Document Title Security Level

This post is about answer for CCNA Security Chapter 6 Test. The

questions displayed in this post are based on CCNAS v1.1. All the answers

has been confirmed to be 100% correct. With this solution, hopefully it

will be a good reference for all of us.

1-As a recommended practice for Layer 2 security, how should VLAN 1

be treated?

All access ports should be assigned to VLAN 1.

All trunk ports should be assigned to VLAN 1.

VLAN 1 should be used for management traffic.

VLAN 1 should not be used.

2-With IP voice systems on data networks, which two types of attacks

target VoIP specifically? (Choose two.)

CoWPAtty

Kismet

SPIT
Virus nnn
2017-12-06 Huawei Proprietary - Restricted Distribution Page1, Total10
 Document Title Security Level

vishing

3-Which option best describes a MAC address spoofing attack?

An attacker gains access to another host and masquerades as the rightful user

of that device.

An attacker alters the MAC address of his host to match another known MAC address of a
target host.

An attacker alters the MAC address of the switch to gain access to the

network device from a rogue host device.

An attacker floods the MAC address table of a switch so that the switch can

no longer filter network access based on MAC addresses.

4-Which attack relies on the default automatic trunking configuration on

most Cisco switches?

LAN storm attack

VLAN hopping attack

STP manipulation attack

MAC address spoofing attack

2017-12-06 Huawei Proprietary - Restricted Distribution Page2, Total10
 Document Title Security Level

Which two measures are recommended to mitigate VLAN hopping

attacks? (Choose two.)

Use a dedicated native VLAN for all trunk ports.

Place all unused ports in a separate guest VLAN.

Disable trunk negotiation on all ports connecting to workstations.

Enable DTP on all trunk ports.

Ensure that the native VLAN is used for management traffic

Which three are SAN transport technologies? (Choose three.)

Fibre Channel
SATA

iSCSI
IP PBX

FCIP

IDE

2017-12-06 Huawei Proprietary - Restricted Distribution Page3, Total10

 Document Title Security Level

Refer to the exhibit. What action will the switch take when the maximum

number of secure MAC addresses has reached the allowed limit on the

Fa0/2 port?

Packets with unknown source addresses are dropped, but notification of the

dropped packets is sent.

The VLAN that Fa0/2 is on is set to error-disabled and all traffic on the

VLAN is stopped.

The interface immediately becomes error-disabled and the port LED is turned

off.

Packets with unknown source addresses are dropped without notification.

Which software tool can a hacker use to flood the MAC address table

of a switch?

macof

Cisco CCP

2017-12-06 Huawei Proprietary - Restricted Distribution Page4, Total10

 Document Title Security Level

kiwi syslog server

protocol analyzer

Which two methods are used to mitigate VLAN attacks? (Choose two.)

enabling port security on all trunk ports

using a dummy VLAN for the native VLAN

implementing BPDU guard on all access ports

disabling DTP autonegotiation on all trunk ports

using ISL instead of 802.1q encapsulation on all trunk interfaces

Which three switch security commands are required to enable port

security on a port so that it will dynamically learn a single MAC address

and disable the port if a host with any other MAC address is connected?

(Choose three.)

switchport mode access

switchport mode trunk

switchport port-security
2017-12-06 Huawei Proprietary - Restricted Distribution Page5, Total10
 Document Title Security Level

switchport port-security maximum 2

switchport port-security mac-address sticky

switchport port-security mac-address mac-address

What is an example of a trusted path in an operating system?

digital certificate

digital signature

hash message authentication

Ctrl-Alt-Delete key sequence

Why are traditional network security perimeters not suitable for the

latest consumer-based network endpoint devices?

These devices are not managed by the corporate IT department.

These devices are more varied in type and are portable.

These devices connect to the corporate network through public wireless

networks.

2017-12-06 Huawei Proprietary - Restricted Distribution Page6, Total10

 Document Title Security Level

These devices pose no risk to security as they are not directly connected to

the corporate network.

Which Cisco IronPort appliance would an organization install to manage

and monitor security policy settings and audit information?

C-Series

M-Series

S-Series

SenderBase-Series

Which Cisco IronPort appliance would an organization install to protect against

malware?

C-Series

M-Series

S-Series

SenderBase-Series

2017-12-06 Huawei Proprietary - Restricted Distribution Page7, Total10

 Document Title Security Level

What is the goal of the Cisco NAC framework and the Cisco NAC

appliance?

to ensure that only hosts that are authenticated and have had their security posture
examined and approved are permitted onto the network
to monitor data from the company to the ISP in order to build a real-time

database of current spam threats from both internal and external sources

to provide anti-malware scanning at the network perimeter for both

authenticated and non-authenticated devices

to provide protection against a wide variety of web-based threats, including

adware, phishing attacks, Trojan horses, and worms

When the Cisco NAC appliance evaluates an incoming connection from a

remote device against the defined network policies, what feature is being

used?

authentication and authorization

posture assessment
quarantining of noncompliant systems

remediation of noncompliant systems

2017-12-06 Huawei Proprietary - Restricted Distribution Page8, Total10

 Document Title Security Level

Which command is used to configure the PVLAN Edge feature?

switchport block

switchport nonnegotiate

switchport protected

switchport port-security violation protect

Which statement is true about a characteristic of the PVLAN Edge

feature on a Cisco switch?

All data traffic that passes between protected ports must be forwarded

through a Layer 2 device.

All data traffic that passes between protected ports must be forwarded through a Layer 3
device.

Only broadcast traffic is forwarded between protected ports.

Only unicast traffic is forwarded between protected ports.

What is the default configuration of the PVLAN Edge feature on a Cisco

switch?

All active ports are defined as protected.

2017-12-06 Huawei Proprietary - Restricted Distribution Page9, Total10

 Document Title Security Level

All ports are defined as protected.

No ports are defined as protected.

EtherChannel groups are defined as protected ports.

Under which circumstance is it safe to connect to an open wireless

network?

The connection utilizes the 802.11n standard.

The device has been updated with the latest virus protection software.

The connection is followed by a VPN connection to a trusted network.

The user does not plan on accessing the corporate network when attached to

the open wireless network.

2017-12-06 Huawei Proprietary - Restricted Distribution Page10, Total10