The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? ()A、 Attacks are prevented by utilizing the port-security feature.B、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.C、 Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.D、 An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.E、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? ()
- A、 Attacks are prevented by utilizing the port-security feature.
- B、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.
- C、 Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.
- D、 An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.
- E、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
相关考题:
Most computer systems are(165)to two different groups of attacks: Insider attacks and outsider attacks. A system that is known to be(166)to an outsider attack by preventing(167)from outside can still be vulnerable to the insider attacks accomplished by abusive usage of(168)users. Detecting such abusive usage as well as attacks by outsides not only provides information on damage assessment, but also helps to prevent future attacks. These attacks are usually(169)by tools referred to as Intrusion Detection Systems.A.vulnerableB.weekC.sensitivelyD.helpless
Which two statements about the use of VLANs to segment a network are true?() A. VLANs increase the size of collision domains.B. VLANs allow logical grouping of users by function.C. VLANs simplify switch administration.D. VLANs enhance network security.
What are two methods of mitigating MAC address flooding attacks?()A、Place unused ports in a common VLAN.B、Implement private VLANs.C、Implement DHCP snooping.D、Implement port security.E、Implement VLAN access maps.
Static VLANs are being used on the Company network. What is true about static VLANs?()A、Devices use DHCP to request their VLAN.B、Attached devices are unaware of any VLANs.C、Devices are assigned to VLANs based on their MAC addresses.D、Devices are in the same VLAN regardless of which port they attach to.
Which two network attack statements are true?()A、Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.B、Access attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.C、DoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.D、DoS attacks can consist of IP spoofing and DDoS attacks.E、IP spoofing can be reduced through the use of policy-based routing.F、IP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.
Which two statements are true about voice VLANs?()A、Voice VLANs are only used when connecting an IP phone and a host to distinct switch portsB、Access ports that are configured with voice VLANs will always trust the CoS that is received from IP phonesC、Access ports that are configured with voice VLANs may or may not override the CoS value that is received from an IP phoneD、Voice VLANs are configured using the switchport voice vlan vlan-ID interface configuration commandE、Voice VLANs provide a trunking interface between an IP phone and an access port on a switch to allow traffic from multiple devices that are connected to the portF、Enabling Voice VLAN on a switch port will automatically configure the port to trust the incoming CoS markings
A hacker on the Company network is attempting to hop onto a different VLAN. Which two statements about VLAN hopping are true? ()A、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.B、 Configuring an interface with the "switchport mode dynamic" command will prevent VLAN hopping.C、 Attacks are prevented by utilizing the port-security feature.D、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.E、 An end station attempts to redirect VLAN traffic by broadcasting multiple ARP requests.
The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()A、 MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.B、 Port scanners are the most effective defense against dynamic ARP inspection.C、 MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.D、 Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.E、 DHCP snooping sends unauthorized replies to DHCP queries.F、 ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G、 None of the other alternatives apply.
A network administrator needs to configure port security on a switch.which two statements are true?()A、The network administrator can apply port security to dynamic access portsB、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.D、The network administrator can apply port security to EtherChannels.E、When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.
The Company security administrator wants to prevent VLAN hopping on the network. What is one method that can be used to do this? ()A、 Attacks are prevented by utilizing the port-security feature.B、 An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.C、 Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.D、 An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.E、 Configuring an interface with the "switchport mode access" command will prevent VLAN hopping.
Which two statements about common network attacks are true?()A、Access attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.B、Access attacks can consist of password attacks,ping sweeps,port scans,and man-in-the-middle attacks.C、Access attacks can consist of packet sniffers,ping sweeps,port scans,and man-in-the-middle attacks.D、Reconnaissance attacks can consist of password attacks,trust exploitation,port redirection and Internet information queries.E、Reconnaissance attacks can consist of packet sniffers,port scans,ping sweeps,and Internet information queries.F、Reconnaissance attacks can consist of ping sweeps,port scans,man-in-middle attacks and Internet information queries.
Which two statements describe the functions and operations of IDS and IPS systems?()A、A network administrator entering a wrong password would generate a true-negative alarm.B、A false positive alarm is generated when an IDS/IPS signature is correctly identified.C、An IDS is significantly more advanced over IPS because of its ability to prevent network attacks.D、Cisco IDS works inline and stops attacks before they enter the network.E、Cisco IPS taps the network traffic and responds after an attack.F、Profile-based intrusion detection is also known as "anomaly detection".
The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()A、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.B、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.C、 MAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.D、 ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.E、 MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
You need to design the VLAN scheme for the Company network. Which two statements are true about best practices in VLAN design?()A、Routing should occur at the access layer ifvoice VLANs are utilized. Otherwise, routing should occur at the distribution layer.B、Routing should always be performed at the distribution layer.C、VLANs should be localized to a switch.D、VLANs should be localized to a single switch unlessvoice VLANs are being utilized.E、Routing should not be performed between VLANs located on separate switches.
