A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?（）A. Visually verify the MAC addresses and the

第1题：

Why would a network administrator configure port security on a switch?（）

• A、To prevent unauthorized Telnet access to a switch port.
• B、To limit the number of Layer 2 broadcasts on a particular switch port.
• C、To prevent unauthorized hosts from accessing the LAN.
• D、To protect the IP and MAC address of the switch and associated ports.
• E、To block unauthorized access to the switch management interfaces over common TCP ports.

第2题：

Which two statements are true about voice VLANs？（）

• A、Voice VLANs are only used when connecting an IP phone and a host to distinct switch ports
• B、Access ports that are configured with voice VLANs will always trust the CoS that is received from IP phones
• C、Access ports that are configured with voice VLANs may or may not override the CoS value that is received from an IP phone
• D、Voice VLANs are configured using the switchport voice vlan vlan-ID interface configuration command
• E、Voice VLANs provide a trunking interface between an IP phone and an access port on a switch to allow traffic from multiple devices that are connected to the port
• F、Enabling Voice VLAN on a switch port will automatically configure the port to trust the incoming CoS markings

第3题：

An administrator would like to configure a switch over a virtual terminal connection from locations outside of the local LAN. Which of the following are required in order for the switch to be configured from a remote location？ （）

• A、The switch must be configured with an IP address,subnet mask,and default gateway.
• B、The switch must be connected to a router over a VLAN trunk.
• C、The switch must be reachable through a port connected to its management VLAN.
• D、The switch console port must be connected to the Ethernet LAN.
• E、The switch management VLAN must be created and have a membership of at least one switch port.
• F、The switch must be fully configured as an SNMP agent.

第4题：

Which two of the following steps are necessary to configure inter-VLAN routing between multilayer switches？（）

• A、Configure a dynamic routing protocol.
• B、Configure SVI interfaces with IP addresses and subnet masks.
• C、Configure switch ports with network addresses.
• D、Configure switch ports with the autostate exclude command.
• E、Document the MAC addresses of the switch ports.

第5题：

An administrator would like to configure a switch over a virtual terminal connection from locations outside of the local LAN. Which of the following are required in order for the switch to be configured from a remote location? （）

• A、The switch must be configured with an IP address, subnet mask, and default gateway.
• B、The switch must be connected to a router over a VLAN trunk.
• C、The switch must be reachable through a port connected to its management VLAN.
• D、The switch console port must be connected to the Ethernet LAN.
• E、The switch management VLAN must be created and have a membership of at least one switch

第6题：

A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?（）

• A、Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command
• B、Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command
• C、Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them
• D、Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security

第7题：

You need to configure port security on switch R1.  Which two statements are true about this  technology？ （）

• A、 Port security can be configured for ports supporting VoIP.
• B、 With port security configured， four MAC addresses are allowed by default.
• C、 The network administrator must manually enter the MAC address for each device in order for  the switch to allow connectivity.
• D、  Withsecurity configured， only one MAC addresses is allowed by default.  
• E、 Port security cannot be configured for ports supporting VoIP.

第8题：

第9题：

第10题：

第11题：

第12题：

第13题：

Why would a network administrator configure port security on a switch?（）

• A、to prevent unauthorized Telnet access to a switch port
• B、to limit the number of Layer 2 broadcasts on a particular switch port
• C、to prevent unauthorized hosts from accessing the LAN
• D、to protect the IP and MAC address of the switch and associated ports
• E、to block unauthorized access to the switch management interfaces over common TCP ports

第14题：

An attacker is launching a DoS attack on the Company network using a hacking tool designed to  exhaust the IP address space available from the DHCP servers for a period of time.  Which  procedure would best defend against this type of attack？ （）

• A、 Configure only trusted interfaces with root guard.
• B、 Implement private VLANs （PVLANs） to carry only user traffic.
• C、 Implement private VLANs （PVLANs） to carry only DHCP traffic.
• D、 Configure only untrusted interfaces with root guard.
• E、 Configure DHCP spoofing on all ports that connect untrusted clients.
• F、 Configure DHCP snooping only on ports that connect trusted DHCP servers.
• G、 None of the other alternatives apply

第15题：

A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?（）

• A、Configure port Fa0/1 to accept connections only from the static IP address of the server.
• B、Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
• C、Configure the MAC address of the server as a static entry associated with port Fa0/1.
• D、Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
• E、Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
• F、Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.

第16题：

A network administrator needs to force a high-performance switch that is located in the MDF to become the root bridge for a redundant path switched network. What can be done to ensure that this switch assumes the role as root bridge（）。

• A、Establish a direct link from the switch to all other switches in the network.
• B、Assign the switch a higher MAC address than the other switches in the network have.
• C、Configure the switch so that it has a lower priority than other switches in the network.
• D、Configure the switch for full-duplex operation and configure the other switches for half-duplex operation.
• E、Connect the switch directly to the MDF router, which will force the switch to assume the role of root bridge.

第17题：

A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices.What would be the most efficient way to configure MAC-level security on all these ports？ （）

• A、Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.
• B、Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.
• C、Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them.
• D、Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security.

第18题：

When configuring unified ports on a 5548 switch， which port ordering must be respected？（）

• A、 Fibre Channel ports must be configured from the first port in the module.
• B、 Ethernet ports must be configured from the last port in the module.
• C、 Fibre Channel ports must be configured from the last port in the module.
• D、 Ethernet ports must be configured from the first port in the module.

第19题：

第20题：

第21题：

第22题：

第23题：

第24题：