多选题Which three statements about the DHCP snooping feature on Cisco Nexus switches are true? ()ADHCP snooping commands are not available until the feature is enabled with the feature dhcp- snooping command.BWhen you enable the DHCP snooping feature, the switch begins building and maintaining the DHCP snooping binding database.CThe switch will not validate DHCP messages received or use the DHCP snooping binding database to validate subsequent requests from untrusted hosts until DHCP snooping is enabled globally and for each specific VLAN.DGlobally disabling DHCP snooping removes all DHCP snooping configuration on the switch.EGlobally disabling DHCP snooping does not remove any DHCP snooping configuration or the configuration of other features that are dependent upon the DHCP snooping feature.
多选题
Which three statements about the DHCP snooping feature on Cisco Nexus switches are true? ()
A
DHCP snooping commands are not available until the feature is enabled with the feature dhcp- snooping command.
B
When you enable the DHCP snooping feature, the switch begins building and maintaining the DHCP snooping binding database.
C
The switch will not validate DHCP messages received or use the DHCP snooping binding database to validate subsequent requests from untrusted hosts until DHCP snooping is enabled globally and for each specific VLAN.
D
Globally disabling DHCP snooping removes all DHCP snooping configuration on the switch.
E
Globally disabling DHCP snooping does not remove any DHCP snooping configuration or the configuration of other features that are dependent upon the DHCP snooping feature.
参考解析
解析:
暂无解析
相关考题:
Which three statements are correct about Rate Limiters? ()(Choose three.) A. one-rate rate limitersB. two-rate rate limitersC. two-rate rate limiters is the defaultD. one-rate rate limiters is the defaultE. there is no default it must be configured
Which two statements are true about Internet Group Management Protocol (IGMP) snooping?() A. IGMP snooping and Cisco Group Membership Protocol (CGMP) can be used simultaneously on a switch.B. IGMP snooping a nd Cisco Group Membership Protocol (CGMP) were developed to help Layer 3 switches make intelligent forwarding decisions on their own.C. IGMP snooping examines IGMP join/leave messages so that multicast traffic is forwarded only to hosts that sent an IG MP message toward the router.D. IGMP snooping is an IP multicast constraining mechanism for Layer 2 switches.E. IGMP snooping is enabled with the ip multicast - routing global configuration command.
Which three statements are true about the Internet Group Management Protocol (IGMP)? () A. There are three IGMP modes: dense mode, sparse mode, and sparse - dense modeB. IGMP is used to register individual hosts with a multicast groupC. IGMP version 3 enables a multicast receiving host to specify to the router which sources it should forward traffic fromD. IGMP messages a re IP datagrams with a protocol value of 2, destination address of 224.0.0.2, and a TTL value of 1E. IGMP is a multicast routing protocol that makes packet - forwarding decisions independent of other routing protocols such as EIGRPF. IGMP snooping ru ns on Layer 3 routers
Which is the result of enabling IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled?()A、DHCP requests will be switched in the software, which may result in lengthy response times.B、The switch will run out of ACL hardware resources.C、All DHCP requests will pass through the switch untested.D、The DHCP server reply will be dropped and the client will not be able to obtain an IP address.
The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()A、 MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.B、 Port scanners are the most effective defense against dynamic ARP inspection.C、 MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.D、 Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.E、 DHCP snooping sends unauthorized replies to DHCP queries.F、 ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G、 None of the other alternatives apply.
Which three statements are true about terms in a policy?()A、The order of the terms in a policy is irrelevantB、The action is specified in a then statementC、Ters are optional in a policyD、The match condition can be identified with a from statementE、Every policy must contain at least one term
Which three statements are true about the voice VLAN feature on a Catalyst 2950 switch? (Choose three.)() A、 The CoS value is trusted for 802.1p or 802.1q tagged traffic.B、 The voice VLAN feature is disabled by default.C、 The IP phone accepts the priority of all tagged and untagged traffic and sets the CoS value to 4.D、 When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of the port.E、 PortFast is automatically disabled when a voice VLAN is configured.F、 The default CoS value for incoming traffic is set to 0.
