This post is about answer for CCNA Security Chapter 6 Test. The questions displayed in this post are based on CCNAS v1.1. All the answers has been confirmed to be 100% correct. With this solution, hopefully it will be a good reference for all of us.
As a recommended practice for Layer 2 security, how should VLAN 1 be treated?
All access ports should be assigned to VLAN 1.
All trunk ports should be assigned to VLAN 1.
VLAN 1 should be used for management traffic.
VLAN 1 should not be used.
With IP voice systems on data networks, which two types of attacks target VoIP specifically? (Choose two.)
CoWPAtty
Kismet
SPIT
virus
vishing
Which option best describes a MAC address spoofing attack?
An attacker gains access to another host and masquerades as the rightful user of that device.
An attacker alters the MAC address of his host to match another known MAC address of a target host.
An attacker alters the MAC address of the switch to gain access to the network device from a rogue host device.
An attacker floods the MAC address table of a switch so that the switch can no longer filter network access based on MAC addresses.
Which attack relies on the default automatic trunking configuration on most Cisco switches?
LAN storm attack
VLAN hopping attack
STP manipulation attack
MAC address spoofing attack
Which two measures are recommended to mitigate VLAN hopping attacks? (Choose two.)
Use a dedicated native VLAN for all trunk ports.
Place all unused ports in a separate guest VLAN.
Disable trunk negotiation on all ports connecting to workstations.
Enable DTP on all trunk ports.
Ensure that the native VLAN is used for management traffic.
Which three are SAN transport technologies? (Choose three.)
Fibre Channel
SATA
iSCSI
IP PBX
FCIP
IDE
Refer to the exhibit. What action will the switch take when the maximum number of secure MAC addresses has reached the allowed limit on the Fa0/2 port?
Packets with unknown source addresses are dropped, but notification of the dropped packets is sent.
The VLAN that Fa0/2 is on is set to error-disabled and all traffic on the VLAN is stopped.
The interface immediately becomes error-disabled and the port LED is turned off.
Packets with unknown source addresses are dropped without notification.
Which software tool can a hacker use to flood the MAC address table of a switch?
macof
Cisco CCP
kiwi syslog server
protocol analyzer
Which two methods are used to mitigate VLAN attacks? (Choose two.)
enabling port security on all trunk ports
using a dummy VLAN for the native VLAN
implementing BPDU guard on all access ports
disabling DTP autonegotiation on all trunk ports
using ISL instead of 802.1q encapsulation on all trunk interfaces
Which three switch security commands are required to enable port security on a port so that it will dynamically learn a single MAC address and disable the port if a host with any other MAC address is connected? (Choose three.)
switchport mode access
switchport mode trunk
switchport port-security
switchport port-security maximum 2
switchport port-security mac-address sticky
switchport port-security mac-address mac-address
What is an example of a trusted path in an operating system?
digital certificate
digital signature
hash message authentication
Ctrl-Alt-Delete key sequence
Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices?
These devices are not managed by the corporate IT department.
These devices are more varied in type and are portable.
These devices connect to the corporate network through public wireless networks.
These devices pose no risk to security as they are not directly connected to the corporate network.
Which Cisco IronPort appliance would an organization install to manage and monitor security policy settings and audit information?
C-Series
M-Series
S-Series
SenderBase-Series
Which Cisco IronPort appliance would an organization install to protect against malware?
C-Series
M-Series
S-Series
SenderBase-Series
What is the goal of the Cisco NAC framework and the Cisco NAC appliance?
to ensure that only hosts that are authenticated and have had their security posture examined and approved are permitted onto the network
to monitor data from the company to the ISP in order to build a real-time database of current spam threats from both internal and external sources
to provide anti-malware scanning at the network perimeter for both authenticated and non-authenticated devices
to provide protection against a wide variety of web-based threats, including adware, phishing attacks, Trojan horses, and worms
When the Cisco NAC appliance evaluates an incoming connection from a remote device against the defined network policies, what feature is being used?
authentication and authorization
posture assessment
quarantining of noncompliant systems
remediation of noncompliant systems
Which command is used to configure the PVLAN Edge feature?
switchport block
switchport nonnegotiate
switchport protected
switchport port-security violation protect
Which statement is true about a characteristic of the PVLAN Edge feature on a Cisco switch?
