device.
c. Disabling CDP will prevent the device from participating in spanning tree with untrusted devices.
d. CDP can conflict with LLDP on ports facing untrusted networks.
12. Which of the following is not a true statement for DHCP snooping?
a. DHCP snooping validates DHCP messages received from untrusted sources and filters out invalid messages
b. DHCP snooping information is stored in a binding database.
c. DHCP snooping is enabled by default on all VLANs.
d. DHCP snooping rate-limits DHCP traffic from trusted and untrusted sources.
13. Which of the following is not a true statement regarding dynamic ARP inspection (DAI)?
a. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings.
b. DAI helps to mitigate MITM attacks.
c. DAI determines validity of ARP packets based on IP-to-MAC address bindings found in the DHCP snooping database.
d. DAI is enabled on a per-interface basis.