8. Which statement describes the behavior of a switch when the MAC address table is full?

It treats frames as unknown unicast and floods all incoming frames to all ports within the local VLAN.

It treats frames as unknown unicast and floods all incoming frames to all ports on the switch.

It treats frames as unknown unicast and floods all incoming frames to all ports across multiple switches.

It treats frames as unknown unicast and floods all incoming frames to all ports within the collision domain.

9. What device is considered a supplicant during the 802.1X authentication process?

the client that is requesting authentication

the router that is serving as the default gateway

the authentication server that is performing client authentication

the switch that is controlling network access

10. Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP phone and PC work properly. Which switch configuration would be most appropriate for port Fa0/2 if the network administrator has the following goals? No one is allowed to disconnect the IP phone or the PC and connect some other wired device. If a different device is connected, port Fa0/2 is shut down. The switch should automatically detect the MAC address of the IP phone and the PC and add those addresses to the running configuration.

SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security maximum 2 SWA(config-if)# switchport port-security mac-address sticky

SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security mac-address sticky

SWA(config-if)# switchport port-security SWA(config-if)# switchport port-security maximum 2 SWA(config-if)# switchport port-security mac-address sticky

SWA(config-if)# switchport port-security violation restrict SWA(config-if)# switchport port-security mac-address sticky SWA(config-if)# switchport port-security maximum 2

11. Refer to the exhibit. Port security has been configured on the Fa 0/12 interface of switch S1. What action will occur when PC1 is attached to switch S1 with the applied configuration?

Frames from PC1 will cause the interface to shut down immediately, and a log entry will be made

Frames from PC1 will be forwarded since the switchport port-security violation command is missing.

Frames from PC1 will be forwarded to its destination, and a log entry will be created.

Frames from PC1 will be forwarded to its destination, but a log entry will not be created.

13. A network administrator is configuring DAI on a switch with the command ip arp inspection validate src-mac. What is the purpose of this configuration command?

It checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body

It checks the source MAC address in the Ethernet header against the user-configured ARP ACLs.

It checks the source MAC address in the Ethernet header against the MAC address table.

It checks the source MAC address in the Ethernet header against the target MAC address in the ARP body.

14. Which two commands can be used to enable BPDU guard on a switch? (Choose two.)

S1(config)# spanning-tree portfast bpduguard default

S1(config-if)# spanning-tree bpduguard enable

S1(config)# spanning-tree bpduguard default

S1(config-if)# spanning-tree portfast bpduguard

S1(config-if)# enable spanning-tree bpduguard

17. What are the two methods that are used by a wireless NIC to discover an AP? (Choose two.)

receiving a broadcast beacon frame

initiating a three-way handshake

18. A technician is configuring the channel on a wireless router to either 1, 6, or 11. What is the purpose of adjusting the channel?

to avoid interference from nearby wireless devices

to enable different 802.11 standards

to disable broadcasting of the SSID

to provide stronger security modes

21. A technician is about to install and configure a wireless network at a small branch office. What is the first security measure the technician should apply immediately upon powering up the wireless router?

Change the default user-name and password of the wireless router.

Enable MAC address filtering on the wireless router.

Configure encryption on the wireless router and the connected wireless devices.

Disable the wireless network SSID broadcast.

23. Which step is required before creating a new WLAN on a Cisco 3500 series WLC?

Build or have an SNMP server available.

Build or have a RADIUS server available.

24. A network engineer is troubleshooting a newly deployed wireless network that is using the latest 802.11 standards. When users access high bandwidth services such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides to configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why might this solution improve the wireless network performance for that type of service?

The 5 GHz band has more channels and is less crowded than the 2.4 GHz band, which makes it more suited to streaming multimedia.

Requiring the users to switch to the 5 GHz band for streaming media is inconvenient and will result in fewer users accessing these services.

The 5 GHz band has a greater range and is therefore likely to be interference-free.

The only users that can switch to the 5 GHz band will be those with the latest wireless NICs, which will reduce usage.

25. A network administrator is configuring a RADIUS server connection on a Cisco 3500 series WLC. The configuration requires a shared secret password. What is the purpose for the shared secret password?

It is used to encrypt the messages between the WLC and the RADIUS server.

It is used by the RADIUS server to authenticate WLAN users.

It is used to authenticate and encrypt user data on the WLAN.

It allows users to authenticate and access the WLAN.

26. Which three parameters would need to be changed if best practices are being implemented for a home wireless AP? (Choose three.)

wireless client operating system password

28. Which type of wireless network is based on the 802.11 standard and a 2.4-GHz or 5-GHz radio frequency?

wireless metropolitan-area network

30. What are three techniques for mitigating VLAN attacks? (Choose three.)

Set the native VLAN to an unused VLAN.

31. Refer to the exhibit. What can be determined about port security from the information that is shown?

The port violation mode is the default for any port that has port security enabled.

The port has the maximum number of MAC addresses that is supported by a Layer 2 switch port which is configured for port security.

The port has two attached devices.

33. A technician is troubleshooting a slow WLAN that consists of 802.11b and 802.11g devices. A new 802.11n/ac dual-band router has been deployed on the network to replace the old 802.11g router. What can the technician do to address the slow wireless speed?

