CCNA 2 Chapter 2 – Flashcards
Unlock all answers in this set
Unlock answersquestion
Describe the boot sequence for a Cisco switch:
answer
1st - loads POST program stored in ROM 2nd - loads boot loader software stored in ROM 3rd - boot loader performs low-level CPU initialization & initializes the CPU registers 4th - boot loader initializes flash file system on the system board 5th - boot loader locates & loads a default IOS operating system software image into memory and transfers control of the switch over to IOS
question
Where is the startup configuration stored?
answer
NVRAM
question
Where is the running configuration stored?
answer
RAM
question
How can you access the switch OS if there are missing or damaged filed systems?
answer
use the boot loader - connect via a console cable to a PC and use terminal emulation software
question
What do you need to do for remote switch management?
answer
configure the switch with an IP address and subnet mask - if managing the switch from a remote network - also configure the switch with the default gateway
question
For security purposes, should you use VLAN 1 for the management VLAN?
answer
NO
question
Which ports are assigned to VLAN 1 by default?
answer
ALL of them
question
What 6 steps are needed to configure basic switch settings?
answer
1 - erase and reload the switch 2 - assign hostname 3 - configure password encryption 4 - assign secret password 5 - prevent DNS lookups 6 - create MOTD
question
What steps are needed to create a new VLAN on a switch to be managed remotely?
answer
S1(config)# vlan 99 S1(config-vlan)# name Management S1(config-vlan)# exit S1(config)# interface vlan 99 S1(config-if)# ip address 172.16.1.15 255.255.0.0 S1(config-if)# no shutdown S1(config-if)# switchport access vlan 99 S1(config-if)# exit S1(config)# ip default-gateway 172.16.1.1 S1(config)# end S1#copy running-config startup-config
question
What should be looked at when troubleshooting switch port issues?
answer
duplex and speed settings
question
In full-duplex mode, what should be disabled?
answer
the NIC collision detection circuit
question
To use auto-MDIX on an interface, what must the interface speed and duplex be set to so auto-MDIX operates correctly?
answer
auto detect
question
Define input errors:
answer
the sum of all errors in datagrams received on the interface
question
Define runts (input error):
answer
less than 64-byte minimum allowed length - usually caused by malfunctioning NICs
question
Define giants (input error):
answer
longer than the maximum allowed length
question
Define output errors:
answer
the sum of all errors that prevented the final transmission of datagrams out of the interface
question
Define late collisions (output error):
answer
after 512 bits of the frame - the preamble - have been transmitted - usually caused by excessive cable lengths or duplex misconfiguration
question
What 4 things should you look for if an interface is down?
answer
* check for proper or damaged cables/connectors * a mismatch in speed setting * excessive noise * late colissions
question
What causes a CRC input error?
answer
usually a media or cable error
question
What is a MAC address table overflow attack?
answer
flooding attacks make use of limited size in a MAC address table to overwhelm the switch with fake source MAC addresses until the switch MAC address table is full
question
What is a DHCP starvation attack?
answer
attacker floods the DHCP server with requests to use up all available IP addresses the DHCP server can issue - leads to DoS
question
What is DHCP spoofing?
answer
attacker configures a fake DHCP server to issue DHCP address to clients - forces clients to use false DNS servers - makes clients use the attacker as their default gateway - caused DHCP address pool to become depleted
question
What is included in CDP information?
answer
IP address, software version, and the native VLAN - which attackers can use - DoS
question
Define a brute force attack:
answer
attacker uses a dictionary to find common passwords to initiate a Telnet session
question
How do you secure a network?
answer
use a written security policy, shut down unused services & ports, use strong passwords & change them often, control physical access to devices, use HTTPS, perform backups, develop policies to validate identities (over the phone, via email, and in person), encrypt & password-protect sensitive data, implement security hardware & software (firewalls), install security patches often, and use network security auditing tools.
question
Describe penetration testing:
answer
a simulated attack against the network to determine how vulnerable it would be in a real attack - admin can identify weaknesses
question
What is DCHP snooping?
answer
a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests - ports are identified as trusted & untrusted
question
Which ports can source all DHCP messages?
answer
trusted
question
Which ports can source DHCP source requests only?
answer
untrusted
question
What happens if a rouge device on an untrusted port tries to send a DHCP response packet into the network?
answer
the port is shut down
question
If you disable sticky learning, what happens to sticky secure MAC addresses?
answer
they remain part of the MAC address table, but are removed from the running configuration
question
What is the factory default interface violation mode?
answer
shutdown - interface becomes error disabled
question
What is Network Time Protocol (NTP)?
answer
synchronizes the clocks of computer systems over packet-switched, variable-latency data networks
question
Which command configures basic port security?
answer
S1(config-if)# switchport mode access S1(config-if)# switchport port-security
question
Which command verifies which switch ports are up?
