CCNA 2 Chapter 2

Describe the boot sequence for a Cisco switch:
1st – loads POST program stored in ROM
2nd – loads boot loader software stored in ROM
3rd – boot loader performs low-level CPU initialization & initializes the CPU registers
4th – boot loader initializes flash file system on the system board
5th – boot loader locates & loads a default IOS operating system software image into memory and transfers control of the switch over to IOS
Where is the startup configuration stored?
NVRAM
Where is the running configuration stored?
RAM
How can you access the switch OS if there are missing or damaged filed systems?
use the boot loader – connect via a console cable to a PC and use terminal emulation software
What do you need to do for remote switch management?
configure the switch with an IP address and subnet mask – if managing the switch from a remote network – also configure the switch with the default gateway
For security purposes, should you use VLAN 1 for the management VLAN?
NO
Which ports are assigned to VLAN 1 by default?
ALL of them
What 6 steps are needed to configure basic switch settings?
1 – erase and reload the switch
2 – assign hostname
3 – configure password encryption
4 – assign secret password
5 – prevent DNS lookups
6 – create MOTD
What steps are needed to create a new VLAN on a switch to be managed remotely?
S1(config)# vlan 99
S1(config-vlan)# name Management
S1(config-vlan)# exit
S1(config)# interface vlan 99
S1(config-if)# ip address 172.16.1.15 255.255.0.0
S1(config-if)# no shutdown
S1(config-if)# switchport access vlan 99
S1(config-if)# exit
S1(config)# ip default-gateway 172.16.1.1
S1(config)# end
S1#copy running-config startup-config
What should be looked at when troubleshooting switch port issues?
duplex and speed settings
In full-duplex mode, what should be disabled?
the NIC collision detection circuit
To use auto-MDIX on an interface, what must the interface speed and duplex be set to so auto-MDIX operates correctly?
auto detect
Define input errors:
the sum of all errors in datagrams received on the interface
Define runts (input error):
less than 64-byte minimum allowed length – usually caused by malfunctioning NICs
Define giants (input error):
longer than the maximum allowed length
Define output errors:
the sum of all errors that prevented the final transmission of datagrams out of the interface
Define late collisions (output error):
after 512 bits of the frame – the preamble – have been transmitted – usually caused by excessive cable lengths or duplex misconfiguration
What 4 things should you look for if an interface is down?
* check for proper or damaged cables/connectors
* a mismatch in speed setting
* excessive noise
* late colissions
What causes a CRC input error?
usually a media or cable error
What is a MAC address table overflow attack?
flooding attacks make use of limited size in a MAC address table to overwhelm the switch with fake source MAC addresses until the switch MAC address table is full
What is a DHCP starvation attack?
attacker floods the DHCP server with requests to use up all available IP addresses the DHCP server can issue – leads to DoS
What is DHCP spoofing?
attacker configures a fake DHCP server to issue DHCP address to clients – forces clients to use false DNS servers – makes clients use the attacker as their default gateway – caused DHCP address pool to become depleted
What is included in CDP information?
IP address, software version, and the native VLAN – which attackers can use – DoS
Define a brute force attack:
attacker uses a dictionary to find common passwords to initiate a Telnet session
How do you secure a network?
use a written security policy, shut down unused services & ports, use strong passwords & change them often, control physical access to devices, use HTTPS, perform backups, develop policies to validate identities (over the phone, via email, and in person), encrypt & password-protect sensitive data, implement security hardware & software (firewalls), install security patches often, and use network security auditing tools.
Describe penetration testing:
a simulated attack against the network to determine how vulnerable it would be in a real attack – admin can identify weaknesses
What is DCHP snooping?
a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests – ports are identified as trusted & untrusted
Which ports can source all DHCP messages?
trusted
Which ports can source DHCP source requests only?
untrusted
What happens if a rouge device on an untrusted port tries to send a DHCP response packet into the network?
the port is shut down
If you disable sticky learning, what happens to sticky secure MAC addresses?
they remain part of the MAC address table, but are removed from the running configuration
What is the factory default interface violation mode?
shutdown – interface becomes error disabled
What is Network Time Protocol (NTP)?
synchronizes the clocks of computer systems over packet-switched, variable-latency data networks
Which command configures basic port security?
S1(config-if)# switchport mode access
S1(config-if)# switchport port-security
Which command verifies which switch ports are up?
S1# show ip interface brief
Which command disables a range of switch ports?
S1(config-if-range)# shutdown
S1(config-if-range)# int range f0/4 – 24
Which 3 commands enable DHCP Snooping?
