An attacker is launching a DoS attack on the Company network using a hacking tool designed to exhaust the IP address space available from the DHCP servers for a period of time.
Which procedure would best defend against this type of attack? ()
A. Configure only trusted interfaces with root guard.
B. Implement private VLANs (PVLANs) to carry only user traffic.
C. Implement private VLANs (PVLANs) to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients.
F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
G. None of the other alternatives apply
您可能感興趣的試卷
你可能感興趣的試題
The Company is concerned about Layer 2 security threats.
Which statement is true about these threats? ()
A. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
B. Port scanners are the most effective defense against dynamic ARP inspection.
C. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.
D. Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.
E. DHCP snooping sends unauthorized replies to DHCP queries.
F. ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
G. None of the other alternatives apply.
Refer to the exhibit. Port security has been configured on the switch port Fa0/5.
What would happen if another device is connected to the port after the maximum number of devices has been reached, even if one or more of the original MAC addresses are inactive?()
A. The port will permit the new MAC address because one or more of the original MAC addresses are inactive.
B. The port will permit the new MAC address because one or more of the original MAC addresses will age out.
C. Because the new MAC address is not configured on the port, the port will not permit the new MAC address.
D. Although one or more of the original MAC addresses are inactive, the port will not permit the new MAC address.
Refer to the exhibit.
What is the problem with this configuration?()
A. Spanning tree PortFast cannot be configured on a port where a voice VLAN is configured.
B. Sticky secure MAC addresses cannot be used on a port when a voice VLAN is configured.
C. Spanning tree PortFast cannot be configured on a port when a sticky secure MAC address is used.
D. The switch port must be configured as a trunk.
You need to configure port security on switch R1.
Which two statements are true about this technology? ()
A. Port security can be configured for ports supporting VoIP.
B. With port security configured, four MAC addresses are allowed by default.
C. The network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.
D. Withsecurity configured, only one MAC addresses is allowed by default.
E. Port security cannot be configured for ports supporting VoIP.
Refer to the exhibit. Based on the running configuration that is shown for interface FastEthernet0/2,
what two conclusions can be deduced?()
A. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthernet0/2 into error disabled state.
B. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds of inactivity.
C. The sticky secure MAC addresses are treated as static secure MAC addresses after the running configuration is saved to the startup configuration and the switch is restarted.
D. Interface FastEthernet0/2 is a voice VLAN port.
E. The host with address 0000.0000.000b is removed from the secure address list after 300 seconds.
最新試題
If G1/0/1 on DS1 is shutdown, what will be the current priority value of the Vlan105’s group on DS1 ?()
Refer to the exhibit. Switch 15 is configured as the root switch for VLAN 10 but not for VLAN 20. If the STP configuration is correct, what will be true about Switch 15?()
Based on the show spanning-tree vlan 200 output shown in the exhibit, which two statements about the STP process for VLAN 200 are true? ()
Refer to the exhibit. The command switchport mode access is issued on interface FastEthernet0/13 on switch CAT1. What will be the result?()
Which two statements about the various implementations of STP are true?()
DS2 has not become the active device for Vlan103’s HSRP group even though all interfaces are active. As related to Vlan103’s HSRP group. What can be done to make the group function properly ? ()
Refer to the exhibit. For what purpose is the command show ip cef used?()
What must be the same to make multiple switches part of the same Multiple Spanning Tree (MST)?()
Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences. Based on the exhibit, which two statements are true?()
Which three statements are true of the Link Aggregation Control Protocol (LACP)?()