CCNA 2 v7 Modules 10 – 13: L2 Security and also WLANs full Exam Answers

1. I beg your pardon Layer 2 attack will an outcome in legitimate customers not gaining valid IP addresses?

ARP spoofingDHCP starvation*IP address spoofingMAC deal with flooding

2. What mitigation arrangement is ideal for thwarting a DoS attack that is developing a MAC address table overflow?

Disable DTP.Disable STP.

You are watching: When port security is enabled, a switch port uses the default violation mode of

Enable port security.*Place unused port in an unused VLAN.

3. Which 3 Cisco commodities focus ~ above endpoint protection solutions? (Choose three.)

IPS Sensor ApplianceWeb security Appliance*Email defense Appliance*SSL/IPsec VPN ApplianceAdaptive protection ApplianceNAC Appliance*

4. True or False?In the 802.1X standard, the client attempting to access the network is described as the supplicant.


5. Which authentication an approach stores usernames and also passwords in the router and also is right for little networks?

server-based AAA end TACACS+local AAA end RADIUSserver-based AAAlocal AAA over TACACS+local AAA*server-based AAA end RADIUS

Explanation: In a tiny network through a few network devices, AAA authentication have the right to be applied with the local database and with usernames and passwords save on the network devices. Authentication making use of the TACACS+ or RADIUS protocol will certainly require specialized ACS servers return this authentication solution scales fine in a large network.

6. What represents a best practice worrying discovery protocols such as CDP and also LLDP on network devices?

Enable CDP on edge devices, and allow LLDP on internal devices.Use the open up standard LLDP quite than CDP.Use the default router settings for CDP and also LLDP.Disable both protocols on every interfaces wherein they space not required.*

Explanation: Both exploration protocols can administer hackers v sensitive network information. They have to not be permitted on leaf devices, and also should be disabled around the world or top top a per-interface communication if no required. CDP is permitted by default.​

7. I beg your pardon protocol should be supplied to minimize the vulnerability of utilizing Telnet come remotely control network devices?


Explanation: Telnet offers plain text to communicate in a network. The username and also password deserve to be captured if the data infection is intercepted. SSH encrypts data communications in between two network devices. TFTP and SCP are offered for document transfer end the network. SNMP is provided in network monitoring solutions.

8. I beg your pardon statement describes the habits of a switch once the MAC deal with table is full?

It treats frames as unknown unicast and floods all incoming frames to every ports ~ above the switch.It treats frames together unknown unicast and floods all incoming frames to all ports across multiple switches.It treats frames as unknown unicast and floods all incoming frames to all ports in ~ the neighborhood VLAN.*It treats frames as unknown unicast and also floods every incoming frames to all ports within the collision domain.

Explanation:When the MAC attend to table is full, the move treats the frame as an unknown unicast and begins come flood every incoming web traffic to every ports just within the local VLAN.

9. What device is considered a supplicant throughout the 802.1X authentication process?

the router that is serving together the default gatewaythe authentication server that is performing customer authenticationthe client that is requesting authentication*the switch the is managing network access

Explanation: The devices associated in the 802.1X authentication process are as follows:The supplicant, which is the client that is requesting network accessThe authenticator, i m sorry is the switch the the customer is connecting to and that is actually regulating physical network accessThe authentication server, i m sorry performs the yes, really authentication

10. Describe the exhibit.

CCNA 2 v7.0 Modules 10 – 13 exam Answers p10

Port Fa0/2 has already been configured appropriately. The IP phone and also PC job-related properly. Which switch configuration would certainly be most ideal for port Fa0/2 if the network administrator has the complying with goals?

No one is allowed to disconnect the IP call or the PC and also connect some other wired device.If a different machine is connected, port Fa0/2 is close up door down.The move should automatically detect the MAC attend to of the IP phone and the pc and include those addresses come the to run configuration.