S1(config)# ip dhcp snooping
S1(config)# ip dhcp snooping vlan ?
S1(config)# ip dhcp snooping trust
Which command configures the violation mode on a switch port?
S1(config-if)# switchport port-security violation
* after violation type protect, restrict, or shutdown
Which command enables sticky learning for a switch port?
S1(config-if)# switchport port-security mac-address sticky
Which command sets the maximum # of secure MAC addresses allowed on a switch port?
S1(config-if)# switchport port-security maximum 50
Which command verifies port security settings?
S1# show port-security int f0/1
Which command displays all secure MAC addresses configured on all switch interfaces?
S1# show port-security address
If a network admin enters these commands on a switch, what will be the result?
Switch1(config-line)# line console 0
Switch1(config-line)# password cisco
Switch1(config-line)# login
to secure console port access with password cisco
Which command line interface (CLI) mode allows users to configure switch parameters, such as the hostname and password?
global configuration mode
What happens when the transport input ssh command is entered on the switch vty lines?
Communication between the switch and remote users is encrypted.
A network administrator uses the CLI to enter a command that requires several parameters. The switch responds with “% Incomplete command”. The administrator cannot remember the missing parameters. What can the administrator do to get the parameter information?
append a space and then ? to the last parameter
When a switch receives a frame and the source MAC address is not found in the switching table, what action will be taken by the switch to process the incoming frame?
The switch will map the source MAC address to the port on which it was received.
The switch and workstation are administratively configured for full-duplex operation. What will or won’t happen on this link?
No collisions will occur on this link.
The partial output of the show running-config command. The enable password on this switch is “cisco.” What can be determined from the output shown?
Any configured line mode passwords will be encrypted in this configuration.
What 2 important characteristics about Layer 2 Ethernet switches are true?
* Layer 2 switches have multiple collision domains
* Layer 2 switches can send traffic based on the destination MAC address
What happens whent the command banner login “Authorized personnel Only” is issued on a switch?
The command will cause the message Authorized personnel Only to display before a user logs in.
When a collision occurs in a network using CSMA/CD, how do hosts with data to transmit respond after the backoff period has expired?
The hosts return to a listen-before-transmit mode.
Compare EXEC mode commands enable password and enable secret password.
*The enable secret password command provides better security than the enable password.
* The enable password and enable secret password protect access to privileged EXEC mode.
If a switch has 2 ports, how many collision domains can it have?
2
Which 2 statements are true regarding switch port security?
* Dynamically learned secure MAC addresses are lost when the switch reboots
* If fewer than the maximum number of MAC addresses for a port are configured statically, dynamically learned addresses are added to CAM until the maximum number is reached.
What are 2 ways to make a switch less vulnerable to attacks like MAC address flooding, CDP attacks, and Telnet attacks?.
Change passwords regularly.
Turn off unnecessary services.
What action does SW1 take on a frame sent from PCA to PCC if the MAC address table of SW1 is empty?
SW1 floods the frame on all ports on SW1, except for the port that received the frame.
The network admin has decided to allow only SSH connections to Switch1. After the commands are applied, the admin is able to connect to Switch1 using both SSH and Telnet. What is most likely the problem?
missing transport input ssh command
Where is the startup configuration stored?
NVRAM
The switch and the hub have default configurations, and the switch has built its CAM table. Which of the hosts will capture a copy of the frame when workstation A sends a unicast packet to workstation C?
workstation C
What happens when Host 1 attempts to send data?
Frames from Host 1 cause the interface to shut down.
Which hosts will receive a broadcast frame sent from Host A?
hosts B, C, D, and E
What is SVI (switched virtual interface)?
a special IP address Cisco switches can be configured with – used for remote access to the switch
Using the command switchport port-security – sets the maximum MAC addresses to what? And, the violation action to what?
Maximum 1 MAC address
Violation action to shutdown
VLAN 99 has been configured as the management VLAN with an IP address and subnet mask. Show interface VLAN99 output display shows the line protocol is down? Which action can change the state of the line?
Connect a host to an interface associated with VLAN 99
What would be an ideal environment to carry out penetration tests?
an off-line test bed network that mimics the actual production network
A network technician wants to implement SSH as the means by which a router may be managed remotely. What are 2 procedures that the technician should use to use SSH?
configure authentication
define the asymmetrical keys
What refers to a protocol that provides an encrypted connection? The protocol replaces the clear text Telnet protocol for Cisco device management.
SSH