CCNA 2 R&S Essentials Chapter 2 QUIZ
1 What is the first action in the boot sequence when a switch is powered on?
load the default Cisco IOS software
load boot loader software
low-level CPU initialization
load a power-on self-test program *
2 A network administrator plugs a new PC into a switch port. The LED for that port changes to solid green. What statement best describes the current status of the port?
There is a duplex mismatch error.
There is a link fault error. This port is unable to forward frames.
The port is operational and ready to transmit packets. *
This port has been disabled by management and is unable to forward frames.
The flash memory is busy.
3 Which configuration must be in place for the auto-MDIX feature to function on a switch interface?
The interface must be in access mode.
The interface must be assigned to VLAN 1.
The speed and duplex of the interface must be configured for auto detect. *
The interface must be manually configured for full-duplex mode.
4 Fill in the blank.
In an Ethernet network, frames smaller than 64 bytes are called “_______”.
5 A network technician wants to implement SSH as the means by which a router may be managed remotely. What are two procedures that the technician should use to successfully complete this task? (Choose two.)
Configure the login banner.
Configure authentication. *
Define the asymmetrical keys. *
Configure the console password.
Enter the service password-encryption command.
6 Fill in the blank.
The initialism “_________” refers to a protocol that provides an encrypted connection. The protocol replaces the clear text Telnet protocol for Cisco device management.
7 How can DHCP packets be used to threaten a switched LAN?
A rogue DHCP packet that contains a virus is accepted by a host.
Numerous DHCP requests are sent to the DHCP server from spoofed hosts, causing the DHCP address pool to become depleted.*
ICMP ping packets are disguised as legitimate DHCP packets. These packets are numerous and deny bandwidth to critical network infrastructure devices.
A DHCP request packet is disguised as a Telnet or SSH packet. While the device is denying access to the SSH or Telnet port, a rogue device posing as a DHCP server sends fake DHCP response packets.
8 A network administrator has configured VLAN 99 as the management VLAN and has configured it with an IP address and subnet mask. The administrator issues the show interface vlan 99 command and notices that the line protocol is down. Which action can change the state of the line protocol to up?
Connect a host to an interface associated with VLAN 99. *
Configure a default gateway.
Remove all access ports from VLAN 99.
Configure a transport input method on the vty lines.
9 What would be an ideal environment to carry out penetration tests?
on the production network during nonpeak times
under controlled conditions during business hours on the production network
on an off-line test bed network that mimics the actual production network *
on a network environment simulated by software
10 What are two ways to make a switch less vulnerable to attacks like MAC address flooding, CDP attacks, and Telnet attacks? (Choose two.)
Enable CDP on the switch.
Change passwords regularly. *
Turn off unnecessary services. *
Enable the HTTP server on the switch.
Use the enable password rather than the enable secret password.
11 What is the result of issuing the no switchport port-security mac-address sticky command on an interface with port security configured?
The sticky secure MAC addresses are removed from the address table and from the running configuration.
The sticky secure MAC addresses remain part of the address table but are removed from the running configuration.*
The static secure MAC addresses are removed from the address table and from the running configuration.
The static secure MAC addresses remain part of the address table but are removed from the running configuration.
12 An attacker has bypassed physical security and was able to connect a laptop to a Ethernet interface on a switch. If all the switch ports are configured with port security and the violation mode is set to factory-default, which action is taken against the attacker?
Packets with unknown source addresses are dropped and there is no notification that a security violation has occurred.
Packets with unknown source addresses are dropped and there is a notification that a security violation has occurred.
Packets with unknown source addresses are dropped and the interface becomes error-disabled and turns off the port LED.*
Packets with unknown source addresses are forwarded and there is a notification to the syslog server.