SWA(config-if)# switchport port-securitySWA(config-if)# switchport port-security mac-address sticky

SWA(config-if)# switchport port-securitySWA(config-if)# switchport port-security preferably 2SWA(config-if)# switchport port-security mac-address stickySWA(config-if)# switchport port-security violation restrict

SWA(config-if)# switchport port-security mac-address stickySWA(config-if)# switchport port-security best 2

SWA(config-if)# switchport port-securitySWA(config-if)# switchport port-security maximum 2SWA(config-if)# switchport port-security mac-address sticky***

Explanation: The default mode for a port protection violation is to shut under the harbor so the switchport port-security violation command is no necessary. The switchport port-security command must be entered with no extr options to permit port defense for the port.Then, extr port security choices can be added.

11. Refer to the exhibit.

CCNA 2 v7.0 Modules 10 – 13 exam Answers p11

Port security has been configured top top the Fa 0/12 user interface of move S1. What action will happen when PC1 is attached to move S1 v the used configuration?

Frames native PC1 will certainly be forwarded because the switchport port-security violation command is missing.Frames indigenous PC1 will be forwarded come its destination, and also a log entry will certainly be created.Frames indigenous PC1 will be forwarded to its destination, however a log entry will not be created.Frames indigenous PC1 will reason the interface to shut down immediately, and also a log entry will certainly be made.*Frames indigenous PC1 will certainly be dropped, and also there will certainly be no log of the violation.Frames indigenous PC1 will certainly be dropped, and a log blog post will be created.

Explanation: Manual configuration of the single allowed MAC resolve has been entered for harbor fa0/12. PC1 has a different MAC address and when attached will cause the harbor to shut down (the default action), a log article to be immediately created, and also the violation counter to increment. The default activity of shutdown is recommended since the restrict option might fail if an strike is underway.

12. Which kind of VLAN-hopping strike may it is in prevented by designating an unused VLAN as the aboriginal VLAN?

DHCP spoofingDHCP starvationVLAN double-tagging*DTP spoofing

Explanation: Spoofing DTP messages forces a switch into trunking mode as component of a VLAN-hopping attack, but VLAN twin tagging works also if tribe ports space disabled. Changing the aboriginal VLAN native the default come an unused VLAN reduce the opportunity of this type of attack. DHCP spoofing and DHCP starvation make use of vulnerabilities in the DHCP post exchange.​

13. A network administrator is configuring DAI ~ above a switch v the command ip arp inspection validate src-mac. What is the purpose of this construction command?

It check the source MAC address in the Ethernet header versus the user-configured ARP ACLs.It checks the source MAC attend to in the Ethernet header versus the MAC resolve table.It check the resource MAC attend to in the Ethernet header against the sender MAC attend to in the ARP body.*It check the source MAC attend to in the Ethernet header against the target MAC resolve in the ARP body.

Explanation: DAI have the right to be configured to inspect for both location or resource MAC and IP addresses:Destination MAC – check the destination MAC resolve in the Ethernet header against the target MAC deal with in the ARP body.Source MAC – check the resource MAC address in the Ethernet header versus the sender MAC resolve in the ARP body.IP address – check the ARP body for invalid and unexpected IP addresses consisting of addresses,, and also all IP multicast addresses.

14. I m sorry two commands can be provided to enable BPDU guard on a switch? (Choose two.)

S1(config)# spanning-tree bpduguard defaultS1(config-if)# spanning-tree portfast bpduguardS1(config)# spanning-tree portfast bpduguard default*S1(config-if)# permit spanning-tree bpduguardS1(config-if)# spanning-tree bpduguard enable*

Explanation: BPDU guard can be allowed on every PortFast-enabled ports by utilizing the spanning-tree portfast bpduguard default global configuration command. Alternatively, BPDU guard can be allowed on a PortFast-enabled port through the use of the spanning-tree bpduguard enable interface construction command.

15. As part of the new security policy, every switches ~ above the network room configured to automatically learn MAC addresses for each port. All running configurations are conserved at the start and also close that every service day. A significant thunderstorm causes an extensive power outage several hrs after the nearby of business. Once the switches room brought earlier online, the dynamically learned MAC addresses room retained. Which port security configuration permitted this?

auto for sure MAC addressesdynamic certain MAC addressesstatic secure MAC addressessticky secure MAC addresses*

Explanation: With sticky secure MAC addressing, the MAC addresses can be one of two people dynamically learned or manually configured and also then save in the deal with table and added to the running configuration file. In contrast, dynamic certain MAC addressing provides for dynamically learned MAC addressing that is stored just in the address table.

