Security Questions

Question 1
Refer to the exhibit.
DOT1X-SP-5-SECURITY_VIOLATION: Security violation on interface GigabitEthernet4/8,
New MAC address 0080.ad00.c2e4 is seen on the interface in Single host mode
%PM-SP-4-ERR_DISABLE: security-violation error detected on Gi4/8, putting Gi4/8
in err-disable state
Which action will solve the error state of this interface when connecting a host behind a Cisco IP phone?
A. Configure dot1x-port control auto on this interface
B. Enable errdisable recovery for security violation errors
C. Enable port security on this interface
D. Configure multidomain authentication on this interface

Answer: D
Question 2
Which three conditions can cause excessive unicast flooding? (Choose three)
A. Asymmetric routing
B. Repeated TCNs
C. The use of HSRP
D. Frames sent to FFFF.FFFF.FFFF
E. MAC forwarding table overflow
F. The use of Unicast Reverse Path Forwarding

Answer: A B E
Question 3
Which three statements are true about PPP CHAP authentication? (Choose three)
A. PPP encapsulation must be enabled globally.
B. The LCP phase must be complete and in closed state.
C. The hostname used by a router for CHAP authentication cannot be changed.
D. PPP encapsulation must be enabled on the interface.
E. The LCP phase must be complete and in open state.
F. By default, the router uses its hostname to identify itself to the peer.

Answer: D E F
Question 4
Refer to the exhibit.
interface GigabitEthernet0/0/0
ip address
ip ssh version 2
ip access-list extended protect-ssh
permit ip any any eq 22
line vty 0 4
access-class protect-ssh in
transport input ssh
Which configuration is missing that would enable SSH access on a router that is running Cisco IOS XE Software?
A. int Gig0/0/0
B. class-map ssh-class
match access-group protect-ssh
policy-map control-plane-in
class ssh-class
police 80000 conform transmit exceed drop
service-policy input control-plane-in
C. control-plane host
management-interface GigabitEthernet0/0/0 allow ssh
D. interface Gig0/0/0
ip access-group protect-ssh in

Answer: C
Question 5
Which type of port would have root guard enabled on it?
A. A root port
B. An alternate port
C. A blocked port
D. A designated port

Answer: D
Question 6
Which three features are considered part of the IPv6 first-hop security suite? (Choose three)
A. DNS guard
B. destination guard
C. DHCP guard
D. ICMP guard
E. RA guard
F. DoS guard

Answer: B C E
Question 7
Which three steps are necessary to enable SSH? (Choose three)
A. generating an RSA or DSA cryptographic key
B. configuring the version of SSH
C. configuring a domain name
D. configuring VTY lines for use with SSH
E. configuring the port for SSH to listen for connections
F. generating an AES or SHA cryptographic key

Answer: A C D
Question 8
Refer to the exhibit.
aaa new-model
aaa authentication login default local
username cisco privilege 15 password cisco
User Access Verification
Username: cisco
% Error in authentication.
While configuring AAA with a local database, users can log in via Telnet, but receive the message “error in authentication” when they try to go into enable mode. Which action can solve this problem?
A. Configure authorization to allow the enable command.
B. Use aaa authentication login default enable to allow authentication when using the enable command.
C. Verify whether an enable password has been configured.
D. Use aaa authentication enable default enable to allow authentication when using the enable command.

Answer: C
Next Post »