CCNA 4, Chapter 5 Exam
-
What is the behavior of a switch as a result of a successful CAM table attack?
-
The switch will forward all received frames to all other ports.
-
The switch will shut down.
-
The switch will drop all received frames.
-
The switch interfaces will transition to the error-disabled state.
-
This exam assesses knowledge on network security within the CCNA curriculum, focusing on CAM table attacks, DHCP spoofing, and 802.1X authentication.
.webp "CCNA 4, Chapter 5 Exam - Quiz")
Quiz Preview
- 2.
What network attack seeks to create a DoS for clients by preventing them from being able to obtain a DHCP lease?
-
DHCP starvation
-
DHCP spoofing
-
IP address spoofing
-
CAM table attack
Correct Answer
A. DHCP starvationExplanation
DHCP starvation is a network attack that aims to create a Denial of Service (DoS) for clients by preventing them from obtaining a DHCP lease. This attack floods the DHCP server with a large number of DHCP requests, depleting the available IP addresses in the DHCP pool. As a result, legitimate clients are unable to obtain an IP address and are effectively denied network access. This attack can disrupt network operations and cause inconvenience for users who rely on DHCP for IP address assignment.Rate this question:
-
- 3.
Refer to the exhibit. Which interface on switch S1 should be configured as a DHCP snooping trusted port to help mitigate DHCP spoofing attacks?
-
G0/23
-
G0/1
-
G0/24
-
G0/22
Correct Answer
A. G0/23Explanation
The correct answer is G0/23. DHCP snooping is a security feature that helps mitigate DHCP spoofing attacks by allowing the switch to inspect DHCP messages and verify the legitimacy of DHCP servers. Configuring G0/23 as a DHCP snooping trusted port means that the switch will trust DHCP messages received on this interface and not perform any security checks on them. This is important because G0/23 is connected to the DHCP server, and we want to ensure that legitimate DHCP messages from the server are not blocked or dropped.Rate this question:
-
- 4.
When using 802.1X authentication, what device controls physical access to the network, based on the authentication status of the client?
-
the switch that the client is connected to
-
the authentication server
-
the supplicant
-
the router that is serving as the default gateway
Correct Answer
A. the switch that the client is connected toExplanation
When using 802.1X authentication, the switch that the client is connected to controls physical access to the network based on the authentication status of the client. The switch acts as the intermediary between the client and the network, enforcing the authentication process. It determines whether to allow or deny network access based on the authentication status received from the client.Rate this question:
-
- 5.
What device is considered a supplicant during the 802.1X authentication process?
-
The client that is requesting authentication
-
The switch that is controlling network access
-
the authentication server that is performing client authentication
-
The router that is serving as the default gateway
Correct Answer
A. The client that is requesting authenticationExplanation
During the 802.1X authentication process, the device that is considered a supplicant is the client that is requesting authentication. The supplicant is the device that initiates the authentication process by sending its credentials to the authentication server. In this case, the client device is requesting authentication from the server in order to gain access to the network. The switch, authentication server, and router mentioned in the other options are not considered the supplicant in this context.Rate this question:
-
- 6.
What is a drawback of the local database method of securing device access that can be solved by using AAA with centralized servers?
-
There is no ability to provide accountability.
-
It is very susceptible to brute-force attacks because there is no username.
-
The passwords can only be stored in plain text in the running configuration.
-
User accounts must be configured locally on each device, which is an unscalable authentication solution.
Correct Answer
A. User accounts must be configured locally on each device, which is an unscalable authentication solution.Explanation
The drawback of the local database method of securing device access is that user accounts must be configured locally on each device, which is an unscalable authentication solution. This means that as the number of devices and users increases, it becomes increasingly difficult and time-consuming to manage and maintain user accounts on each individual device. By using AAA with centralized servers, user accounts can be managed and authenticated centrally, allowing for a more scalable and efficient authentication solution.Rate this question:
-
- 7.
