Do I Know This Already? Quiz


"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide what parts of this chapter to use. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.

Table 17-1 outlines the major topics discussed in this chapter and the "Do I Know This Already?" quiz questions that correspond to those topics.

Table 17-1. "Do I Know This Already?" Foundation Topics Section-to-Question Mapping

Foundation Topics Section

Questions Covered in This Section

Score

Switch AAA

13

 

Port Security

47

 

Port-Based Authentication

812

 

Mitigating Spoofing Attacks

1314

 

Total Score

  


Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.


1.

If the username command is used in a switch configuration, what method of authentication is implied?

  1. Remote

  2. Local

  3. RADIUS

  4. TACACS+

2.

Which one of the following commands should be used to configure a vty line to use the myservers authentication method list?

  1. line authentication myservers

  2. authentication myservers

  3. authentication method myservers

  4. login authentication myservers

3.

If a user needs to be in privileged EXEC or enable mode, which part of AAA must succeed?

  1. Authentication

  2. Authorization

  3. Accounting

  4. Administration

4.

Which switch feature can grant access through a port only if the host with MAC address 0005.0004.0003 is connected?

  1. SPAN

  2. MAC address ACL

  3. Port security

  4. Port-based authentication

5.

Port security is being used to control access to a switch port. Which one of these commands will put the port into the errdisable state if an unauthorized station connects?

  1. switchport port-security violation protect

  2. switchport port-security violation restrict

  3. switchport port-security violation errdisable

  4. switchport port-security violation shutdown

6.

If port security is left to its default configuration, how many different MAC addresses can be learned at one time on a switch port?

  1. 0

  2. 1

  3. 16

  4. 256

7.

The following commands are configured on a Catalyst switch port. What happens when the host with MAC address 0001.0002.0003 tries to connect?

     switchport port-security      switchport port-security maximum 3      switchport port-security mac-address 0002.0002.0002      switchport port-security violation shutdown

  1. The port shuts down.

  2. The host is allowed to connect.

  3. The host is denied a connection.

  4. The host can connect only when 0002.0002.0002 is not connected.

8.

What protocol is used for port-based authentication?

  1. 802.1D

  2. 802.1Q

  3. 802.1x

  4. 802.1w

9.

When 802.1x is used for a switch port, where must it be configured?

  1. Switch port and client PC

  2. Switch port only

  3. Client PC only

  4. Switch port and a RADIUS server

10.

When port-based authentication is enabled globally, what is the default behavior for all switch ports?

  1. Authenticate users before enabling the port.

  2. Allow all connections without authentication.

  3. Do not allow any connections.

  4. There is no default behavior.

11.

When port-based authentication is enabled, what method is available for a user to authenticate?

  1. Web browser

  2. Telnet session

  3. 802.1x client

  4. DHCP

12.

The users in a department are using a variety of host platforms, some old and some new. All of them have been approved with a user ID in a RADIUS server database. Which one of these features should be used to restrict access to the switch ports in the building?

  1. AAA authentication

  2. AAA authorization

  3. Port security

  4. Port-based authentication

13.

With DHCP snooping, an untrusted port filters out which one of the following?

  1. DHCP replies from legitimate DHCP servers

  2. DHCP replies from rogue DHCP servers

  3. DHCP requests from legitimate clients

  4. DHCP requests from rogue clients

14.

Which one of the following should be configured as a trusted port for dynamic ARP inspection?

  1. The port where the ARP server is located

  2. The port where an end-user host is located

  3. The port where another switch is located

  4. None; all ports are untrusted

The answers to the "Do I Know This Already?" quiz are found in Appendix A, "Answers to Chapter 'Do I Know This Already?' Quizzes and Q&A Sections." The suggested choices for your next step are as follows:

  • 11 or less overall score Read the entire chapter. This includes the "Foundation Topics," "Foundation Summary," and "Q&A" sections.

  • 12 or more overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the "Q&A" section at the end of the chapter. Otherwise, move to Chapter 18, "Securing with VLANs."



CCNP Self-Study(c) CCNP BCMSN Exam Certification Guide
Red Hat Fedora 5 Unleashed
ISBN: N/A
EAN: 2147483647
Year: 2003
Pages: 177

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net