Split the wireless traffic between the 802.11n 2.4 GHz band and the 5 GHz band.

Update the firmware on the new router.

Configure devices to use a different channel.

35. What is the function provided by CAPWAP protocol in a corporate wireless network?

CAPWAP provides the encapsulation and forwarding of wireless user traffic between an access point and a wireless LAN controller.

CAPWAP creates a tunnel on Transmission Control Protocol (TCP) ports in order to allow a WLC to configure an autonomous access point.

CAPWAP provides connectivity between an access point using IPv6 addressing and a wireless client using IPv4 addressing.

CAPWAP provides the encryption of wireless user traffic between an access point and a wireless client.

36. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. Which event will take place if there is a port security violation on switch S1 interface Fa0/1?

Packets with unknown source addresses will be dropped.

The interface will go into error-disabled state.

39. What is the result of a DHCP starvation attack?

Legitimate clients are unable to lease IP addresses.

The attacker provides incorrect DNS and default gateway information to clients.

The IP addresses assigned to legitimate clients are hijacked.

Clients receive IP address assignments from a rogue DHCP server.

40. Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks?

the native VLAN of the trunking port being the same as a user VLAN

the limited size of content-addressable memory space

the automatic trunking port feature enabled for all ports by default

mixed duplex mode enabled for all ports by default

44. A laptop cannot connect to a wireless access point. Which two troubleshooting steps should be taken first? (Choose two.)

Ensure that the wireless NIC is enabled.

Ensure that the wireless SSID is chosen.

Ensure that the correct network media is selected.

Ensure that the laptop antenna is attached.

Ensure that the NIC is configured for the proper frequency.

45. What is an advantage of SSID cloaking?

Clients will have to manually identify the SSID to connect to the network.

It is the best way to secure a wireless network.

SSIDs are very difficult to discover because APs do not broadcast them.

It provides free Internet access in public locations where knowing the SSID is of no concern.

47. A company has recently implemented an 802.11n wireless network. Some users are complaining that the wireless network is too slow. Which solution is the best method to enhance the performance of the wireless network?

Split the traffic between the 2.4 GHz and 5 GHz frequency bands.

Disable DHCP on the access point and assign static addresses to the wireless clients.

Upgrade the firmware on the wireless access point.

Replace the wireless NICs on the computers that are experiencing slow connections.

52. Which type of wireless network is suitable for national and global communications?

wireless metropolitan-area network

CCNA 2 MOD 10-13

Authored by Pop 🤍

Professional Development

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

80 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

1. Which Layer 2 attack will result in legitimate users not getting valid IP addresses?

ARP spoofing

DHCP starvation

IP address spoofing

MAC address flooding

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

2. What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?

Disable DTP

Disable STP

Enable port security

place unused ports in an unused VLAN

MULTIPLE SELECT QUESTION

45 sec • 1 pt

3. Which three Cisco products focus on endpoint security solutions? (Choose three.)

ISP Sensor Appliance

Web Security Appliance

Email Security Appliance

SSL/IPsec VPN Appliance

NAC Appliance

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

4. True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.

true

false

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

5. Which authentication method stores usernames and passwords in the router and is ideal for small networks?

server-based AAA over TACACS+

local AAA over RADIUS

server-based AAA

local AAA over TACACS+

local AAA

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

6. What represents a best practice concerning discovery protocols such as CDP and LLDP on network devices?

Enable CDP on edge devices, and enable LLDP on interior devices.

Use the open standard LLDP rather than CDP.

Use the default router settings for CDP and LLDP.

Disable both protocols on all interfaces where they are not required.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

7. Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices?

SNMP

TFTP

SSH

SCP

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

76 questions

Quiz o finansyzacji i rynkach kapitałowych

Quiz

•

Professional Development

82 questions

NCSA 5G 2023 (GS40-SRAN-22Rx-F-A-2205)

Quiz

•

Professional Development

77 questions

PLC/HMI/SCADA

Quiz

•

Professional Development

82 questions

UTBK BAHASA INDONESIA 2025

Quiz

•

Professional Development

78 questions

DP-900_Simulado_03

Quiz

•

Professional Development

80 questions

LS Retail

Quiz

•

Professional Development

82 questions

Quiz for MO's

Quiz

•

Professional Development

78 questions

Human Resource in 21st Century

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Professional Development

44 questions

Would you rather...

Quiz

•

Professional Development

CCNA 2 MOD 10-13

1. Which Layer 2 attack will result in legitimate users not getting valid IP addresses?

2. What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?

3. Which three Cisco products focus on endpoint security solutions? (Choose three.)

4. True or False?In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.

5. Which authentication method stores usernames and passwords in the router and is ideal for small networks?

6. What represents a best practice concerning discovery protocols such as CDP and LLDP on network devices?

7. Which protocol should be used to mitigate the vulnerability of using Telnet to remotely manage network devices?

8. Which statement describes the behavior of a switch when the MAC address table is full?

9. What device is considered a supplicant during the 802.1X authentication process?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

4. True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.