1. What two protocols are supported on Cisco devices for AAA communications? (Choose two.)
2. Which service is enabled on a Cisco router by default that can reveal significant information about the router and potentially make it more vulnerable to attack?
3. When security is a concern, which OSI Layer is considered to be the weakest link in a network system?
- Layer 4
- Layer 7
- Layer 2
- Layer 3
4. Which Layer 2 attack will result in a switch flooding incoming frames to all ports?
- MAC address overflow
- Spanning Tree Protocol manipulation
- IP address spoofing
- ARP poisoning
5. Why is authentication with AAA preferred over a local database method?
- It specifies a different password for each line or port.
- It requires a login and password combination on the console, vty lines, and aux ports.
- It provides a fallback authentication method if the administrator forgets the username or password.
- It uses less network bandwidth.
6. In a server-based AAA implementation, which protocol will allow the router to successfully communicate with the AAA server?
7. Which Cisco solution helps prevent MAC and IP address spoofing attacks?
- Dynamic ARP Inspection
- IP Source Guard
- Port Security
- DHCP Snooping
8. What is the purpose of AAA accounting?
- to determine which resources the user can access
- to collect and report application usage
- to prove users are who they say they are
- to determine which operations the user can perform
9. Which Layer 2 attack will result in legitimate users not getting valid IP addresses?
- ARP spoofing
- DHCP starvation
- IP address spoofing
- MAC address flooding
10. Which three Cisco products focus on endpoint security solutions? (Choose three.)
- NAC Appliance
- Adaptive Security Appliance
- SSL/IPsec VPN Appliance
- IPS Sensor Appliance
- Web Security Appliance
- Email Security Appliance
11. True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the supplicant.
12. What is involved in an IP address spoofing attack?
- Bogus DHCPDISCOVER messages are sent to consume all the available addresses on a DHCP server.
- A rogue DHCP server provides false IP configuration parameters to legitimate DHCP clients.
- A rogue node replies to an ARP request with its own MAC address indicated for the target IP address.
- A legitimate network IP address is hijacked by a rogue node.
13. What three services are provided by the AAA framework? (Choose three.)
14. Because of implemented security controls, a user can only access a server with FTP. Which AAA component accomplishes this?
15. What mitigation plan is best for thwarting a DoS attack that is creating a MAC address table overflow?
- Enable port security.
- Disable DTP.
- Disable STP.
- Place unused ports in an unused VLAN.