Which statement best describes what is depicted in the show command output?()A、 IGMP snooping is not active for VLAN 120 because the IGMP feature has not been enabled on the switch with the feature igmp command.B、 The IGMP snooping querier for VLAN 120 is not in a running state because the Loopback interface configured with 1.1.1.1/32 is currently in a down state.C、 IGMP snooping has been disabled on the VLAN 120 SVI.D、 IGMP snooping has been disabled for VLAN 120 in VLAN configuration mode.E、 IGMP snooping is not active for VLAN 120 because VLAN 120 does not exist in the VLAN database.
he Cisco Nexus 1000V Series Switches are virtual machine access switches that are an intelligent software switch implementation for VMware vSphere environments running the Cisco NX-OS Software operating system. Together with the VMware ESX hypervisor, the Nexus 1000V supports Cisco VN-Link server virtualization technology, which provides mobile virtual machine security and network policy for VMware View components, including the DHCP snooping feature. DHCP snooping is disabled on the Nexus 1000V by default. When the DHCP snooping feature is enabled on the Nexus 1000V, what are the default trust settings for the vEthernet and uplink ports?() A、 All vEthernet ports are trusted, and all Ethernet ports such as uplinks and port channels are trusted.B、 All vEthernet ports are not trusted, and all Ethernet ports such as uplinks and port channels are not trusted.C、 All vEthernet ports are trusted and all Ethernet ports such as uplinks and port channels are not trusted.D、 All vEthernet ports are not trusted and all Ethernet ports such as uplinks and port channels are trusted.
Which two statements are true about Internet Group Management Protocol (IGMP) snooping?()A、IGMP snooping and Cisco Group Membership Protocol (CGMP) can be used simultaneously on a switch.B、IGMP snooping a nd Cisco Group Membership Protocol (CGMP) were developed to help Layer 3 switches make intelligent forwarding decisions on their own.C、IGMP snooping examines IGMP join/leave messages so that multicast traffic is forwarded only to hosts that sent an IG MP message toward the router.D、IGMP snooping is an IP multicast constraining mechanism for Layer 2 switches.E、IGMP snooping is enabled with the ip multicast - routing global configuration command.
Which three statements are true about DAI?()A、DAI intercept all ARP packets on untrusted portsB、DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.C、DAI is used to prevent against a DHCP Snooping attack.D、DAI forwards all ARP packets received on a trusted interface without any checks.E、DAI forwards all ARP packets on untrusted ports.F、DAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.
In the event that two devices need access to a common server, but they cannot communicate witheach other, which security feature should be configured to mitigate attacks between thesedevices?()A、private VLANsB、port securityC、BPDU guardD、dynamic ARP inspectionE、DHCP snooping
Which three statements about the DHCP snooping feature on Cisco Nexus switches are true? ()A、 DHCP snooping commands are not available until the feature is enabled with the feature dhcp- snooping command.B、 When you enable the DHCP snooping feature, the switch begins building and maintaining the DHCP snooping binding database.C、 The switch will not validate DHCP messages received or use the DHCP snooping binding database to validate subsequent requests from untrusted hosts until DHCP snooping is enabled globally and for each specific VLAN.D、 Globally disabling DHCP snooping removes all DHCP snooping configuration on the switch.E、 Globally disabling DHCP snooping does not remove any DHCP snooping configuration or the configuration of other features that are dependent upon the DHCP snooping feature.
DHCP snooping on Cisco Nexus 1000V Series Switches acts like a firewall between untrusted hosts and trusted DHCP servers by doing which of these? ()A、 validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP serversB、 intercepts all ARP requests and responses on untrusted portsC、 builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addressesD、 uses the DHCP snooping binding database to validate subsequent requests from untrusted hostsE、 limits IP traffic on an interface to only those sources that have an IP-MAC address binding table entry or static IP source entry
Session affinity is a feature of which of the following devices?()A、DNS serverB、DHCP serverC、Load balancerD、IPS
Which three statements about subqueries are true? ()A、Asinglerowsubquerycanretrieveonlyonecolumnandonerow.B、Asinglerowsubquerycanretrieveonlyonerowbutmanycolumns.C、Amultiplerowsubquerycanretrievemultiplerowsandmultiplecolumns.D、Amultiplerowsubquerycanbecomparedusingthe";;";operator.E、AsinglerowsubquerycanusetheINoperator.F、Amultiplerowsubquerycanusethe";=";operator.