All data traffic that passes between protected ports must be forwarded through a Layer 2 device.
All data traffic that passes between protected ports must be forwarded through a Layer 3 device.
Only broadcast traffic is forwarded between protected ports.
Only unicast traffic is forwarded between protected ports.
What is the default configuration of the PVLAN Edge feature on a Cisco switch?
All active ports are defined as protected.
All ports are defined as protected.
No ports are defined as protected.
EtherChannel groups are defined as protected ports.
Under which circumstance is it safe to connect to an open wireless network?
The connection utilizes the 802.11n standard.
The device has been updated with the latest virus protection software.
The connection is followed by a VPN connection to a trusted network.
The user does not plan on accessing the corporate network when attached to the open wireless network.
As stated earlier, all this answers has been verified to be 100% correct. If you found any wrong answers provided, please leave comment below. We do appreciate all the corrections that you made. If you want to contribute for new question or any latest version of chapter test and exam question, please let me know. We do appreciate it too.
Credit: The answer in this chapter test has been provided by Xase. All credit goes to him.
CCNA Security Chapter 6 V1.2
[by Jaime]
How does a switch interface that uses sticky port security handle MAC addresses?
They are configured dynamically and are saved in the running configuration.
They are configured dynamically and are not saved in the running configuration.
They are configured manually and are not saved in the running configuration.
The addresses are configured manually and are saved in the running configuration.
Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown?
The connection between S1 and PC1 is via a crossover cable.
The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface.
S1 has been configured with a switchport port-security aging command.
The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.
[by Luis]
Which action best describes a MAC address spoofing attack?
bombarding a switch with fake source MAC addresses
flooding the LAN with excessive traffic
forcing the election of a rogue root bridge
altering the MAC address of an attacking host to match that of a legitimate host
Which mitigation technique can help prevent MAC table overflow attacks?
storm control
switchport security
BPDU guard
root guard
Which type of frame is spoofed in STP manipulation attacks?
BPDU
ISL
DTP
802.1q
Which attack allows the attacker to see all frames on a broadcast network by causing a switch to flood all incoming traffic?
MAC table overflow
VLAN hopping
802.1q double tagging
LAN storm
STP manipulation
Where is the port security configuration most effective in a multi-layer switched network environment?
on core layer switches
on perimeter layer switches
on access layer switches
on distribution layer switches
What happens when the MAC address notification feature is enabled on a switch?
A port violation occurs when a MAC address outside of the range of allowed addresses transmits traffic over a secure port.
An STP multicast notification packet is forwarded to all switches any time a change in the network topology is detected.
An SNMP trap is sent to the network management system whenever a new MAC address is added to or an old address is deleted from the forwarding tables.
An SDEE alert is generated, and the switch resets the interface when an invalid MAC address is detected.
Which statement describes a MAC address table overflow attack?
Frames flood the LAN, creating excessive traffic and degrading network performance.
A software tool floods a switch with frames containing randomly generated source and destination MAC and IP addresses
An attacker alters the MAC address in a frame to match the address of a target host.
The attacking host broadcasts STP configuration and topology change BPDUs to force spanning-tree recalculations.
If a switch is configured with the storm-control command and the action shutdown and action trap parameters, which two actions does the switch take when a storm occurs on a port? (Choose two.)
An SNMP log message is sent.
he port is placed in a blocking state.
The switch is rebooted.
The switch forwards control traffic only.
The port is disabled.
When configuring a switch port for port security, what is the default violation mode?
restrict
reset
shutdown
protect
Refer to the exhibit. Which two statements are correct regarding the configuration on switch S1? (Choose two.)
Port Fa0/5 storm control for multicasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.
Port Fa0/6 storm control for multicasts and broadcasts will be activated if traffic exceeds 2,000,000 packets per second.
Port Fa0/6 storm control for multicasts will be activated if traffic exceeds 2,000,000 packets per second.
Port Fa0/5 storm control for broadcasts and multicasts will be activated if traffic exceeds 80.1 percent of 2,000,000 packets per second.
Port Fa0/5 storm control for broadcasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.