16. Which form of management framework may frequently be broadcast by an AP?

authenticationprobe requestprobe responsebeacon*

Explanation: Beacons are the just management structure that might regularly be transfer by one AP. Probing, authentication, and association frames are used only during the association (or reassociation) process.

17. What are the two methods that are provided by a wireless NIC to discover an AP? (Choose two.)

delivering a broadcast framereceiving a transfer beacon frame*initiating a three-way handshakesending an ARP requesttransmitting a probe request*

Explanation: Two methods have the right to be offered by a wireless an equipment to discover and register through an accessibility point: passive mode and active mode. In passive mode, the AP sends a transfer beacon frame that includes the SSID and also other wireless settings. In active mode, the wireless device must be manually configured because that the SSID, and also then the maker broadcasts a probe request.

18. A technician is configuring the channel ~ above a wireless router to either 1, 6, or 11. What is the function of adjusting the channel?

to enable different 802.11 standardsto prevent interference from surrounding wireless devices*to disable broadcasting of the SSIDto provide stronger defense modes

Explanation: Channels 1, 6, and also 11 room selected because they space 5 channels apart. For this reason minimizing the interference with adjacent channels. A channel frequency can interfere with networks on either side of the main frequency. Every wireless gadgets need come be provided on nonadjacent channels.

19. While attending a conference, participants space using laptops for network connectivity. Once a guest speak attempts to connect to the network, the laptop fails to display any available wireless networks. The access point must be operation in i beg your pardon mode?


Explanation: Active is a setting used to configure an access point so the clients must understand the SSID to connect to the accessibility point. APs and also wireless routers can operate in a mixed mode definition that that multiple wireless standards are supported. Open is one authentication mode for an accessibility point that has actually no affect on the listing of available wireless networks because that a client. When an access point is configured in passive mode, the SSID is transfer so that the surname of wireless network will show up in the listing of accessible networks because that clients.

20. A network administrator is forced to update wireless access to end users in a building. To carry out data prices up to 1.3 Gb/s and still be behind compatible v older devices, which wireless standard have to be implemented?


Explanation: 802.11ac gives data prices up to 1.3 Gb/s and also is still backward compatible v 802.11a/b/g/n devices. 802.11g and also 802.11n space older standards that cannot with speeds end 1Gb/s. 802.11ad is a more recent standard that deserve to offer theoretical speed of approximately 7 Gb/s.

21. A technician is about to install and configure a wireless network in ~ a little branch office. What is the an initial security measure up the technician should use immediately top top powering increase the wireless router?

Enable MAC address filtering on the wireless router.Configure encryption on the wireless router and also the connected wireless devices.Change the default user-name and password of the wireless router.*Disable the wireless network SSID broadcast.

Explanation: The very first action a technician have to do come secure a new wireless network is to change the default user-name and also password that the wireless router. The next activity would usually be come configure encryption. Then once the initial group of wireless master have associated to the network, MAC address filtering would be allowed and SSID transfer disabled. This will prevent brand-new unauthorized master from finding and connecting to the wireless network.

22. Top top a Cisco 3504 WLC dashboard, which option provides access to the complete menu that features?

Access PointsNetwork SummaryAdvanced*Rogues

Explanation: The Cisco 3504 WLC dashboard displays when a user logs into the WLC. It offers some an easy settings and also menus that users deserve to quickly access to perform a selection of typical configurations. By clicking the Advanced button, the user will accessibility the advanced Summary page and accessibility all the functions of the WLC.

23. Which step is required prior to creating a brand-new WLAN ~ above a Cisco 3500 series WLC?

Create a new SSID.Build or have actually an SNMP server available.Build or have actually a RADIUS server available.Create a new VLAN interface.*

Explanation: Each new WLAN configured top top a Cisco 3500 series WLC demands its very own VLAN interface. For this reason it is forced that a new VLAN user interface to be created an initial before a new WLAN deserve to be created.

