Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Chapter10Exam
Due Noduedate Points 20 Questions 20 TimeLimit 60Minutes AllowedAttempts 3
TaketheQuizAgain
AemptHistory
Attempt Time Score
Correctanswersarehidden.
Scoreforthisattempt:19outof20
SubmittedMay1at9:29am
Thisattempttook27minutes.
Question1 1/1pts
Whichstatementdescribesthepurposeoftheconfigurationthatisshown?
Switch(config)#ipdhcpsnooping
Switch(config)#ipdhcpsnoopingvlan3
Switch(configif)#ipdhcpsnoopingtrust
Switch(configif)#ipdhcpsnoopinglimitrate30
ItismeanttodisableanyhostthatisconfiguredtobeinVLAN3.
ItismeanttodisableanyrogueDHCPserversthatareattachedtoVLAN3.
ItismeanttomonitorVLAN3forDHCPattacksthatwilldepletetheDHCPpool.
ItismeanttomonitorVLAN3anddisableanyhoststhatareusingstaticIPaddressesratherthan
DHCPaddresses.
Refertocurriculumtopic:6.4.2
Question2 1/1pts
WhatIOSfeatureisexecutedwiththetraceroutemaccommand?
Layer2traceroute
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 1/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
MACportsecurity
EmbeddedEventManager
SwitchedPortAnalyzer
Refertocurriculumtopic:6.6.2
Question3 1/1pts
WhichcountermeasurecanbeimplementedtodeterminethevalidityofanARPpacket,basedonthevalid
MACaddresstoIPaddressbindingsstoredinaDHCPsnoopingdatabase?
DHCPspoofing
dynamicARPinspection
CAMtableinspection
MACsnooping
Refertocurriculumtopic:6.4.1
Question4 1/1pts
AnetworkadministratoristaskedwithprotectingaserverfarmbyimplementingprivateVLANs.Eachserver
shouldonlybeallowedtocommunicatewiththedefaultgateway.WhichtypeofpVLANshouldbeconfigured
ontheswitchportthatconnectstoaserver?
isolated
promiscuous
community
secondaryVLAN
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 2/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
Refertocurriculumtopic:2.2.5
Question5 1/1pts
WhatcanbeusedtomitigateMACtablefloodingattacks?
DHCPsnooping
privateVLANs
portsecurity
rootguard
Refertocurriculumtopic:6.1.2
Question6 1/1pts
HowdoesMACaddressfloodingcauseavulnerabilityinthenetwork?
TheCAMtablewillbefull,causinglegitimateframestobeforwardedoutallportswithintheVLAN
andallowingunauthorizeduserstocapturedata.
AnattackingdevicecansendorreceivepacketsonvariousVLANsandbypassLayer3security
measures.
AnattackingdevicecanexhausttheaddressspaceavailabletotheDHCPserversforaperiodof
timeorestablishitselfasaDHCPserverinmaninthemiddleattacks.
InformationthatissentthroughCDPistransmittedincleartextandisunauthenticated,allowingit
tobecapturedandtodivulgenetworktopologyinformation.
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 3/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
Refertocurriculumtopic:6.1.2
Incorrect Question7 0/1pts
Whichtypeofoutputwouldbeproducedonaswitchafterenteringthecommand,Switch#showipdhcp
snoopingbinding?
DHCPserversonthesnoopednetwork
DHCPclientsonallDHCPsnoopedswitchesonthenetwork
DHCPclientsthatareconnectedtoDHCPsnoopedportsontheswitch
allactiveprotocolsonallDHCPclientsthatareconnectedtoDHCPsnoopedportsontheswitch
Refertocurriculumtopic:6.4.2
Question8 1/1pts
WhataretwopurposesforanattackerlaunchingaMACtableflood?(Choosetwo.)
toinitiateamaninthemiddleattack
toinitiateadenialofservice(DoS)attack
tocapturedatafromthenetwork
togathernetworktopologyinformation
toexhausttheaddressspaceavailabletotheDHCP
Refertocurriculumtopic:6.1.2
Question9 1/1pts
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 4/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
HowdoesVLANhoppingcauseavulnerabilityinthenetwork?
TheCAMtablewillbefull,causinglegitimateframestobeforwardedoutallportsandallowing
unauthorizeduserstocapturedata.
AnattackingdevicecansendorreceivepacketsonvariousVLANsandbypassLayer3security
measures.
AnattackingdevicecanexhausttheaddressspaceavailabletotheDHCPserversforaperiodof
timeorestablishitselfasaDHCPserverinmaninthemiddleattacks.
InformationsentthroughCDPistransmittedincleartextandisunauthenticated,allowingittobe
capturedandtodivulgenetworktopologyinformation.