answer
S1# show ip interface brief
question
Which command disables a range of switch ports?
answer
S1(config-if-range)# shutdown S1(config-if-range)# int range f0/4 - 24
question
Which 3 commands enable DHCP Snooping?
answer
S1(config)# ip dhcp snooping S1(config)# ip dhcp snooping vlan ? S1(config)# ip dhcp snooping trust
question
Which command configures the violation mode on a switch port?
answer
S1(config-if)# switchport port-security violation * after violation type protect, restrict, or shutdown
question
Which command enables sticky learning for a switch port?
answer
S1(config-if)# switchport port-security mac-address sticky
question
Which command sets the maximum # of secure MAC addresses allowed on a switch port?
answer
S1(config-if)# switchport port-security maximum 50
question
Which command verifies port security settings?
answer
S1# show port-security int f0/1
question
Which command displays all secure MAC addresses configured on all switch interfaces?
answer
S1# show port-security address
question
If a network admin enters these commands on a switch, what will be the result? Switch1(config-line)# line console 0 Switch1(config-line)# password cisco Switch1(config-line)# login
answer
to secure console port access with password cisco
question
Which command line interface (CLI) mode allows users to configure switch parameters, such as the hostname and password?
answer
global configuration mode
question
What happens when the transport input ssh command is entered on the switch vty lines?
answer
Communication between the switch and remote users is encrypted.
question
A network administrator uses the CLI to enter a command that requires several parameters. The switch responds with "% Incomplete command". The administrator cannot remember the missing parameters. What can the administrator do to get the parameter information?
answer
append a space and then ? to the last parameter
question
When a switch receives a frame and the source MAC address is not found in the switching table, what action will be taken by the switch to process the incoming frame?
answer
The switch will map the source MAC address to the port on which it was received.
question
The switch and workstation are administratively configured for full-duplex operation. What will or won't happen on this link?
answer
No collisions will occur on this link.
question
The partial output of the show running-config command. The enable password on this switch is "cisco." What can be determined from the output shown?
answer
Any configured line mode passwords will be encrypted in this configuration.
question
What 2 important characteristics about Layer 2 Ethernet switches are true?
answer
* Layer 2 switches have multiple collision domains * Layer 2 switches can send traffic based on the destination MAC address
question
What happens whent the command banner login "Authorized personnel Only" is issued on a switch?
answer
The command will cause the message Authorized personnel Only to display before a user logs in.
question
When a collision occurs in a network using CSMA/CD, how do hosts with data to transmit respond after the backoff period has expired?
answer
The hosts return to a listen-before-transmit mode.
question
Compare EXEC mode commands enable password and enable secret password.
answer
*The enable secret password command provides better security than the enable password. * The enable password and enable secret password protect access to privileged EXEC mode.
question
If a switch has 2 ports, how many collision domains can it have?
answer
2
question
Which 2 statements are true regarding switch port security?
answer
* Dynamically learned secure MAC addresses are lost when the switch reboots * If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.
question
What are 2 ways to make a switch less vulnerable to attacks like MAC address flooding, CDP attacks, and Telnet attacks?.
answer
Change passwords regularly. Turn off unnecessary services.
question
What action does SW1 take on a frame sent from PCA to PCC if the MAC address table of SW1 is empty?
answer
SW1 floods the frame on all ports on SW1, except for the port that received the frame.
question
The network admin has decided to allow only SSH connections to Switch1. After the commands are applied, the admin is able to connect to Switch1 using both SSH and Telnet. What is most likely the problem?
answer
missing transport input ssh command
question
Where is the startup configuration stored?
answer
NVRAM
question
The switch and the hub have default configurations, and the switch has built its CAM table. Which of the hosts will capture a copy of the frame when workstation A sends a unicast packet to workstation C?
answer
workstation C
question
What happens when Host 1 attempts to send data?
answer
Frames from Host 1 cause the interface to shut down.
question
Which hosts will receive a broadcast frame sent from Host A?
answer
hosts B, C, D, and E
question
What is SVI (switched virtual interface)?
answer
a special IP address Cisco switches can be configured with - used for remote access to the switch
question
Using the command switchport port-security - sets the maximum MAC addresses to what? And, the violation action to what?
answer
Maximum 1 MAC address Violation action to shutdown
question
VLAN 99 has been configured as the management VLAN with an IP address and subnet mask. Show interface VLAN99 output display shows the line protocol is down? Which action can change the state of the line?
answer
Connect a host to an interface associated with VLAN 99
question
What would be an ideal environment to carry out penetration tests?
answer
an off-line test bed network that mimics the actual production network
question
A network technician wants to implement SSH as the means by which a router may be managed remotely. What are 2 procedures that the technician should use to use SSH?
answer
configure authentication define the asymmetrical keys
question
What refers to a protocol that provides an encrypted connection? The protocol replaces the clear text Telnet protocol for Cisco device management.
answer
SSH