24. A network technician is troubleshooting a freshly deployed wireless network the is using the latest 802.11 standards. When users accessibility high bandwidth solutions such as streaming video, the wireless network performance is poor. To improve performance the network engineer decides come configure a 5 Ghz frequency band SSID and train users to use that SSID for streaming media services. Why could this solution improve the wireless network performance for that kind of service?

Requiring the customers to switch to the 5 GHz band for streaming media is inconvenient and also will an outcome in fewer users accessing this services.The 5 GHz band has an ext channels and is much less crowded 보다 the 2.4 GHz band, which renders it more suited come streaming multimedia.*The 5 GHz band has actually a greater variety and is because of this likely to be interference-free.The only users that deserve to switch come the 5 GHz band will certainly be those v the recent wireless NICs, i beg your pardon will minimize usage.

Explanation: Wireless range is established by the access point antenna and output power, not the frequency band the is used. In this script it is stated that every users have wireless NICs that comply v the recent standard, and also so all can access the 5 GHz band. Although some users may discover it inconvenient to move to the 5 Ghz tape to access streaming services, it is the greater number of channels, not just fewer users, the will enhance network performance.

25. A network administrator is configuring a RADIUS server link on a Cisco 3500 series WLC. The configuration calls for a shared mystery password. What is the purpose for the shared secret password?

It is supplied by the RADIUS server to authenticate WLAN users.It is used to authenticate and encrypt user data ~ above the WLAN.It is supplied to encrypt the messages between the WLC and also the RADIUS server.*It enables users come authenticate and accessibility the WLAN.

Explanation: The RADIUS protocol uses security attributes to defend communications in between the RADIUS server and clients. A shared secret is the password used between the WLC and also the RADIUS server. It is not for end users.

26. Which three parameters would must be changed if finest practices space being enforced for a home wireless AP? (Choose three.)

wireless customer operating device passwordantenna frequencywireless network password*wireless beacon timeAP password*SSID*

Explanation: As quickly as an AP is taken the end of a box, the default machine password, SSID, and security parameters (wireless network password) need to be set. The frequency of a wireless antenna deserve to be adjusted, but doing so is not required. The beacon time is not generally configured. The wireless client operating device password is not impacted by the construction of a house wireless network.

27. Which access control component, implementation, or protocol is based top top usernames and also passwords?


28. Which type of wireless network is based on the 802.11 standard and also a 2.4-GHz or 5-GHz radio frequency?

wireless metropolitan-area networkwireless wide-area networkwireless local-area network*wireless personal-area network

29. Which 2 Cisco solutions assist prevent DHCP starvation attacks? (Choose two.)

DHCP Snooping*IP resource GuardDynamic ARP InspectionPort Security*Web defense Appliance

Explanation: Cisco gives solutions to assist mitigate layer 2 assaults including these:IP resource Guard (IPSG) – avoids MAC and IP attend to spoofing attacksDynamic ARP inspection (DAI) – prevents ARP spoofing and also ARP poisoning attacksDHCP Snooping – prevents DHCP starvation and also SHCP spoofing attacksPort Security – stays clear of many varieties of assaults including MAC table overflow attacks and DHCP starvation attacksWeb security Appliance (WSA) is a mitigation modern technology for web-based threats.

30. What space three approaches for mitigating VLAN attacks? (Choose three.)

Enable trunking manually.*Disable DTP.*Enable source Guard.Set the indigenous VLAN come an unused VLAN.*Use exclusive VLANs.Enable BPDU guard.

Explanation: Mitigating a VLAN attack can be done by disabling Dynamic Trunking Protocol (DTP), manually setting ports to trunking mode, and by setup the native VLAN that trunk web links to VLANs not in use.

31. Refer to the exhibit.

CCNA 2 v7.0 Modules 10 – 13 test Answers p31

What have the right to be determined around port protection from the details that is shown?

The port has actually the maximum number of MAC addresses that is sustained by a class 2 switch port which is configured for harbor security.The port has been shut down.The port violation mode is the default for any kind of port that has port security enabled.*The port has actually two fastened devices.

