Cisco CCNP SWITCH(642-813) Review Questions Set-8

by admin on June 26, 2011

This final version of Review questions on Cisco CCNP SWITCH (642-813), I am sure these questions gave you a boost to prepare actual exam. I am in search of valid 642-813 dumps although not in favor but many folks around ask me to help them out so I will post as soon as I get the authentic one. If you have any suggestion or contribute in any way please feel free to use our contact us section.

 

 

 

1. Which feature that is supported on Cisco Catalyst switches restricts a switch port to a specific set or number of MAC addresses?

  1. port security
  2. DHCP snooping
  3. PVLAN
  4. VACL

2. At which layer should port security be implemented?

  1. access
  2. distribution
  3. core
  4. all three layers

3. At which layer should packet manipulation usually be avoided?

  1. access
  2. distribution
  3. core
  4. none of the above

4. What best describes a MAC flooding attack?

  1. A device sends all its frames to the FF:FF:FF:FF:FF:FF address.
  2. A switch CAM becomes overloaded with too many MAC addresses.
  3. A device sends frames to too many destination MAC addresses.
  4. A device sends frames at a rate faster than the switch link speed.

5. What is the aim of the “sticky” option when used with port security?

  1. A learned MAC address must stick to one single port.
  2. A dynamically learned MAC address is considered like a statically learned MAC address.
  3. For a given MAC address with the sticky option, the port security feature applies to whichever port the MAC address connects to.
  4. A router on a stick can bypass the port security feature and use one MAC address per subinterface.

6. Which command enables 802.1X globally on a switch?

  1. Switch (config)# dot1x enable
  2. Switch (config)# switchport dot1x enable
  3. Switch (config)# aaa dot1x enable
  4. Switch (config)# dot1x system-auth-control

7. What is the role of the switch in a AAA architecture?

  1. authentication server
  2. supplicant
  3. authenticator
  4. RADIUS entry point

8. What is one best practice for mitigating VLAN hopping?

  1. Configure all unused ports as trunks.
  2. Shut down all unused ports.
  3. Set trunks to “negotiate” and not “on.”
  4. Set the interface speed to 10 Mb/s.

9. Which command should you use to begin VACL configuration?

  1. vlan access-list 100
  2. vlan access filter
  3. vlan map
  4. vlan access-map

10. What is the purpose of the VLAN hopping with double tagging attack?

  1. to attack a computer in a VLAN different from the attacker VLAN
  2. to overload the switch with multiple VLAN tags to force it to flood the frame
  3. to attack a computer on the native VLAN
  4. to attack a switch or router on a trunk while keeping the frame tagged

11. What would an attacker do to perform a switch spoofing attack?

  1. Send random ARP requests to the connected stations.
  2. Flush the switch CAM to force it to flood.
  3. Source all its frames with the address FF:FF:FF:FF:FF:FF.
  4. Mark its frames with ISL or 802.1Q.

12. Which are three ways to protect against spoofing attacks? (Choose three.)

  1. DHCP snooping
  2. port security
  3. Dynamic ARP Inspection
  4. IP HTTP secure server

13. Which is the purpose of DHCP snooping?

  1. to protect against rogue DHCP clients
  2. to protect against DHCP address reuse attacks
  3. to protect against rogue DHCP servers
  4. to protect against DHCP options malicious attacks

14. With DHCP snooping, which port is “trusted”?

  1. The port to the known DHCP server is always trusted.
  2. The port to the DHCP client is always trusted.
  3. No ports are trusted when DHCP snooping is enabled.
  4. Any port (to client and to server) can become trusted as soon as a DHCP transaction is secured.

15. What is the purpose of the ip arp inspection command?

  1. to complement DHCP snooping by verifying the ARP table
  2. to ensure that only one MAC address is associated with any given access port
  3. to start the secure ARP proxy service on a multilayer switch
  4. to statically define the IP address to MAC address pairs for key devices

16. Which step is required before SSH can be enabled on a switch?

  1. Telnet must be disabled.
  2. A domain name must be defined.
  3. An upgraded Cisco IOS version must be loaded.
  4. An SSH access list must be defined.

 

Answers Review Questions Set-8

1:  1

2:  1

3:  3

4:  2

5:  2

6:  4

7:  2

8:  4

9:  4

10: 1

11: 4

12: 1, 2, 3

13: 3

14: 4

15: 1

16: 2

Related posts:

  1. Cisco CCNP SWITCH(642-813) Review Questions Set-3
  2. Cisco CCNP SWITCH(642-813) Review Questions Set-4
  3. Cisco CCNP SWITCH(642-813) Review Questions Set-6
  4. Cisco CCNP SWITCH(642-813) Review Questions Set-1
  5. Cisco CCNP SWITCH(642-813) Review Questions Set-7

Tagged as: 642-813, CCNP, Cisco, SWITCH

Leave a Comment

Previous post:

Next post: