Answer CCNA Security Chapter 6 Test – CCNAS v2.0

Question 1 Chapter 6 Test v2.0

In this post, i will share the answer for CCNA Security Chapter 6 Test v2.0. This version 2.0 is the latest CCNAS version as of today. Hopefully it will help you guys to review and get ready for your chapter test. Do comment if you have new CCNAS question for this chapter or if you found any correction. CCNAS Chapter 6 Test as below

Question 1 Chapter 6 Test v2.0

  1. Refer to the exhibit. The Fa0/2 interface on switch S1 has been configured with the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 interface is shutdown?

The connection between S1 and PC1 is via a crossover cable.

The Fa0/24 interface of S1 is configured with the same MAC address as the Fa0/2 interface.

S1 has been configured with a switchport port-security aging command.

The MAC address of PC1 that connects to the Fa0/2 interface is not the configured MAC address.

 

  1. Two devices that are connected to the same switch need to be totally isolated from one another. Which Cisco switch security feature will provide this isolation?

PVLAN Edge

DTP

SPAN

BPDU guard

 

  1. Which two functions are provided by Network Admission Control? (Choose two.)

protecting a switch from MAC address table overflow attacks

enforcing network security policy for hosts that connect to the network

ensuring that only authenticated hosts can access the network

stopping excessive broadcasts from disrupting network traffic

limiting the number of MAC addresses that can be learned on a single switch port

 

  1. Which spanning-tree enhancement prevents the spanning-tree topology from changing by blocking a port that receives a superior BPDU?

BDPU filter

PortFast

BPDU guard

root guard

 

  1. Which security feature should be enabled in order to prevent an attacker from overflowing the MAC address table of a switch?

root guard

port security

storm control

BPDU filter

 

  1. In what situation would a network administrator most likely implement root guard?

on all switch ports (used or unused)

on all switch ports that connect to a Layer 3 device

on all switch ports that connect to host devices

on all switch ports that connect to another switch

on all switch ports that connect to another switch that is not the root bridge

 

  1. What component of Cisco NAC is responsible for performing deep inspection of device security profiles?

Cisco NAC Profiler

Cisco NAC Agent

Cisco NAC Manager

Cisco NAC Server

 

  1. What is the role of the Cisco NAC Manager in implementing a secure networking infrastructure?

to define role-based user access and endpoint security policies

to assess and enforce security policy compliance in the NAC environment

to perform deep inspection of device security profiles

to provide post-connection monitoring of all endpoint devices

 

  1. What is the role of the Cisco NAC Server within the Cisco Secure Borderless Network Architecture?

providing the ability for company employees to create guest accounts

providing post-connection monitoring of all endpoint devices

defining role-based user access and endpoint security policies

assessing and enforcing security policy compliance in the NAC environment

 

  1. What is the role of the Cisco NAC Guest Server within the Cisco Borderless Network architecture?

It defines role-based user access and endpoint security policies.

It provides the ability for creation and reporting of guest accounts.

It provides post-connection monitoring of all endpoint devices.

It performs deep inspection of device security profiles.

 

  1. Which three functions are provided under Cisco NAC framework solution? (Choose three.)

VPN connection

AAA services

intrusion prevention

scanning for policy compliance

secure connection to servers

remediation for noncompliant devices

 

  1. Which feature is part of the Antimalware Protection security solution?

file retrospection

user authentication and authorization

data loss prevention

spam blocking

 

  1. What security countermeasure is effective for preventing CAM table overflow attacks?

DHCP snooping

Dynamic ARP Inspection

IP source guard

port security

 

  1. What is the behavior of a switch as a result of a successful CAM table attack?

The switch will forward all received frames to all other ports.

The switch will drop all received frames.

The switch interfaces will transition to the error-disabled state.

The switch will shut down.

 

  1. What additional security measure must be enabled along with IP Source Guard to protect against address spoofing?

port security

BPDU Guard

root guard

DHCP snooping

 

  1. What are three techniques for mitigating VLAN hopping attacks? (Choose three.)

Set the native VLAN to an unused VLAN.

Disable DTP.

Enable Source Guard.

Enable trunking manually.

Enable BPDU guard.

Use private VLANs.

 

  1. What two mechanisms are used by Dynamic ARP inspection to validate ARP packets for IP addresses that are dynamically assigned or IP addresses that are static? (Choose two.)

MAC-address-to-IP-address bindings

RARP

ARP ACLs

IP ACLs

Source Guard

 

  1. What protocol should be disabled to help mitigate VLAN hopping attacks?

STP

ARP

CDP

DTP

 

  1. What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?

DHCP spoofing

CAM table attack

IP address spoofing

DHCP starvation

 

  1. What is the only type of port that an isolated port can forward traffic to on a private VLAN?

a community port

a promiscuous port

another isolated port

any access port in the same PVLAN

 

  1. Which STP stability mechanism is used to prevent a rogue switch from becoming the root switch?

Source Guard

BPDU guard

root guard

loop guard

 

  1. How can a user connect to the Cisco Cloud Web Security service directly?

through the connector that is integrated into any Layer 2 Cisco switch

by using a proxy autoconfiguration file in the end device

by accessing a Cisco CWS server before visiting the destination web site

by establishing a VPN connection with the Cisco CWS

 

  1. What security benefit is gained from enabling BPDU guard on PortFast enabled interfaces?

enforcing the placement of root bridges

preventing buffer overflow attacks

preventing rogue switches from being added to the network

protecting against Layer 2 loops

 

  1. DHCP _____ is a mitigation technique to prevent rogue DHCP servers from providing false IP configuration parameters.

snooping

 

  1. Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?

DTP spoofing

DHCP spoofing

VLAN double-tagging

DHCP starvation

 

  1. Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients?

turning on DHCP snooping 

disabling CDP on edge ports

implementing port-security on edge ports

implementing port security

Sharing is Caring

8 thoughts on “Answer CCNA Security Chapter 6 Test – CCNAS v2.0”

  1. Which type of VLAN-hopping attack may be prevented by designating an unused VLAN as the native VLAN?

    DTP spoofing
    DHCP spoofing
    VLAN double-tagging
    DHCP starvation

  2. Which feature is part of the Antimalware Protection security solution?​

    user authentication and authorization

    spam blocking

    data loss prevention

    file retrospection

  3. new problem that does not exist here, might be added

    Which mitigation technique would prevent rogue servers from providing false IP configuration parameters to clients?

    turning on DHCP snooping *

    disabling CDP on edge ports

    implementing port-security on edge ports

    implementing port security

Leave a Reply

Your email address will not be published. Required fields are marked *