Explanation: The Port Security line merely shows a state of Enabled if the switchport port-security command (with no options) has actually been gone into for a certain switch port. If a port security violation had occurred, a different error message appears such as Secure-shutdown. The maximum variety of MAC addresses supported is 50. The Maximum MAC Addresses line is offered to present how many MAC addresses can be learned (2 in this case). The Sticky MAC Addresses line reflects that just one machine has been attached and learned immediately by the switch. This configuration could be used when a port is mutual by two cubicle-sharing personnel who carry in separate laptops.

32. A network administrator the a college is configuring the WLAN user authentication process. Wireless users are required to go into username and password credentials that will certainly be verified by a server. I m sorry server would administer such service?


Explanation: Remote Authentication Dial-In User organization (RADIUS) is a protocol and server software application that offers user-based authentication for an organization. Once a WLAN is configured to usage a RADIUS server, individuals will get in username and also password credentials the are proved by the RADIUS server before permitting to the WLAN.

33. A technician is troubleshooting a slow WLAN that is composed of 802.11b and 802.11g devices . A new 802.11n/ac dual-band router has been deployed on the network to replace the old 802.11g router. What can the technician perform to address the sluggish wireless speed?

Split the wireless traffic in between the 802.11n 2.4 GHz band and also the 5 GHz band.*Update the firmware top top the brand-new router.Configure gadgets to use a different channel.Change the SSID.

Explanation: Splitting the wireless traffic in between the 802.11n 2.4 GHz band and the 5 GHz tape will allow for the 802.11n to usage the two bands together two separate wireless networks to aid manage the traffic, hence improving wireless performance.

34. The agency handbook says that employees cannot have microwave ovens in your offices. Instead, all employees need to use the microwave ovens located in the employee cafeteria. What wireless security risk is the company trying come avoid?

improperly configured devicesrogue accessibility pointsaccidental interference*interception that data

Explanation: Denial that service assaults can it is in the an outcome of improperly configured devices which can disable the WLAN. Accidental interference from tools such as microwave ovens and also cordless phones can affect both the security and performance the a WLAN. Man-in-the-middle attacks can enable an attacker come intercept data. Rogue accessibility points can allow unauthorized individuals to access the wireless network.

35. What is the function provided by CAPWAP protocol in a this firm wireless network?

CAPWAP creates a tunnel on Transmission control Protocol (TCP) ports in order to enable a WLC come configure one autonomous access point.CAPWAP offers the encapsulation and forwarding the wireless user traffic between an access point and a wireless LAN controller.*CAPWAP provides connectivity between an access point making use of IPv6 addressing and a wireless customer using IPv4 addressing.CAPWAP gives the encryption that wireless user traffic between an accessibility point and a wireless client.
Explanation: CAPWAP is one IEEE traditional protocol that allows a WLC to control multiple APs and WLANs. CAPWAP is likewise responsible because that the encapsulation and also forwarding that WLAN client traffic in between an AP and also a WLC.

36. Open up the PT Activity. Carry out the work in the activity instructions and then price the question.

CCNA 2 v7.0 Modules 10 – 13 test Answers p36

Which occasion will take location if there is a port protection violation on move S1 user interface Fa0/1?

A syslog message is logged.The interface will enter error-disabled state.Packets v unknown source addresses will be dropped.*A an alert is sent.

Explanation: The violation mode have the right to be perceived by issuing the show port-security interface command. User interface FastEthernet 0/1 is configured v the violation mode of protect. If there is a violation, user interface FastEthernet 0/1 will certainly drop packets through unknown MAC addresses.

37. Enhance each sensible component the AAA with its description. (Not all alternatives are used.)

CCNA 2 v7.0 Modules 10 – 13 exam Answers p37

38. What room two protocols that are supplied by AAA to authenticate users against a central database of usernames and also password? (Choose two.)


Explanation: By using TACACS+ or RADIUS, AAA have the right to authenticate customers from a database that usernames and also passwords stored centrally on a server such together a Cisco ACS server.