Refer to the exhibit. PC1 and PC2 should be able to obtain IP address assignments from the DHCP server. How many ports among switches should be assigned as trusted ports as part of the DHCP snooping configuration?
-
1
-
3
-
5
-
7
Correct Answer
A. 7Explanation
In order for PC1 and PC2 to obtain IP address assignments from the DHCP server, all ports among switches should be assigned as trusted ports as part of the DHCP snooping configuration. This ensures that the DHCP messages between the clients and the server are not blocked or filtered, allowing for successful IP address assignments.Rate this question:
-
- 8.
What protocol is used to encapsulate the EAP data between the authenticator and authentication server performing 802.1X authentication?
-
RADIUS
-
TACACS+
-
SSH MD5
-
MD5
Correct Answer
A. RADIUSExplanation
RADIUS (Remote Authentication Dial-In User Service) is the correct answer. RADIUS is a protocol used to encapsulate the EAP (Extensible Authentication Protocol) data between the authenticator and authentication server during 802.1X authentication. It allows for centralized authentication, authorization, and accounting for network access. TACACS+ is another protocol used for similar purposes but is not specifically used for encapsulating EAP data in 802.1X authentication. SSH MD5 and MD5 are unrelated protocols and hashing algorithms respectively, and are not used for encapsulating EAP data.Rate this question:
-
- 9.
Which two protocols are used to provide server-based AAA authentication? (Choose two.)
-
SSH
-
TACACS+
-
RADIUS
-
802.1x
-
SNMP
Correct Answer(s)
A. TACACS+
A. RADIUSExplanation
TACACS+ and RADIUS are both protocols used to provide server-based AAA (Authentication, Authorization, and Accounting) authentication. TACACS+ (Terminal Access Controller Access Control System Plus) is a Cisco proprietary protocol that provides centralized authentication, authorization, and accounting services. RADIUS (Remote Authentication Dial-In User Service) is a widely used protocol that provides similar authentication and authorization services. Both protocols allow for centralized authentication and authorization, allowing organizations to manage user access and permissions from a central server.Rate this question:
-
- 10.
Which protocol defines port-based authentication to restrict unauthorized hosts from connecting to the LAN through publicly accessible switch ports?
-
802.1x
-
RADIUS
-
TACACS+
-
SSH
Correct Answer
A. 802.1xExplanation
802.1x is the correct answer because it is a protocol that provides port-based authentication, allowing network administrators to control access to the LAN by restricting unauthorized hosts from connecting through publicly accessible switch ports. It provides a way to authenticate and authorize devices before granting them access to the network, ensuring that only authenticated and authorized devices can connect. RADIUS, TACACS+, and SSH are not specifically designed for port-based authentication.Rate this question:
-
- 11.
What are three techniques for mitigating VLAN attacks? (Choose three.)
-
Disable DTP.
-
Enable trunking manually.
-
Set the native VLAN to an unused VLAN.
-
Enable BPDU guard.
-
Enable Source Guard.
-
Use private VLANs.
Correct Answer(s)
A. Disable DTP.
A. Enable trunking manually.
A. Set the native VLAN to an unused VLAN.Explanation
Three techniques for mitigating VLAN attacks are disabling DTP, enabling trunking manually, and setting the native VLAN to an unused VLAN. Disabling DTP prevents unauthorized devices from negotiating trunk links, reducing the risk of VLAN hopping attacks. Enabling trunking manually ensures that only authorized devices are allowed to establish trunk links. Setting the native VLAN to an unused VLAN prevents attackers from accessing the native VLAN and potentially gaining unauthorized access to other VLANs. These techniques help enhance the security and integrity of VLAN deployments.Rate this question:
-
- 12.
Which statement describes SNMP operation?
-
An NMS periodically polls the SNMP agents that are residing on managed devices by using traps to query the devices for data.​
-
A get request is used by the SNMP agent to query the device for data.​
-
An SNMP agent that resides on a managed device collects information about the device and stores that information remotely in the MIB that is located on the NMS.​
-
A set request is used by the NMS to change configuration variables in the agent device.
