Which of the following types of attacks does DHCP snooping prevent？（Choose all that apply.）（）A、Attacker sends multiple DHCP requests flooding DHCP serverB、Attacker connects rogue server initiating DHCP requestsC、Attacker connects rogue server replying to 

第1题：

第2题：

The Company security administrator wants to prevent DHCP spoofing.  Which statement is true  about DHCP spoofing operation？（）

• A、 DHCP spoofing and SPAN cannot be used on the same port of a switch.
• B、 To prevent a DHCP spoofing， the DHCP server must create a static ARP entry that cannot be  updated by a dynamic ARP packet.
• C、 To prevent a DHCP spoofing， the switch must have DHCP server services disabled and a static  entry pointing towards the DHCP server.
• D、 DHCP spoofing can be prevented by placing all unused ports in an unused VLAN.
• E、 None of the other alternatives apply.

正确答案:B

第3题：

When configuring a DHCP server, which of the following can the administrator define for DHCP users?（）

• A、Database server
• B、NTP server
• C、DHCP server
• D、SQLServer
• E、DNS server
• F、Domain name

正确答案:C,E,F

第4题：

Which three statements about the DHCP snooping feature on Cisco Nexus switches are true？ （）

• A、 DHCP snooping commands are not available until the feature is enabled with the feature dhcp- snooping command.
• B、 When you enable the DHCP snooping feature， the switch begins building and maintaining the DHCP snooping binding database.
• C、 The switch will not validate DHCP messages received or use the DHCP snooping binding database to validate subsequent requests from untrusted hosts until DHCP snooping is enabled globally and for each specific VLAN.
• D、 Globally disabling DHCP snooping removes all DHCP snooping configuration on the switch.
• E、 Globally disabling DHCP snooping does not remove any DHCP snooping configuration or the configuration of other features that are dependent upon the DHCP snooping feature.

正确答案:B,C,E

第5题：

When configuring a DHCP server， which of the following can the administrator define for DHCPusers？（）

• A、 Database server
• B、 NTP server
• C、 DHCP server
• D、 SQL server
• E、 DNS server
• F、 Domain name

正确答案:B,E,F

第6题：

A technician wants to use an existing DHCP server for three additional VLANs. Which of the following features needs to be configured to allow for this addition?（）

• A、DHCP server
• B、Proxy server
• C、Repeater
• D、DHCP relay

正确答案:D

第7题：

Which of the following server types translates NetBIOS names to IP addresses?（）

• A、DNS
• B、WINS
• C、FTP
• D、DHCP

正确答案:B

第8题：

In a Bridged 1483 network, which set of configuration commands allows the router to forward requests from the PC to an external DHCP server at 3.3.3.3?（）

• A、set dhcp relay 3.3.3.3 set dhcp relay agent
• B、enable dhcp relay agent set dhcp relay agent
• C、set dhcp server 3.3.3.3 enable dhcp relay agent
• D、enable dhcp server 3.3.3.3 enable dhcp relay agent

正确答案:A

第9题：

You have a DHCP server that runs Windows Server 2008. The DHCP server has two network connections named LAN1 and LAN2. You need to prevent the DHCP server from responding to DHCP client requests on LAN2. The server must continue to respond to non-DHCP client requests on LAN2. What should you do？ （）

• A、 From the DHCP snap-in， modify the bindings to associate only LAN1 with the DHCP service
• B、 From the DHCP snap-in， create a new multicast scope
• C、 From the properties of the LAN1 network connection， set the metric value to 1
• D、 From the properties of the LAN2 network connection， set the metric value to 1

正确答案:A

第10题：

第11题：

第12题：

第13题：

Which is the result of enabling IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled？（）

• A、DHCP requests will be switched in the software， which may result in lengthy response times.
• B、The switch will run out of ACL hardware resources.
• C、All DHCP requests will pass through the switch untested.
• D、The DHCP server reply will be dropped and the client will not be able to obtain an IP address.

正确答案:D

第14题：

As the network technician at Company， you need to configure DHCP snooping on a new switch.   Which three steps are required？ （）

• A、 Configure the switch to insert and remove DHCP relay information （option-82 field） in forwarded  DHCP request messages.
• B、 Configure DHCP snooping globally.
• C、 Configure the switch as a DHCP server.
• D、 Configure DHCP snooping on an interface.
• E、 Configure all interfaces as DHCP snooping trusted interfaces.
• F、 Configure DHCP snooping on a VLAN or range of VLANs.

正确答案:B,D,F

第15题：

An attacker is launching a DoS attack on the Company network using a hacking tool designed to  exhaust the IP address space available from the DHCP servers for a period of time.  Which  procedure would best defend against this type of attack？ （）

• A、 Configure only trusted interfaces with root guard.
• B、 Implement private VLANs （PVLANs） to carry only user traffic.
• C、 Implement private VLANs （PVLANs） to carry only DHCP traffic.
• D、 Configure only untrusted interfaces with root guard.
• E、 Configure DHCP spoofing on all ports that connect untrusted clients.
• F、 Configure DHCP snooping only on ports that connect trusted DHCP servers.
• G、 None of the other alternatives apply

正确答案:F

第16题：

DHCP snooping on Cisco Nexus 1000V Series Switches acts like a firewall between untrusted hosts and trusted DHCP servers by doing which of these？ （）

• A、 validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP servers
• B、 intercepts all ARP requests and responses on untrusted ports
• C、 builds and maintains the DHCP snooping binding database， which contains information about untrusted hosts with leased IP addresses
• D、 uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts
• E、 limits IP traffic on an interface to only those sources that have an IP-MAC address binding table entry or static IP source entry

正确答案:A,C,D

第17题：

Which of the following server types allows resolution of domain names to IP addresses？（）

• A、DHCP server
• B、DNS server
• C、Web server
• D、VLAN server

正确答案:B

第18题：

Which of the following server roles allows a server to translate fully qualified domain names into IP addresses？（）

• A、Directory services server
• B、NTP server
• C、DHCP server
• D、DNS server

正确答案:D

第19题：

How does the ERX Edge Router interact with an external DHCP server in a Bridged 1483 network？（）

• A、It maintains DHCP leases on behalf of subscribers.
• B、It initiates DHCP requests on behalf of subscribers.
• C、It passes DHCP traffic to and from the server;you must configure static host routes.
• D、It passes DHCP traffic to and from the server and inserts host routes into its routing table.

正确答案:D

第20题：

In a Bridged 1483 network,which set of configuration commands allows the router to forward requests from the PC to an external DHCP server at 1.1.1.1?（）

• A、set dhcp relay set dhcp server 1.1.1.1
• B、set dhcp relay agent set dhcp relay 1.1.1.1
• C、enable dhcp relay enabled hcp server 1.1.1.1
• D、enable dhcp relay agent enable dhcp relay 1.1.1.1

正确答案:B

第21题：

第22题：

第23题：