39. What is the an outcome of a DHCP famine attack?

The attacker gives incorrect DNS and also default gateway details to clients.The IP addresses assigned to legitimate clients space hijacked.Clients obtain IP resolve assignments native a rogue DHCP server.Legitimate clients space unable come lease IP addresses.*

Explanation: DCHP starvation strikes are introduced by an attacker v the intent to develop a DoS for DHCP clients. To attain this goal, the attacker uses a device that sends plenty of DHCPDISCOVER messages to lease the entire pool of easily accessible IP addresses, thus denying castle to legitimate hosts.

40. Which attribute or construction on a switch provides it vulnerable to VLAN double-tagging attacks?

the limited size of content-addressable memory spacethe automatically trunking port feature allowed for every ports through defaultthe aboriginal VLAN that the trunking harbor being the same as a user VLAN*mixed duplex mode enabled for all ports by default

Explanation: A double-tagging (or double-encapsulated) VLAN hopping assault takes benefit of the way that hardware on many switches operates. Most switches perform just one level that 802.1Q de-encapsulation, which enables an attacker to embed a covert 802.1Q tag inside the frame. This tag enables the frame to be forwarded to a VLAN that the original 802.1Q sign did no specify. An essential characteristic of the double-encapsulated VLAN hopping strike is that it works also if stems ports are disabled, since a host commonly sends a framework on a segment that is not a tribe link. This kind of assault is unidirectional and also works only as soon as the attacker is connected to a harbor residing in the very same VLAN as the indigenous VLAN the the stems port.

41. Which component of AAA enables an administrator to track people who accessibility network resources and any changes that are made to those resources?


Explanation: One the the materials in AAA is accounting. After ~ a user is authenticated through AAA, AAA servers keep a comprehensive log of exactly what actions the authenticated user bring away on the device.

42. Refer to the exhibit.

CCNA 2 v7.0 Modules 10 – 13 test Answers p42

PC1 and also PC2 should be maybe to attain IP attend to assignments indigenous the DHCP server. How countless ports amongst switches have to be assigned as trusted port as component of the DHCP snooping configuration?


Explanation: The DHCP snooping configuration includes building the DHCP Snooping Binding Database and also assigning necessary trusted ports on switches. A trusted harbor points to the legitimate DHCP servers. In this network design, due to the fact that the DHCP server is attached come AS3, seven switch ports should be assigned together trusted ports, one on AS3 toward the DHCP server, one on DS1 toward AS3, one top top DS2 towards AS3, and two relations on both AS1 and also AS2 (toward DS1 and DS2), because that a full of seven.

43. An IT defense specialist allows port security on a switch port of a Cisco switch. What is the default violation mode in use until the switch harbor is configured to use a different violation mode?


Explanation: If no violation mode is specified when port protection is enabled on a switch port, then the defense violation setting defaults to shutdown.

44. A laptop cannot connect to a wireless access point. Which 2 troubleshooting steps should it is in taken first? (Choose two.)

Ensure that the correct network media is selected.Ensure the the laptop antenna is attached.Ensure that the wireless NIC is enabled.*Ensure the the wireless SSID is chosen.*Ensure the the NIC is configured because that the appropriate frequency.

45. What is an benefit of SSID cloaking?​

Clients will need to manually determine the SSID to attach to the network.​*It is the best means to secure a wireless network.SSIDs are very complicated to discover due to the fact that APs carry out not broadcast them.​It provides free Internet access in public areas where understanding the SSID is that no concern.

Explanation: SSID cloaking is a weak security function that is carry out by APs and also some wireless routers by allowing the SSID beacon frame to be disabled. Back clients need to manually determine the SSID to be linked to the network, the SSID have the right to be conveniently discovered. The best method to certain a wireless network is to use authentication and encryption systems. SSID cloaking does no provide cost-free Internet accessibility in public locations, yet an open system authentication can be provided in that situation.

46. What is a wireless security setting that needs a RADIUS server to authenticate wireless users?

personalshared keyEnterprise*WEP

Explanation: WPA and WPA2 come in 2 types: an individual and enterprise. Personal is supplied in house and little office networks. Shared vital allows three various authentication techniques: (1) WEP, (2) WPA, and (3) 802.11i/WPA2. WEP is an encryption method.