Correct Answer
A. A set request is used by the NMS to change configuration variables in the agent device.Explanation
The correct answer states that a set request is used by the NMS to change configuration variables in the agent device. This means that the Network Management System (NMS) has the ability to modify the configuration settings of the SNMP agent device. The NMS can send a set request to the agent, instructing it to change certain variables or settings. This allows the NMS to remotely manage and control the agent device's configuration.Rate this question:
-
- 13.
A network administrator is analyzing the features supported by the multiple versions of SNMP. What are two features that are supported by SNMPv3 but not by SNMPv1 or SNMPv2c? (Choose two.)
-
bulk retrieval of MIB information
-
message source validation
-
community-based security
-
message encryption
-
SNMP trap mechanism
Correct Answer(s)
A. message source validation
A. message encryptionExplanation
SNMPv3 supports message source validation, which ensures that the messages are coming from a trusted source. This feature helps prevent unauthorized access and ensures the integrity of the messages. SNMPv1 and SNMPv2c do not have this feature, making them more susceptible to spoofing attacks.
SNMPv3 also supports message encryption, which provides confidentiality for the messages exchanged between the SNMP manager and agents. This feature ensures that the information remains secure and cannot be intercepted by unauthorized parties. SNMPv1 and SNMPv2c do not have message encryption, making them vulnerable to eavesdropping attacks.Rate this question:
-
- 14.
Which protocol or service can be configured to send unsolicited messages to alert the network administrator about a network event such as an extremely high CPU utilization on a router?
-
SNMP
-
Syslog
-
NTP
-
NetFlow
Correct Answer
A. SNMPExplanation
SNMP (Simple Network Management Protocol) is a protocol that allows devices on a network to be managed and monitored. It enables network administrators to collect information from network devices, such as routers, and send unsolicited messages or alerts about network events. In this case, SNMP can be configured to send an alert to the network administrator when there is an extremely high CPU utilization on a router.Rate this question:
-
- 15.
What is the function of the MIB element as part of a network management system?
-
to store data about a device
-
to collect data from SNMP agents
-
to change configurations on SNMP agents
-
to send and retrieve network management information
Correct Answer
A. to store data about a deviceExplanation
The MIB element in a network management system is responsible for storing data about a device. It serves as a database that holds information related to the device's configuration, performance, and status. This data can be accessed by the network management system to monitor and manage the device effectively. By storing relevant data, the MIB element enables administrators to analyze and troubleshoot network issues, track device performance, and make informed decisions regarding network management.Rate this question:
-
- 16.
Which SNMP version uses weak community string-based access control and supports bulk retrieval?
-
SNMPv2c
-
SNMPv1
-
SNMPv2Classic
-
SNMPv3​
Correct Answer
A. SNMPv2cExplanation
SNMPv2c is the correct answer because it is the version of SNMP that uses weak community string-based access control. This means that access to SNMP devices is controlled by a community string, which is essentially a password, but it is not very secure. SNMPv2c also supports bulk retrieval, which allows for the retrieval of multiple pieces of data in a single request, making it more efficient for managing large networks.Rate this question:
-
- 17.
What are SNMP trap messages?
-
messages that are used by the NMS to query the device for data
-
unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the network
-
messages that are used by the NMS to change configuration variables in the agent device
-
messages that are sent periodically by the NMS to the SNMP agents that reside on managed devices to query the device for data
Correct Answer
A. unsolicited messages that are sent by the SNMP agent and alert the NMS to a condition on the networkExplanation
SNMP trap messages are unsolicited messages sent by the SNMP agent to alert the Network Management System (NMS) about a specific condition on the network. These messages are not initiated by the NMS, but rather sent by the agent when it detects a predefined event or condition. The purpose of SNMP trap messages is to notify the NMS about network issues or events that require attention or further investigation.Rate this question:
-
- 18.
A network administrator issues two commands on a router:R1(config)# snmp-server host 10.10.50.25 version 2c campus R1(config)# snmp-server enable trapsWhat can be concluded after the commands are entered?