What functionality is provided by Cisco SPAN in a switched network?
It protects the switched network from receiving BPDUs on ports that should not be receiving them.
It copies traffic that passes through a switch interface and sends the data directly to a syslog or SNMP server for analysis.
It mitigates MAC address overflow attacks.
It prevents traffic on a LAN from being disrupted by a broadcast storm.
It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards.
It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis
Refer to the exhibit. Based on the output generated by the show monitor session 1command, how will SPAN operate on the switch?
Native VLAN traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1.
All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.
All traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1.
Native VLAN traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.
Which technology is used to protect the switched infrastructure from problems caused by receiving BPDUs on ports that should not be receiving them?
Loop guard
RSPAN
PortFast
BPDU guard
Root guard
Which Cisco endpoint security product helps maintain network stability by providing posture assessment, quarantining of noncompliant systems, and remediation of noncompliant systems?
Cisco Access Control Server
Cisco Intrusion Prevention System router
Cisco Security Agent Workstation
Cisco Network Admission Control appliance
[by Anon]
An administrator assigned a level of router access to the user ADMIN using the commands below.
Router(config)# privilege exec level 14 show ip route
Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10
Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10
Which two actions are permitted to the user ADMIN? (Choose two.)
The user can only execute the subcommands under the show ip route command.
The user can issue the show version command.
The user can issue the ip route command.
The user can issue all commands because this privilege level can execute all Cisco IOS commands.
The user can execute all subcommands under the show ip interfaces command.
Millones de gracias!. Me has salvado de un gran aprieto. La mejor pagina de TODAS!.
me salvaste la vida jajaja gracias
great work! somebody have the Hands-on skill exam/skill exam? thanks!! just email me att [email protected]
Reply ↓
Which Cisco IronPort appliance would an organization install to protect against malware??
S-series
Thank you so much!!!!!
From v1.2:
How does a switch interface that uses sticky port security handle MAC addresses?
– *They are configured dynamically and are saved in the running configuration.*
– They are configured dynamically and are not saved in the running configuration.
– They are configured manually and are not saved in the running configuration.
– The addresses are configured manually and are saved in the running configuration.
Hi jamie,
Thanks for sharing some answers of V1.2 here.
Can you please share all the answers as i am having exam tomorrow morning. That help will be very much appreciated.
Thanks.
From v1.2
Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown?
– The connection between S1 and PC1 is via a crossover cable.
– The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface.
– S1 has been configured with a switchport port-security aging command.
– *The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.*
Thank you Jaime for both questions
Which action best describes a MAC address spoofing attack?
bombarding a switch with fake source MAC addresses
flooding the LAN with excessive traffic
forcing the election of a rogue root bridge
***altering the MAC address of an attacking host to match that of a legitimate host ***
Which mitigation technique can help prevent MAC table overflow attacks?
storm control
***switchport security***
BPDU guard
root guard
Which type of frame is spoofed in STP manipulation attacks?
***BPDU***
ISL
DTP
802.1q
Which attack allows the attacker to see all frames on a broadcast network by causing a switch to flood all incoming traffic?
***MAC table overflow***
VLAN hopping
802.1q double tagging
LAN storm
STP manipulation
Where is the port security configuration most effective in a multi-layer switched network environment?
on core layer switches
on perimeter layer switches
***on access layer switches***
on distribution layer switches
What happens when the MAC address notification feature is enabled on a switch?
A port violation occurs when a MAC address outside of the range of allowed addresses transmits traffic over a secure port.
An STP multicast notification packet is forwarded to all switches any time a change in the network topology is detected.
***An SNMP trap is sent to the network management system whenever a new MAC address is added to or an old address is deleted from the forwarding tables.***
An SDEE alert is generated, and the switch resets the interface when an invalid MAC address is detected.
Which statement describes a MAC address table overflow attack?
Frames flood the LAN, creating excessive traffic and degrading network performance.
***A software tool floods a switch with frames containing randomly generated source and destination MAC and IP addresses***
An attacker alters the MAC address in a frame to match the address of a target host.
The attacking host broadcasts STP configuration and topology change BPDUs to force spanning-tree recalculations.
