Q1: Which of the following are considered best practices for Layer 2 security?
a. Inspect ARP messages to prevent hackers from causing hosts to create incorrect ARP table entries.
b. Enable port security.
c. Put all management traffic in VLAN 1, but no user traffic.
d. Configure DTP to use the auto setting.
e. Shut down unused ports.
Q2:
The following ACE is typed into configuration mode on a router: access-list 1 permit 10.44.38.0 0.0.3.255. If this statement had instead used a different mask, with nothing else changed, which of the following choices for mask would result in a match for source IP address 10.44.40.18?
a. 0.0.1.255
b. 0.0.5.255
c. 0.0.7.255
d. 0.0.15.255
Q3: True or False: When your router receives an IP packet uRPF is a mechanism that will check if it has a matching entry in the routing table for the source IP address. If it doesn’t match, the packet will be discarded.
a. True
b. False
Q4:
Which of the following statements is true regarding the router Cisco IOS Software TCP intercept feature?
a. Always acts as a proxy for incoming TCP connections, completing the client-side connection, and only then creating a server-side TCP connection.
b. Can monitor TCP connections for volume and for incomplete connections, as well as serve as a TCP proxy.
c. If enabled, must operate on all TCP connection requests entering a particular interface.
Q5: True or False: The verify command can be used to check the integrity of an IOS image
a. True
b. False
Q6: Which of the following number ranges apply to extended Access Control Lists
a. 1-99
b. 100-199
c. 1000-1699
d. 2000-2699
Answers
1: A, B, E
2: D
3: A
4: B
5: A
6: A,D
The Traceroute Blog 