多項(xiàng)選擇題

The DAI feature has been implemented in the Company switched LAN.
 Which three statements  are true about the dynamic ARP inspection (DAI) feature? ()

A. DAI can be performed on ingress ports only.
B. DAI can be performed on both ingress and egress ports.
C. DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports.  
D. DAI should be enabled on the root switch for particular VLANs only in order to secure the ARP  caches of hosts in the domain.
E. DAI should be configured on all access switch ports as untrusted and on all switch ports connected to other switches as trusted.
F. DAI is supported on access and trunk ports only.


您可能感興趣的試卷

你可能感興趣的試題

1.單項(xiàng)選擇題

pany has implemented 802.1X authentication as a security enhancement. 
Which statement is  true about 802.1x port-based authentication?()

A. TACACS+ is the only supported authentication server type.
B. If a host initiates the authentication process and does not receive a response, it assumes it is  not authorized.
C. RADIUS is the only supported authentication server type.
D. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
E. Hosts are required to havea 802.1x authentication client or utilize PPPoE.
F. None of the other alternatives apply.

2.單項(xiàng)選擇題

Refer to the exhibit. 
How will interface FastEthernnet0/1 respond when an 802.1x-enabled client  connects to the port?  ()

A. The switch will uniquely authorize the client by using the client MAC address.
B. The switch will cause the port to remain in the unauthorized state, ignoring all attempts by the  client to authenticate.
C. The switch port will disable 802.1x port-based authentication and cause the port to transition to  the authorized state without any further authentication exchange.
D. The switch port will enable 802.1x port-based authentication and begin relaying authentication  messages between the client and the authentication server.

3.單項(xiàng)選擇題

An attacker is launching a DoS attack on the Company network using a hacking tool designed to  exhaust the IP address space available from the DHCP servers for a period of time.
 Which  procedure would best defend against this type of attack? ()

A. Configure only trusted interfaces with root guard.
B. Implement private VLANs (PVLANs) to carry only user traffic.
C. Implement private VLANs (PVLANs) to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients.
F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
G. None of the other alternatives apply

4.單項(xiàng)選擇題

The Company is concerned about Layer 2 security threats. 
Which statement is true about these  threats? ()

A. MAC spoofing attacks allow an attacking device to receive frames intended for a different  network host.
B. Port scanners are the most effective defense against dynamic ARP inspection.
C. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable  attack points.
D. Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP  snooping attacks.
E. DHCP snooping sends unauthorized replies to DHCP queries.
F. ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
G. None of the other alternatives apply.

5.單項(xiàng)選擇題

Refer to the exhibit. Port security has been configured on the switch port Fa0/5. 
What would  happen if another device is connected to the port after the maximum number of devices has been  reached, even if one or more of the original MAC addresses are inactive?()

A. The port will permit the new MAC address because one or more of the original MAC addresses  are inactive.
B. The port will permit the new MAC address because one or more of the original MAC addresses  will age out.
C. Because the new MAC address is not configured on the port, the port will not permit the new  MAC address.
D. Although one or more of the original MAC addresses are inactive, the port will not permit the  new MAC address.

最新試題

During routine maintenance, G1/0/1 on DS1 was shutdown. All other interface were up. DS2 became the active HSRP device for Vlan101 as desired. However, after G1/0/1 on DS1 was reactivated. DS1 did not become the active HSRP device as desired. What need to be done to make the group for Vlan101 function properly ? ()

題型:?jiǎn)雾?xiàng)選擇題

If G1/0/1 on DS1 is shutdown, what will be the current priority value of the Vlan105’s group on DS1 ?()

題型:?jiǎn)雾?xiàng)選擇題

Which router redundancy protocol cannot be configured for interface tracking?()

題型:?jiǎn)雾?xiàng)選擇題

DS2 has not become the active device for Vlan103’s HSRP group even though all interfaces are active. As related to Vlan103’s HSRP group. What can be done to make the group function properly ? ()

題型:?jiǎn)雾?xiàng)選擇題

What two things will occur when an edge port receives a BPDU?()

題型:多項(xiàng)選擇題

Which two statements about the various implementations of STP are true?()

題型:多項(xiàng)選擇題

Refer to the exhibit. STP has been implemented in the network. Switch SW_A is the root switch for the default VLAN. To reduce the broadcast domain, the network administrator decides to split users on the network into VLAN 2 and VLAN 10. The administrator issues the command spanning-tree vlan 2 root primary on switch SW_A. What will happen as a result of this change?()

題型:?jiǎn)雾?xiàng)選擇題

Which statement is correct about RSTP port roles?()

題型:?jiǎn)雾?xiàng)選擇題

What is the configured priority value of the Vlan105’s group on DS2 ?()

題型:?jiǎn)雾?xiàng)選擇題

How are STP timers and state transitions affected when a topology change occurs in an STP environment?()

題型:?jiǎn)雾?xiàng)選擇題