CCNA Security Practice Exam
Layer 2 Security
Securing our Layer 2 devices and operations is an important part of both your CCNA Security studies and working with real-life networks.
To help you master these topics, here's a CCNA Security practice exam on L2 security.
All answers are at the bottom of the page.
When you're done here, visit our CCNA Practice Exam page for more exams, and our Cisco tutorials page for over 300 additional videos, tutorials, and practice exams.
Join our Twitter conversation on the left side of this page for immediate notification on the posting of new answers and questions, additions to our YouTube Cisco Certification Channel, and more!
Enjoy the questions!
Chris Bryant
CCIE #12999
"The Computer Certification Bulldog"
chris@thebryantadvantage.com
I'm Paying It Forward - To You.
Get CCNA Security Certified Today - For $20.
Question 1:
A switch is in "failopen" mode, and its CAM table is full. How will incoming frames be handled?
A. Normally
B. They're dropped and the switch powers down
C. They're all treated as broadcasts
D. They're dropped and an SNMP MIB is transmitted
Question 2:
Name the three available modes of Port Security and identify the default.
Question 3:
Which of the following is not true regarding VLAN ACLs?
A. Implicit deny at the end
B. Run from top to bottom until a match is made
C. Applied in Global Configuration mode
D. A VLAN can have multiple ACLs applied to it
Question 4:
What global configuration mode command enables AAA?
Question 5:
What command verifies a SPAN configuration?
Question 6:
You want to apply port security to a switch port. The port is at its default settings, and the switch is a 2950. What do you first have to do?
A. Make the port an unconditional trunk port
B. Enable dot1x
C. Make the port an access port
D. Nothing
Question 7:
What command enables IEEE 802.1x globally on a Cisco 2950 switch?
Question 8:
Name four different methods of preventing a rogue switch from joining your network and/or stopping it from becoming the root switch.
Answers at the bottom of the page!
I'm Paying It Forward - To You.
Get CCNA Security Certified Today - For $20.
Answers:
1. "C". In that situation, incoming frames are treated just as broadcast frames are - a copy is sent out every port except the one that originally received the frame.
2. You know this from your CCNA studies - protect, restrict, and shutdown. Shutdown is the default.
3. "D". You can only apply a single VACL to a VLAN.
4. aaa new-model
5. show monitor (yeah, I know, that seems odd to me too!)
6. "C". You need to make that port an access port before applying port security.
7. dot1x system-auth-control
8. Depending on the situation and your network, you could..
use BPDU Guard
use Root Guard
Disable DTP on trunk ports
Make the native VLAN on the trunk an unused VLAN
That's it for this CCNA practice exam, but just click that link for plenty more - and for over 300 Cisco CCNA and CCNP tutorials, visit our Tutorials page!
For free CCNP practice exams for the BSCI, BCMSN, ONT, and ISCW exams, visit our CCNP Practice Exam Page!
I'm Paying It Forward - To You.
Get CCNA Security Certified Today - For $20.
The Ultimate CCNA Study Package | The Ultimate CCNA Study Guide
Binary Math And Subnetting Mastery
Cisco Rack Rentals
CCNP BSCI Exam Study Package
CCNP BCMSN Exam Study Package
CCNP BCRAN Exam Study Package
CCNP CIT Exam Study Package | CCNP BSCI Exam Study Guide
CCNA CBT Video Boot Camp | CCNP BSCI Video Boot Camp
Cisco Training Tutorials And Cisco Certification Articles
CCNP CBT BCMSN Video Boot Camp | CCNP CBT BCRAN Video Boot Camp
CompTIA Network+ Exam Study Package
CompTIA Security+ Exam Study Package
CompTIA A + Certification Exam Study Package
CCNA Training Store | CCNP Certification Training Store
CompTIA Certification Training Store
Cisco Lab Router And Switch Home Lab Help
Site Map | Home Page | Testimonials
Microsoft Windows Vista Certification Updates And News
The Bryant Advantage Blog | About Chris Bryant, CCIE #12933
|