47. A firm has recently enforced an 802.11n wireless network. Part users room complaining that the wireless network is too slow. Which equipment is the best method to boost the performance of the wireless network?

Disable DHCP ~ above the accessibility point and also assign revolution addresses come the wireless clients.Upgrade the firmware top top the wireless access point.Split the traffic in between the 2.4 GHz and 5 GHz frequency bands.*Replace the wireless NICs on the computers that are experiencing slow connections.

Explanation: Because some users room complaining around the network being also slow, the correct choice would it is in to split the web traffic so the there space two networks using different frequencies at the exact same time. Instead of the wireless NICs will certainly not necessarily exactly the network gift slow and also it can be expensive because that the company. DHCP versus revolution addressing should have no influence of the network gift slow and also it would certainly be a large task to have actually all users assigned revolution addressing for their wireless connection. Upgrading the firmware top top the wireless access point is constantly a great idea. However, if some of the users space experiencing a slow network connection, the is most likely that this would certainly not substantially boost network performance.

48. I beg your pardon protocol can be offered to screen the network?


Explanation: Simple Network monitoring Protocol (SNMP) is supplied to monitor the network.

49. A network administrator deploys a wireless router in a little law firm. Employee laptops join the WLAN and also receive IP addresses in the network. Which company is supplied on the wireless router to permit the employee laptops to accessibility the internet?


Explanation: Any deal with with the 10 in the very first octet is a exclusive IPv4 address and can not be routed top top the internet. The wireless router will usage a business called Network address Translation (NAT) to transform private IPv4 addresses come internet-routable IPv4 addresses because that wireless tools to gain access to the internet.

50. Which organization can be used on a wireless router come prioritize network traffic amongst different types of applications so the voice and video data room prioritized over email and also web data?


Explanation: Many wireless routers have an option for configuring top quality of business (QoS). By configuring QoS, particular time-sensitive website traffic types, such together voice and video, space prioritized over web traffic that is not as time-sensitive, such together email and also web browsing.

51. Which access control component, implementation, or protocol is based on machine roles that supplicant, authenticator, and authentication server?


52. Which type of wireless network is suitable for nationwide and worldwide communications?

wireless metropolitan-area networkwireless local-area networkwireless personal-area networkwireless wide-area network*

53. Which feature on a switch renders it vulnerable to VLAN to dance attacks?

the combined duplex mode permitted for all ports by defaultthe minimal size that content-addressable storage spacemixed port bandwidth support permitted for all ports by defaultthe automatic trunking harbor feature enabled for all ports by default*

Explanation: A VLAN hopping attack permits traffic indigenous one VLAN to be watched by another VLAN without routing. In a an easy VLAN to dance attack, the attacker takes benefit of the automatically trunking port feature allowed by default on many switch ports.

54. Which ingredient of AAA is supplied to recognize which resources a user can accessibility and which operations the user is permitted to perform?


Explanation: One the the contents in AAA is authorization. After a user is authenticated through AAA, authorization services determine which sources the user can access and i m sorry operations the user is allowed to perform.

55. Describe the exhibit.

CCNA 2 v7.0 Modules 10 – 13 test Answers p55

The Fa0/2 user interface on switch S1 has actually been configured through the switchport port-security mac-address 0023.189d.6456 command and a workstation has been connected. What could be the reason that the Fa0/2 user interface is shutdown?

The Fa0/24 interface of S1 is configured with the exact same MAC resolve as the Fa0/2 interface.The connection in between S1 and PC1 is via a crossover cable.S1 has been configured v a switchport port-security aging command.The MAC resolve of PC1 that connects to the Fa0/2 user interface is not the configured MAC address.*

Explanation: The defense violation respond to for Fa0/2 has actually been incremented (evidenced by the 1 in the SecurityViolation column). The many secure addresses permitted on port Fa0/2 is 1 and also that address was manually entered. Therefore, PC1 must have a different MAC attend to than the one configured for harbor Fa0/2. Connections in between end devices and the switch, and connections between a router and a switch, space made v a straight-through cable.