Refertocurriculumtopic:6.1.2
Question10 1/1pts
WhatswitchportportsecuritykeywordcausesMACaddressestobeaddedtotherunningconfiguration?
aging
macaddresssticky
maximum
violation
Refertocurriculumtopic:6.6.2
Question11 1/1pts
InwhichlocationorsituationisaprivateVLANappropriate?
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 5/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
aDMZsegment
ISPSOHOconnections
awebhostingenvironmentatanISP
tworecentlymergedcompaniesthathaveoverlappingIPaddressingschemes
Refertocurriculumtopic:2.5.1
Question12 1/1pts
AnetworkadministratoristaskedwithprotectingaserverfarmbyimplementingprivateVLANs(PVLANs).A
serverisonlyallowedtocommunicatewithitsdefaultgatewayandotherrelatedservers.Whichtypeof
PVLANshouldbeconfiguredontheswitchportsthatconnecttotheservers?
isolated
promiscuous
secondaryVLAN
community
Refertocurriculumtopic:2.5.1
Question13 1/1pts
WhichstatementbestdescribeshowtrafficishandledbetweendifferentporttypeswithinaprimarypVLAN?
ThetrafficisforwardedfrompromiscuousportstopromiscuousportsinthesameprimaryVLAN.
Thetrafficisforwardedfrompromiscuousportstocommunityandpromiscuousportsinthesame
primaryVLAN.
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 6/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
Thetrafficisforwardedfrompromiscuousportstoisolatedandcommunityportsinthesame
primaryVLAN.
Thetrafficisforwardedfrompromiscuousportstoisolated,community,andotherpromiscuous
portsinthesameprimaryVLAN.
Refertocurriculumtopic:2.2.5
Question14 1/1pts
Whatisonewaytomitigatespanningtreecompromises?
Staticallyconfiguretheprimaryandbackuprootbridge.
ImplementprivateVLANs.
PlaceallunusedportsintoacommonVLAN(notVLAN1).
ConfigureMACaddressVLANaccessmaps.
Refertocurriculumtopic:6.1.2
Question15 1/1pts
HowshouldunusedportsonaswitchbeconfiguredinordertopreventVLANhoppingattacks?
ConfigurethemwiththeUDLDfeature.
ConfigurethemwiththePAgPprotocol.
ConfigurethemastrunkportsforthenativeVLAN1.
ConfigurethemasaccessportsandassociatethemwithanunusedVLAN.
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 7/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
Refertocurriculumtopic:6.1.3
Question16 1/1pts
WhattechnologycanbeusedtohelpmitigateMACaddressfloodingattacks?
rootguard
PrivateVLANs
DHCPsnooping
VLANaccessmaps
DynamicARPInspection
Refertocurriculumtopic:6.2.2
Question17 1/1pts
WhichconfigurationguidelineappliestousingthecaptureoptioninVACL?
CaptureportstransmittrafficthatbelongstoallVLANs.
Thecaptureportcapturesallpacketsthatarereceivedontheport.
Theswitchhasarestrictiononthenumberofcaptureports.
ThecaptureportneedstobeinthespanningtreeforwardingstatefortheVLAN.
Refertocurriculumtopic:6.2.2
Question18 1/1pts
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 8/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
Allaccessportsonaswitchareconfiguredwiththeadministrativemodeofdynamicauto.Anattacker,
connectedtooneoftheports,sendsamaliciousDTPframe.Whatistheintentoftheattacker?
VLANhopping
DHCPspoofingattack
MACfloodingattack
ARPpoisoningattack
Refertocurriculumtopic:6.2.1
Question19 1/1pts
Refertotheexhibit.AftertheconfigurationhasbeenappliedtoACSw22,framesthatareboundforthenodeon
portFastEthernet0/1areperiodicallybeingdropped.Whatshouldbedonetocorrecttheissue?
Addtheswitchportportsecuritymacaddressstickycommandtotheinterfaceconfiguration.
Changetheportspeedtospeedautowiththeinterfaceconfigurationmode.
Usetheswitchportmodetrunkcommandintheinterfaceconfiguration.
Removetheswitchportcommandfromtheinterfaceconfiguration.
Refertocurriculumtopic:6.6.2
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 9/10
2/5/2017 Chapter10Exam:CCNPSWITCH2017
Question20 1/1pts
WhatisonewaytomitigateARPspoofing?
EnabledynamicARPinspection.
ConfigureMACaddressVLANaccessmaps.
Enablerootguard.
ImplementprivateVLANs.
Refertocurriculumtopic:6.1.2
QuizScore:19outof20
https://1375232.netacad.com/courses/490562/quizzes/4133330?module_item_id=33754010 10/10