A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?A. BPDUB. Port securityC. RSTPD. ST

第1题：

第2题：

第3题：

You are the network administrator of a small Layer 2 network with 50 users. Lately， users have been complaining that the network is very slow. While troubleshooting， you notice that the CAM table of your switch is full， although it supports up to 12，000 MAC addresses. How can you solve this issue and prevent it from happening in the future？（）

• A、Upgrade the switches
• B、Configure BPDU guard
• C、Configure VLAN access lists
• D、Configure port security
• E、Configure Dynamic ARP inspection

第4题：

Why would a network administrator configure port security on a switch?（）

• A、To prevent unauthorized Telnet access to a switch port.
• B、To limit the number of Layer 2 broadcasts on a particular switch port.
• C、To prevent unauthorized hosts from accessing the LAN.
• D、To protect the IP and MAC address of the switch and associated ports.
• E、To block unauthorized access to the switch management interfaces over common TCP ports.

第5题：

The network administrator has enabled BPDU guard on the LAN.  Why is an effective way to prevent an unauthorized rogue switch from altering the spanning-tree topology of this network？ （）

• A、BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network. 
• B、BPDU guard can guarantee proper selection of the root bridge.
• C、BPDU guard can be utilized to prevent the switch from transmitteing BPDUs and incorrectly altering the root bridge election.
• D、BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the port.
• E、None of the other alternatives apply

第6题：

An administrator is concerned about users utilizing the company's wireless signal with their personal laptops. Which of the following is the BEST method to use to prevent unauthorized devices from using the company's wireless network?（）

• A、Secure VPN
• B、MAC filtering
• C、IP filtering
• D、Static IP addresses

第7题：

A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?（）

• A、BPDU
• B、Port security
• C、RSTP
• D、STP
• E、VTP
• F、Blocking mode

第8题：

A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports?（）

• A、Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command
• B、Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command
• C、Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them
• D、Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security

第9题：

You need to configure port security on switch R1.  Which two statements are true about this  technology？ （）

• A、 Port security can be configured for ports supporting VoIP.
• B、 With port security configured， four MAC addresses are allowed by default.
• C、 The network administrator must manually enter the MAC address for each device in order for  the switch to allow connectivity.
• D、  Withsecurity configured， only one MAC addresses is allowed by default.  
• E、 Port security cannot be configured for ports supporting VoIP.

第10题：

第11题：

第12题：

第13题：

第14题：

第15题：

For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists？（）

• A、IP
• B、ICMP
• C、TCP
• D、UDP

第16题：

Why would a network administrator configure port security on a switch?（）

• A、to prevent unauthorized Telnet access to a switch port
• B、to limit the number of Layer 2 broadcasts on a particular switch port
• C、to prevent unauthorized hosts from accessing the LAN
• D、to protect the IP and MAC address of the switch and associated ports
• E、to block unauthorized access to the switch management interfaces over common TCP ports

第17题：

A network administrator needs to configure port security on a switch.which two statements are true？（）

• A、The network administrator can apply port security to dynamic access ports
• B、The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.
• C、The sticky learning feature allows the addition of dynamically learned addresses to the runningconfiguration.
• D、The network administrator can apply port security to EtherChannels.
• E、When dynamic mac address learning is enabled on an interface，the switch can learn new addresses，up to the maximum defined.

第18题：

A system administrator wants to configure 802.1X on an Ethernet switch to enable access to specific parts of the network based on group memberships.How can the administrator accomplish this goal?（）

• A、Configure roles based on departments and assign access based on source IP address.
• B、Configure roles based on the user's manager and assign access based on the user's MAC address
• C、Configure roles based on group memberships and assign a specific VLAN to the role.
• D、Configure roles based on RADIUS request attribute and assign a specific VLAN to the role.

第19题：

A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?（）

• A、Configure port Fa0/1 to accept connections only from the static IP address of the server.
• B、Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
• C、Configure the MAC address of the server as a static entry associated with port Fa0/1.
• D、Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
• E、Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
• F、Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.

第20题：

Which feature would prevent guest users from gaining network access by unplugging an IP phone and connecting a laptop computer？（）

• A、IPSec VPN
• B、SSL VPN
• C、port security
• D、port security with statically configured MAC addresses
• E、private VLANs

第21题：

Which of the following are advantages of using Dynamic Host Configuration Protocol?（）

• A、IP addresses can be managed from a central point
• B、Computers can automatically get new addressing when moved to a different network segment
• C、Media Access Control addresses can be changed automatically
• D、The network speed can automatically adjust based on the type of traffic being generated
• E、The HOSTS file on the computer can be validated for proper entries

第22题：

第23题：