If a switch is configured with the storm-control command and the action shutdown and action trap parameters, which two actions does the switch take when a storm occurs on a port? (Choose two.)
***An SNMP log message is sent.***
he port is placed in a blocking state.
The switch is rebooted.
The switch forwards control traffic only.
***The port is disabled.***
When configuring a switch port for port security, what is the default violation mode?
restrict
reset
***shutdown***
protect
Which software tool can a hacker use to flood the MAC address table of a switch?
kiwi syslog server
protocol analyzer
Cisco CCP
***Macof***
How does a switch interface that uses sticky port security handle MAC addresses?
***They are configured dynamically and are saved in the running configuration.***
They are configured manually and are not saved in the running configuration.
They are configured dynamically and are not saved in the running configuration.
The addresses are configured manually and are saved in the running configuration.
Refer to the exhibit. Which two statements are correct regarding the configuration on switch S1? (Choose two.)
Port Fa0/5 storm control for multicasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.
Port Fa0/6 storm control for multicasts and broadcasts will be activated if traffic exceeds
2,000,000 packets per second.
***Port Fa0/6 storm control for multicasts will be activated if traffic exceeds 2,000,000 packets per second.***
Port Fa0/5 storm control for broadcasts and multicasts will be activated if traffic exceeds 80.1 percent of 2,000,000 packets per second.
***Port Fa0/5 storm control for broadcasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.***
What functionality is provided by Cisco SPAN in a switched network?
It protects the switched network from receiving BPDUs on ports that should not be receiving them.
It copies traffic that passes through a switch interface and sends the data directly to a syslog or SNMP server for analysis.
It mitigates MAC address overflow attacks.
It prevents traffic on a LAN from being disrupted by a broadcast storm.
It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards.
***It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis***
Why are traditional network security perimeters not suitable for the latest consumer-based network endpoint devices?
These devices connect to the corporate network through public wireless networks.
***These devices are more varied in type and are portable.***
These devices are not managed by the corporate IT department.
These devices pose no risk to security as they are not directly connected to the corporate network.
Refer to the exhibit. Based on the output generated by the show monitor session 1command, how will SPAN operate on the switch?
Native VLAN traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1.
***All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.***
All traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1.
Native VLAN traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.
Which technology is used to protect the switched infrastructure from problems caused by receiving BPDUs on ports that should not be receiving them?
Loop guard
RSPAN
PortFast
*** BPDU guard***
Root guard
Which attack relies on the default automatic trunking configuration on most Cisco switches?
***VLAN hopping attack***
STP manipulation attack
LAN storm attack
MAC address spoofing attack
Which Cisco endpoint security product helps maintain network stability by providing posture assessment, quarantining of noncompliant systems, and remediation of noncompliant systems?
Cisco Access Control Server
Cisco Intrusion Prevention System router
Cisco Security Agent Workstation
***Cisco Network Admission Control appliance****
Thank you Luis. We have updated your questions and answers.
An administrator assigned a level of router access to the user ADMIN using the commands below.
Router(config)# privilege exec level 14 show ip route
Router(config)# enable algorithm-type scrypt secret level 14 cisco-level-10
Router(config)# username ADMIN privilege 14 algorithm-type scrypt secret cisco-level-10
Which two actions are permitted to the user ADMIN? (Choose two.)
The user can only execute the subcommands under the show ip route command.
The user can issue the show version command.
The user can issue the ip route command.
The user can issue all commands because this privilege level can execute all Cisco IOS commands.
The user can execute all subcommands under the show ip interfaces command.
Thank you. Question updated. Let us know if u have correct answer
Refer to the exhibit. Which two statements are correct regarding the configuration on switch S1? (Choose two.)
Port Fa0/6 storm control for multicasts and broadcasts will be activated if traffic exceeds 2,000,000 packets per second.
Port Fa0/5 storm control for multicasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.
**Port Fa0/6 storm control for multicasts will be activated if traffic exceeds 2,000,000 packets per second.**
**Port Fa0/5 storm control for broadcasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.**
Port Fa0/5 storm control for broadcasts and multicasts will be activated if traffic exceeds 80.1 percent of 2,000,000 packets per second.
Hi. For latest question and answers, please refer to Chapter 6 V2.0