itgle.com
The network administrator has configured port security on a Ezonexam switch. Why would a network administrator configure port security on this Ezonexam device?A.To prevent unauthorized hosts from getting access to the LANB.To limit the number of Layer 2 b
题目
The network administrator has configured port security on a Ezonexam switch. Why would a network administrator configure port security on this Ezonexam device?
A.To prevent unauthorized hosts from getting access to the LAN
B.To limit the number of Layer 2 broadcasts on a particular switch port
C.To prevent unauthorized Telnet or SSH access to a switch port
D.To prevent the IP and MAC address of the switch and associated ports
E.None of the above
相似考题
更多“The network administrator has configured port security on a Ezonexam switch. Why would a network administrator configure port security on this Ezonexam device?A.To prevent unauthorized hosts from getting access to the LANB.To limit the number of Layer 2 b”相关问题
-
第1题:
The network security policy for Ezonexam requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should be automatically disabled. Which two commands must the Ezonexam network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two)
A.SWEzonexam1(config-if)# switchport port-security maximum 1
B.SWEzonexam1(config)# mac-address-table secure
C.SWEzonexam1(config)# access-list 10 permit ip host
D.SWEzonexam1(config-if)# switchport port-security violation shutdown
E.SWEzonexam1(config-if)# ip access-group 10
正确答案:AD
解析:ExplanationCatalystswitchesoffertheportsecurityfeaturetocontrolportaccessbasedonMACaddresses.Toconfigureportsecurityonanaccesslayerswitchport,beginbyenablingitwiththefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityNext,youmustidentifyasetofallowedMACaddressessothattheportcangrantthemaccess.Youcanexplicitlyconfigureaddressesortheycanbedynamicallylearnedfromporttraffic.Oneachinterfacethatusesportsecurity,specifythemaximumnumberofMACaddressesthatwillbeallowedaccessusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securitymaximummax-addrFinally,youmustdefinehoweachinterfaceusingportsecurityshouldreactifaMACaddressisinviolationbyusingthefollowinginterfaceconfigurationcommand:Switch(config-if)#switchportport-securityviolation{shutdown|restrict|protect}AviolationoccursifmorethanthemaximumnumberofMACaddressesarelearned,orifanunknown(notstaticallydefined)MACaddressattemptstotransmitontheport.Theswitchporttakesoneofthefollowingconfiguredactionswhenaviolationisdetected:shutdown-Theportisimmediatelyputintotheerrdisablestate,whicheffectivelyshutsitdown.Itmustbere-enabledmanuallyorthrougherrdisablerecoverytobeusedagain.restrict-Theportisallowedtostayup,butallpacketsfromviolatingMACaddressesaredropped.TheswitchkeepsarunningcountofthenumberofviolatingpacketsandcansendanSNMPtrapandasyslogmessageasanalertoftheviolation.protect-Theportisallowedtostayup,asintherestrictmode.Althoughpacketsfromviolatingaddressesaredropped,norecordoftheviolationiskept. -
第2题:
A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C. Configure the MAC address of the server as a static entry associated with port Fa0/1.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
参考答案:C, E
-
第3题:
Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.Which two of these changes are necessary for SwitchA to meet the requirements? ()
A.Port security needs to be globally enabled.
B.Port security needs to be enabled on the interface.
C.Port security needs to be configured to shut down the interface in the event of a violation.
D.Port security needs to be configured to allow only one learned MAC address.
E.Port security interface counters need to be cleared before using the show command.
F.The port security configuration needs to be saved to NVRAM before it can become active.
参考答案:B, D
-
第4题:
For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists()。A.IP
B.ICMP
C.TCP
D.UDP
参考答案:B
-
第5题:
For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists?()
- A、IP
- B、ICMP
- C、TCP
- D、UDP
正确答案:B -
第6题:
A network administrator needs to configure port security on a switch.which two statements are true?()
- A、The network administrator can apply port security to dynamic access ports
- B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
- C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.
- D、The network administrator can apply port security to EtherChannels.
- E、When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.
正确答案:C,E -
第7题:
After properly configuring multiple VLANs, an administrator has decided to secure its VLAN network. Which three steps are required to secure this environment? (Choose three.)()
- A、 If a port is connected to a foreign device make sure to disable CDP, DTP, RPR, PAgP, UDLP, and any other unnecessary protocols, and enable UplinkFast/BPDU guard on it.
- B、 Enable root guard feature to prevent a directly or indirectly connected STP-capable device from affecting the location of the root bridge.
- C、 Configure VTP domains appropriately or turn off VTP altogether to limit or prevent possible undesirable protocol interaction with regards to the network-wide VLAN configuration.
- D、 Set the native VLAN ID to match the port VLAN ID of any 802.1q trunk to prevent spoofing.
- E、 Disable all unused ports and place them in an unused VLAN to avoid unauthorized access.
正确答案:B,C,E -
第8题:
You need to configure port security on switch R1. Which two statements are true about this technology? ()
- A、 Port security can be configured for ports supporting VoIP.
- B、 With port security configured, four MAC addresses are allowed by default.
- C、 The network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.
- D、 Withsecurity configured, only one MAC addresses is allowed by default.
- E、 Port security cannot be configured for ports supporting VoIP.