-
No traps are sent, because the notification-types argument was not specified yet.
-
Traps are sent with the source IP address as 10.10.50.25.
-
If an interface comes up, a trap is sent to the server.
-
The snmp-server enable traps command needs to be used repeatedly if a particular subset of trap types is desired.
Correct Answer
A. If an interface comes up, a trap is sent to the server.Explanation
The given commands configure the router to send SNMP traps to the server when an interface comes up. The "snmp-server host" command specifies the IP address of the server (10.10.50.25) and the SNMP version (2c). The "snmp-server enable traps" command enables the router to send traps. Therefore, the conclusion is that if any interface on the router comes up, a trap will be sent to the specified server.Rate this question:
-
- 19.
Refer to the exhibit. What can be concluded from the produced output?
-
An ACL was configured to restrict SNMP access to an SNMP manager.
-
This is the output of the show snmp command without any parameters.
-
The system contact was not configured with the snmp-server contact command.
-
The location of the device was not configured with the snmp-server location command.
Correct Answer
A. An ACL was configured to restrict SNMP access to an SNMP manager.Explanation
From the given output of the show snmp command without any parameters, it can be concluded that an ACL (Access Control List) was configured to restrict SNMP access to an SNMP manager. This can be inferred from the fact that the system contact was not configured with the snmp-server contact command, and the location of the device was not configured with the snmp-server location command. These two commands are typically used to configure SNMP settings, but since they were not configured, it suggests that the SNMP access is restricted by an ACL instead.Rate this question:
-
- 20.
Refer to the exhibit. A SNMP manager has IP address 172.16.1.120. The SNMP manager is unable to change configuration variables on the R1 SNMP agent. What could be the problem?
-
The ACL of ACL_SNMP has not been implemented on an interface yet.
-
The IP address of the SNMP manager must be 172.16.1.1.
-
The SNMP agent should have traps disabled.
-
The SNMP agent is not configured for write access.
Correct Answer
A. The SNMP agent is not configured for write access.Explanation
The SNMP manager is unable to change configuration variables on the R1 SNMP agent because the SNMP agent is not configured for write access. This means that the agent is only configured to allow read access, preventing any changes to be made to the configuration variables.Rate this question:
-
- 21.
Refer to the exhibit. Router R1 was configured by a network administrator to use SNMP version 2. The following commands were issued:R1(config)# snmp-server community batonaug ro SNMP_ACL R1(config)# snmp-server contact Wayne World R1(config)# snmp-server host 192.168.1.3 version 2c batonaug R1(config)# ip access-list standard SNMP_ACL R1(config-std-nacl)# permit 192.168.10.3Why is the administrator not able to get any information from R1?
-
The snmp-server enable traps command is missing.​
-
The snmp-server community command needs to include the rw keyword.​
-
There is a problem with the ACL configuration.
-
The snmp-server location command is missing.​
Correct Answer
A. There is a problem with the ACL configuration.Explanation
The administrator is not able to get any information from R1 because there is a problem with the ACL configuration. The command "ip access-list standard SNMP_ACL" is used to create an access control list, but it only permits the IP address 192.168.10.3. This means that only SNMP requests from this specific IP address will be allowed, and all other requests will be denied. Since the administrator is not making the request from this IP address, they are being denied access to the SNMP information on R1.Rate this question:
-
- 22.
A network administrator has issued the snmp-server user admin1 admin v3 encrypted auth md5 abc789 priv des 256 key99 command. What are two features of this command? (Choose two.)
-
It adds a new user to the SNMP group.
-
It restricts SNMP access to defined SNMP managers.
-
It forces the network manager to log into the agent to retrieve the SNMP messages.
-
It uses the MD5 authentication of the SNMP messages.
-
It allows a network administrator to configure a secret encrypted password on the SNMP server.