56. A network administrator enters the following regulates on the switch SW1.

SW1(config)# interface range fa0/5 - 10SW1(config-if)# ip dhcp snooping limit price 6

What is the impact after these regulates are entered?

If any of the FastEthernet port 5 with 10 receive an ext than 6 DHCP messages every second, the port will certainly be closeup of the door down.FastEthernet harbor 5 v 10 have the right to receive up to 6 DHCP messages per 2nd of any type.If any of the FastEthernet harbor 5 v 10 receive an ext than 6 DHCP messages per second, the harbor will proceed to operate and also an error message will be sent to the network administrator.FastEthernet harbor 5 with 10 deserve to receive approximately 6 DHCP exploration messages every second.*

Explanation: When DHCP snooping is being configured, the number of DHCP exploration messages the untrusted ports have the right to receive per 2nd should be rate-limited by using the ip dhcp snooping border rate interface configuration command. As soon as a port receives an ext messages 보다 the rate allows, the extra messages will certainly be dropped.

57. A network administrator is configuring port security on a Cisco switch. The agency security policy specifies that when a violation occurs, packets with unknown source addresses should be dropped and also no an alert should be sent. Which violation setting should be configured ~ above the interfaces?


Explanation: On a Cisco switch, one interface can be configured for one of three violation modes, point out the activity to be taken if a violation occurs:Protect – Packets with unknown resource addresses room dropped till a sufficient variety of secure MAC addresses space removed, or the variety of maximum allowable addresses is increased. There is no notice that a protection violation has occurred.Restrict – Packets v unknown source addresses are dropped till a sufficient number of secure MAC addresses are removed, or the variety of maximum allowable addresses is increased. In this mode, over there is a an alert that a protection violation has actually occurred.Shutdown – The interface automatically becomes error-disabled and the port LED is rotate off.

58. A network administrator is working to enhance WLAN power on a dual-band wireless router. What is a simple method to accomplish a split-the-traffic result?

Add a Wi-Fi selection extender to the WLAN and collection the AP and also the variety extender come serve various bands.Check and also keep the firmware the the wireless router updated.Make certain that various SSIDs are used for the 2.4 GHz and 5 GHz bands.*Require all wireless tools to use the 802.11n standard.

Explanation: By default, dual-band routers and APs use the same network name on both the 2.4 GHz band and also the 5 GHz band. The simplest method to segment traffic is come rename among the wireless networks.

See more: Why Do Cats Have Black Lips, Black Stuff Around Cat'S Mouth

59. Which accessibility control component, implementation, or protocol controls what users can do top top the network?


60. Which kind of wireless network is an ideal for providing wireless accessibility to a city or district?

wireless wide-area networkwireless personal-area networkwireless local-area networkwireless metropolitan-area network*

61. ~ above a Cisco 3504 WLC an overview page ( progressed > summary ), i beg your pardon tab enables a network administrator to access and configure a WLAN for a certain security option such as WPA2?


62. What kind of wireless antenna is ideal suited for offering coverage in huge open spaces, such together hallways or large conference rooms?


63. What 2 IEEE 802.11 wireless criter operate just in the 5 GHz range? (Choose two.)


64. What security benefit is acquired from enabling BPDU safety on PortFast permitted interfaces?

preventing buffer overflow attackspreventing rogue switches indigenous being included to the network*protecting against Layer 2 loopsenforcing the location of root bridges

Explanation: BPDU guard automatically error-disables a port the receives a BPDU. This prevents rogue switches from being included to the network. BPDU guard must only be applied to all end-user ports.

65. Which accessibility control component, implementation, or protocol logs EXEC and configuration commands configured by a user?


66. Which type of wireless network offers transmitters to administer coverage over comprehensive geographic area?

wireless metropolitan-area networkwireless local-area networkwireless personal-area networkwireless wide-area network*

67. Which access control component, implementation, or protocol controls who is permitted to accessibility a network?


68. What two IEEE 802.11 wireless standards operate just in the 5 GHz range? (Choose two.)