Which two statements about the use of VLANs to segment a network are true? ()A、VLANs increase the size of collision domains.B、VLANs allow logical grouping of users by function.C、VLANs simplify switch administration.D、VLANs enhance network security.
You need to identify potential security threats. Which of the following security breaches might occur under the current IT and security practices?(Choose all that apply)()A、A virus that infects an IT administrator’s client computer could gain domain administrator privilegesB、Couriers could gain access to domain administrator privilegesC、Business office staff could discover couriers’ passwords and use them to access couriers’ informationD、All users could use their user accounts to gain the ability to install untested security patches on their client computers
多选题The Company security administrator wants to prevent VLAN hopping on the network. What is one method that can be used to do this? ()AAttacks are prevented by utilizing the port-security feature.BAn end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.CConfiguring an interface with the switchport mode dynamic command will prevent VLAN hopping.DAn end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.EConfiguring an interface with the switchport mode access command will prevent VLAN hopping.
多选题The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? ()AARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.BARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.CMAC address flooding is an attempt to force a switch to send all information out every port byoverloading the MAC address table.DARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.EMAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.
多选题The Company security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? ()AAttacks are prevented by utilizing the port-security feature.BAn end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.CConfiguring an interface with the switchport mode dynamic command will prevent VLAN hopping.DAn end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.EConfiguring an interface with the switchport mode access command will prevent VLAN hopping.
多选题What are two methods of mitigating MAC address flooding attacks?()APlace unused ports in a common VLAN.BImplement private VLANs.CImplement DHCP snooping.DImplement port security.EImplement VLAN access maps.
多选题A hacker on the Company network is attempting to hop onto a different VLAN. Which two statements about VLAN hopping are true? ()AAn end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.BConfiguring an interface with the switchport mode dynamic command will prevent VLAN hopping.CAttacks are prevented by utilizing the port-security feature.DConfiguring an interface with the switchport mode access command will prevent VLAN hopping.EAn end station attempts to redirect VLAN traffic by broadcasting multiple ARP requests.
多选题Which two statements are true about voice VLANs?()AVoice VLANs are only used when connecting an IP phone and a host to distinct switch portsBAccess ports that are configured with voice VLANs will always trust the CoS that is received from IP phonesCAccess ports that are configured with voice VLANs may or may not override the CoS value that is received from an IP phoneDVoice VLANs are configured using the switchport voice vlan vlan-ID interface configuration commandEVoice VLANs provide a trunking interface between an IP phone and an access port on a switch to allow traffic from multiple devices that are connected to the portFEnabling Voice VLAN on a switch port will automatically configure the port to trust the incoming CoS markings
多选题You need to design the VLAN scheme for the Company network. Which two statements are true about best practices in VLAN design?()ARouting should occur at the access layer ifvoice VLANs are utilized. Otherwise, routing should occur at the distribution layer.BRouting should always be performed at the distribution layer.CVLANs should be localized to a switch.DVLANs should be localized to a single switch unlessvoice VLANs are being utilized.ERouting should not be performed between VLANs located on separate switches.
多选题Which two network attack statements are true?()AAccess attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.BAccess attacks can consist of UDP and TCP SYN flooding,ICMP echo-request floods,and ICMP directed broadcasts.CDoS attacks can be reduced through the use of access control configuration,encryption,and RFC 2827 filtering.DDoS attacks can consist of IP spoofing and DDoS attacks.EIP spoofing can be reduced through the use of policy-based routing.FIP spoofing exploits known vulnerabilities in authentication services, FTP services,and web services to gain entry to web accounts,confidential databases,and other sensitive information.
单选题Static VLANs are being used on the Company network. What is true about static VLANs?()ADevices use DHCP to request their VLAN.BAttached devices are unaware of any VLANs.CDevices are assigned to VLANs based on their MAC addresses.DDevices are in the same VLAN regardless of which port they attach to.
多选题Which two statements about the use of VLANs to segment a network are true? ()AVLANs increase the size of collision domains.BVLANs allow logical grouping of users by function.CVLANs simplify switch administration.DVLANs enhance network security.
多选题Which two statements about common network attacks are true?()AAccess attacks can consist of password attacks,trust exploitation,port redirection,and man-in-the-middle attacks.BAccess attacks can consist of password attacks,ping sweeps,port scans,and man-in-the-middle attacks.CAccess attacks can consist of packet sniffers,ping sweeps,port scans,and man-in-the-middle attacks.DReconnaissance attacks can consist of password attacks,trust exploitation,port redirection and Internet information queries.EReconnaissance attacks can consist of packet sniffers,port scans,ping sweeps,and Internet information queries.FReconnaissance attacks can consist of ping sweeps,port scans,man-in-middle attacks and Internet information queries.