正确答案:A,D -
第9题:
单选题Why would a network administrator configure port security on a switch?()Ato prevent unauthorized Telnet access to a switch port
Bto limit the number of Layer 2 broadcasts on a particular switch port
Cto prevent unauthorized hosts from accessing the LAN
Dto protect the IP and MAC address of the switch and associated ports
Eto block unauthorized access to the switch management interfaces over common TCP ports
正确答案: D解析: 暂无解析 -
第10题:
单选题A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?()ABPDU
BPort security
CRSTP
DSTP
EVTP
FBlocking mode
正确答案: B解析: 暂无解析 -
第11题:
多选题Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.Which two of these changes are necessary for SwitchA to meet the requirements? ()APort security needs to be globally enabled.
BPort security needs to be enabled on the interface.
CPort security needs to be configured to shut down the interface in the event of a violation.
DPort security needs to be configured to allow only one learned MAC address.
EPort security interface counters need to be cleared before using the show command.
FThe port security configuration needs to be saved to NVRAM before it can become active.
正确答案: E,B解析: 暂无解析 -
第12题:
多选题A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?()AConfigure port Fa0/1 to accept connections only from the static IP address of the server.
BEmploy a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
CConfigure the MAC address of the server as a static entry associated with port Fa0/1.
DBind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
EConfigure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
FConfigure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
正确答案: A,C解析: 暂无解析 -
第13题:
Why would a network administrator configure port security on a switch?()A. To prevent unauthorized Telnet access to a switch port.
B. To limit the number of Layer 2 broadcasts on a particular switch port.
C. To prevent unauthorized hosts from accessing the LAN.
D. To protect the IP and MAC address of the switch and associated ports.
E. To block unauthorized access to the switch management interfaces over common TCP ports.
参考答案:C
-
第14题:
A network administrator needs to configure port security on a switch.which two statements are true? ()A.The network administrator can apply port security to dynamic access ports
B.The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
C.The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.
D.The network administrator can apply port security to EtherChannels.
E.When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined.
参考答案:C, E
-
第15题:
Why would a network administrator configure port security on a switch()。A.to prevent unauthorized Telnet access to a switch port
B.to limit the number of Layer 2 broadcasts on a particular switch port
C.to prevent unauthorized hosts from accessing the LAN
D.to protect the IP and MAC address of the switch and associated ports
E.to block unauthorized access to the switch management interfaces over common TCP ports
参考答案:C
-
第16题:
You are the network administrator of a small Layer 2 network with 50 users. Lately, users have been complaining that the network is very slow. While troubleshooting, you notice that the CAM table of your switch is full, although it supports up to 12,000 MAC addresses. How can you solve this issue and prevent it from happening in the future?()
- A、Upgrade the switches
- B、Configure BPDU guard
- C、Configure VLAN access lists
- D、Configure port security
- E、Configure Dynamic ARP inspection
正确答案:D -
第17题:
Why would a network administrator configure port security on a switch?()
- A、to prevent unauthorized Telnet access to a switch port
- B、to limit the number of Layer 2 broadcasts on a particular switch port
- C、to prevent unauthorized hosts from accessing the LAN
- D、to protect the IP and MAC address of the switch and associated ports
- E、to block unauthorized access to the switch management interfaces over common TCP ports
正确答案:C -
第18题:
A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?()
- A、BPDU
- B、Port security
- C、RSTP
- D、STP
- E、VTP
- F、Blocking mode
正确答案:B -
第19题:
Which feature would prevent guest users from gaining network access by unplugging an IP phone and connecting a laptop computer?()
- A、IPSec VPN
- B、SSL VPN
- C、port security
- D、port security with statically configured MAC addresses
- E、private VLANs
正确答案:D -
第20题:
多选题A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1 (Choose two.)()。AConfigure port Fa0/1 to accept connections only from the static IP address of the server.
BEmploy a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
CConfigure the MAC address of the server as a static entry associated with port Fa0/1.
DBind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
EConfigure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
FConfigure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
正确答案: A,F解析: 暂无解析 -
第21题:
多选题An administrator has purchased monitoring software that can be configured to alert administrators when hardware and applications are having issues. All devices are configured with SNMP, but the administrator wants to further secure the SNMP traffic. Which of the following settings would BEST provide additional monitoring security?()ASetting up a custom community name
BConfiguring the network to block traffic on port 161
CConfiguring the Windows Firewall to block port 161
DSetting SNMP to read only on the devices
EInstalling new MIBs
正确答案: D,E解析: 暂无解析 -
第22题:
多选题You need to configure port security on switch R1. Which two statements are true about this technology? ()APort security can be configured for ports supporting VoIP.
BWith port security configured, four MAC addresses are allowed by default.
CThe network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.
DWithsecurity configured, only one MAC addresses is allowed by default.
EPort security cannot be configured for ports supporting VoIP.
正确答案: A,E解析: 暂无解析 -
第23题:
单选题Why would a network administrator configure port security on a switch?()ATo prevent unauthorized Telnet access to a switch port.
BTo limit the number of Layer 2 broadcasts on a particular switch port.
CTo prevent unauthorized hosts from accessing the LAN.
DTo protect the IP and MAC address of the switch and associated ports.
ETo block unauthorized access to the switch management interfaces over common TCP ports.
正确答案: D解析: 暂无解析