多选题Which of the following types of attacks does DHCP snooping prevent?(Choose all that apply.)()AAttacker sends multiple DHCP requests flooding DHCP serverBAttacker connects rogue server initiating DHCP requestsCAttacker connects rogue server replying to DHCP requestsDAttacker sends DHCP jam signal causing DHCP server to crashEAttacker sends gratuitous ARP replies, thereby jamming the DHCP serverFAttacker sends unsolicited DHCP replies, thereby jamming the DHCP server
多选题Which three statements are correct about Rate Limiters? ()(Choose three.)Aone-rate rate limitersBtwo-rate rate limitersCtwo-rate rate limiters is the defaultDone-rate rate limiters is the defaultEthere is no default it must be configured
单选题The Company is concerned about Layer 2 security threats. Which statement is true about these threats? ()A MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.B Port scanners are the most effective defense against dynamic ARP inspection.C MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.D Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.E DHCP snooping sends unauthorized replies to DHCP queries.F ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.G None of the other alternatives apply.
多选题As the network technician at Company, you need to configure DHCP snooping on a new switch. Which three steps are required? ()AConfigure the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCP request messages.BConfigure DHCP snooping globally.CConfigure the switch as a DHCP server.DConfigure DHCP snooping on an interface.EConfigure all interfaces as DHCP snooping trusted interfaces.FConfigure DHCP snooping on a VLAN or range of VLANs.
多选题Which three statements are true about DAI?()ADAI intercept all ARP packets on untrusted portsBDAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the DHCP Snooping database.CDAI is used to prevent against a DHCP Snooping attack.DDAI forwards all ARP packets received on a trusted interface without any checks.EDAI forwards all ARP packets on untrusted ports.FDAI determines the validity of an ARP packet based on the valid MAC address-to-IP address bindings stored in the CAM table.
多选题The Cisco AutoQoS feature is being used throughout the Company VOIP network. Which three statements about this feature are true?()AThe mls qos global configuration command must be entered before configuring AutoQoS.BCEF must be enabled.CThe no auto qos voip command is used to disable Cisco AutoQos and revoke all configurations generated by Cisco AutoQos.DCDP must be enabled.ESNMP must be enabled.
多选题You need to configure a new Company Catalyst 3560 switch for a VOIP-enabled office. Which three statements are true about the voice VLAN feature on this switch?()AThe default CoS value for incoming traffic is set up to 0.BThe CoS value is trusted for 802.1p or 802.1q tagged traffic.CPortFast is automatically disabled when a voice VLAN is configured.DThe voice VLAN feature is disabled by default.EThe IP phone accepts the priority of all tagged and untagged traffic and sets the CoS value to 4.FWhen the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of the port
多选题Which three statements are true about terms in a policy?()AThe order of the terms in a policy is irrelevantBThe action is specified in a then statementCTers are optional in a policyDThe match condition can be identified with a from statementEEvery policy must contain at least one term
多选题Which three statements about subqueries are true? ()AAsinglerowsubquerycanretrieveonlyonecolumnandonerow.BAsinglerowsubquerycanretrieveonlyonerowbutmanycolumns.CAmultiplerowsubquerycanretrievemultiplerowsandmultiplecolumns.DAmultiplerowsubquerycanbecomparedusingthe;;;operator.EAsinglerowsubquerycanusetheINoperator.FAmultiplerowsubquerycanusethe;=;operator.
单选题Which statement best describes what is depicted in the show command output?()A IGMP snooping is not active for VLAN 120 because the IGMP feature has not been enabled on the switch with the feature igmp command.B The IGMP snooping querier for VLAN 120 is not in a running state because the Loopback interface configured with 1.1.1.1/32 is currently in a down state.C IGMP snooping has been disabled on the VLAN 120 SVI.D IGMP snooping has been disabled for VLAN 120 in VLAN configuration mode.E IGMP snooping is not active for VLAN 120 because VLAN 120 does not exist in the VLAN database.
多选题Which three statements are true about the Internet Group Management Protocol (IGMP)? ()AThere are three IGMP modes: dense mode, sparse mode, and sparse - dense modeBIGMP is used to register individual hosts with a multicast groupCIGMP version 3 enables a multicast receiving host to specify to the router which sources it should forward traffic fromDIGMP messages a re IP datagrams with a protocol value of 2, destination address of 224.0.0.2, and a TTL value of 1EIGMP is a multicast routing protocol that makes packet - forwarding decisions independent of other routing protocols such as EIGRPFIGMP snooping ru ns on Layer 3 routers