Correct Answer(s)
A. It adds a new user to the SNMP group.
A. It uses the MD5 authentication of the SNMP messages.Explanation
The command "snmp-server user admin1 admin v3 encrypted auth md5 abc789 priv des 256 key99" has two features. Firstly, it adds a new user named "admin1" to the SNMP group. Secondly, it uses the MD5 authentication method to authenticate SNMP messages.Rate this question:
-
- 23.
Which statement describes the RSPAN VLAN?
-
The RSPAN VLAN must be the same as the native VLAN.
-
The RSPAN VLAN can be used to carry secure traffic between switches.
-
The RSPAN VLAN can be used for remote management of network switches.
-
The RSPAN VLAN must be the same on both the source and destination switch.
Correct Answer
A. The RSPAN VLAN must be the same on both the source and destination switch.Explanation
The RSPAN VLAN must be the same on both the source and destination switch because RSPAN (Remote Switched Port Analyzer) is a feature that allows monitoring of traffic from multiple switches across a network. In order for the traffic to be correctly mirrored from the source switch to the destination switch, they must both be configured with the same RSPAN VLAN. This ensures that the mirrored traffic is correctly tagged and transported between the switches.Rate this question:
-
- 24.
Which statement describes the function of the SPAN tool used in a Cisco switch?
-
It supports the SNMP trap operation on a switch.
-
It provides interconnection between VLANs over multiple switches.
-
It is a secure channel for a switch to send logging to a syslog server.
-
It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.
Correct Answer
A. It copies the traffic from one switch port and sends it to another switch port that is connected to a monitoring device.Explanation
The SPAN tool in a Cisco switch is used to copy the traffic from one switch port and send it to another switch port that is connected to a monitoring device. This allows for the monitoring and analysis of network traffic without interrupting the normal flow of data.Rate this question:
-
- 25.
Refer to the exhibit. Based on the output generated by the show monitor session 1 command, how will SPAN operate on the switch?
-
All traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1.
-
All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.
-
Native VLAN traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.
-
Native VLAN traffic transmitted from VLAN 10 or received on VLAN 20 is forwarded to FastEthernet 0/1.
Correct Answer
A. All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1.Explanation
The correct answer is "All traffic received on VLAN 10 or transmitted from VLAN 20 is forwarded to FastEthernet 0/1." This means that any traffic that is either received on VLAN 10 or transmitted from VLAN 20 will be sent to FastEthernet 0/1. This configuration allows for monitoring of the traffic on these VLANs by sending a copy of the traffic to the specified interface.Rate this question:
-
- 26.
Refer to the exhibit. Which command or set of commands will configure SW_A to copy all traffic for the server to the packet analyzer?
-
Sw_A(config)# monitor session 5 source interface gi0/1Sw_A(config)# monitor session 6 destination interface fa0/7
-
Sw_A(config)# monitor session 5 source interface gi0/1Sw_A(config)# monitor session 5 destination interface fa0/7
-
Sw_A(config)# monitor session 1 destination interface fa0/7
-
Sw_A(config)# monitor session 1 destination interface gi0/1Sw_A(config)# monitor session 1 source interface fa0/1
-
Sw_A(config)# monitor session 1 source interface fa0/7
Correct Answer
A. Sw_A(config)# monitor session 5 source interface gi0/1Sw_A(config)# monitor session 5 destination interface fa0/7Explanation
The correct answer is Sw_A(config)# monitor session 5 source interface gi0/1Sw_A(config)# monitor session 5 destination interface fa0/7. This is the correct set of commands to configure SW_A to copy all traffic for the server to the packet analyzer. The "monitor session" command is used to configure a SPAN (Switched Port Analyzer) session, which allows for the monitoring of network traffic. In this case, session 5 is being configured to copy the traffic from interface gi0/1 (the source) to interface fa0/7 (the destination), effectively sending all traffic for the server to the packet analyzer.Rate this question:
-
Quiz Review Timeline (Updated): Jul 12, 2023 +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Jul 12, 2023Quiz Edited by
ProProfs Editorial Team -
Nov 05, 2017Quiz Created by
Gaaabriel
Back to top