Ensurepass

 

QUESTION 11

Refer to the exhibit.

clip_image002

Host A has sent an ARP message to the default gateway IP address 10.10.10.1. Which statement is true?

 

A.        Because of the invalid timers that are configured, DSw1 does not reply.

B.        DSw1 replies with the IP address of the next AVF.

C.        DSw1 replies with the MAC address of the next AVF.

D.        Because of the invalid timers that are configured, DSw2 does not reply.

E.         DSw2 replies with the IP address of the next AVF.

F.         DSw2 replies with the MAC address of the next AVF.

 

Correct Answer: F

 

 

QUESTION 12

What are two methods of mitigating MAC address flooding attacks? (Choose two.)

 

A.  Place unused ports in a common VLAN.

B.  Implement private VLANs.

C.  Implement DHCP snooping.

D.  Implement port security.

E.  Implement VLAN access maps

 

Correct Answer: DE

 

 

 

QUESTION 13

Refer to the exhibit.

clip_image004

What information can be derived from the output?

 

A.        Interfaces FastEthernet3/1 and FastEthernet3/2 are connected to devices that are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. After the sending of BPDUs has stopped, the interfaces must be shut down administratively, and brought back up, to resume normal operation.

B.        Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter, but traffic is still forwarded across the ports.

C.        Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. After the inaccurate BPDUs have been stopped, the interfaces automatically recover and resume normal operation.

D.        Interfaces FastEthernet3/1 and FastEthernet3/2 are candidates for becoming the STP root port, but neither can realize that role until BPDUs with a superior root bridge parameter are no longer received on at least one of the interfaces.

 

Correct Answer: C

 

 

QUESTION 14

What is one method that can be used to prevent VLAN hopping?

 

A.  Configure ACLs.

B.  Enforce username and password combinations.

C.  Configure all frames with two 802.1Q headers.

D.  Explicitly turn off DTP on all unused ports.

E.  Configure VACLs.

 

Correct Answer: D

 

 

QUESTION 15

Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the spanning- tree topology of a network?

 

A.        BPDU guard can guarantee proper selection of the root bridge.

B.        BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.

C.        BPDU guard can be utilized to prevent the switch from transmitting BPDUs and incorrectly altering the root bridge election.

D.        BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network.

 

Correct Answer: B

 

 

QUESTION 16

What two steps can be taken to help prevent VLAN hopping? (Choose two.)

 

A.  Place unused ports in a common unrouted VLAN.

B.  Enable BPDU guard.

C.  Implement port security.

D.  Prevent automatic trunk configurations.

E.  Disable Cisco Discovery Protocol on ports where it is not necessary.

 

Correct Answer: AD

 

 

QUESTION 17

Refer to the exhibit.

clip_image006

Assume that Switch_A is active for the standby group and the standby device has only the default HSRP configuration. Which statement is true?

 

A.        If port Fa1/1 on Switch_A goes down, the standby device takes over as active.

B.        If the current standby device had the higher priority value, it would take over the role of active for the HSRP group.

C.        If port Fa1/1 on Switch_A goes down, the new priority value for the switch would be 190.

D.        If Switch_A had the highest priority number, it would not take over as active router.

 

Correct Answer: C

 

 

QUESTION 18

When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to gather information?

 

A.        The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk.

B.        The attacking station tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.

C.        The attacking station generates frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.

D.        The attacking station uses VTP to collect VLAN information that is sent out and then tags itself with the domain information to capture the data.

 

Correct Answer: A

 

 

QUESTION 19

Refer to the exhibit.

clip_image008

GLBP has been configured on the network. When the interface serial0/0/1 on router R1 goes down, how is the traffic coming from Host1 handled?

 

A.        The traffic coming from Host1 and Host2 is forwarded through router R2 with no disruption.

B.        The traffic coming from Host2 is forwarded through router R2 with no disruption. Host1 sends an ARP request to resolve the MAC address for the new virtual gateway.

C.        The traffic coming from both hosts is temporarily interrupted while the switchover to make R2 active occurs.

D.        The traffic coming from Host2 is forwarded through router R2 with no disruption. The traffic from Host1 is dropped due to the disruption of the load balancing feature configured for the GLBP group.

 

Correct Answer: A

 

 

QUESTION 20

Refer to the exhibit.

clip_image010

DHCP snooping is enabled for selected VLANs to provide security on the network. How do the switch ports handle the DHCP messages?

 

A.        A DHCPOFFER packet from a DHCP server received on Ports Fa2/1 and Fa2/2 is dropped.

B.        A DHCP packet received on ports Fa2/1 and Fa2/2 is dropped if the source MAC address and the DHCP client hardware address does not match Snooping database.

C.        A DHCP packet received on ports Fa2/1 and Fa2/2 is forwarded without being tested.

D.        A DHCPRELEASE message received on ports Fa2/1 and Fa2/2 has a MAC address in the DHCP snooping binding database, but the interface information in the binding database does not match the interface on which the message was received and is dropped.

 

Correct Answer: C

 

DownloadLatest 2013 642-813 Security Free Tests , help you to pass exam 100%.

Comments are closed.