Networking-Annex D-Lesson 2-Notes; Questions &
Answers
SW3(config)# int g 1/0/1
SW3(config-if)# sw mode access
SW3(config-if)# sw access vlan 10
SW3(config-if)# sw nonegotiate
SW3(config-if)# no shut
SW3(config)#int g 0/2
SW3(config-if)# sw mode trunk
SW3(config-if)# sw trunk native vlan 50
SW3(config-if)# sw nonegotiate
SW3(config-if)# no shut CORRECT ANSWER-Do Not Allow Negotiations Commands
Provides a mechanism for the management system to automatically learn about devices
connected to the network. Network devices periodically advertise their own information to a
multicast address on the network CORRECT ANSWER-Cisco Discovery Protocol (CDP)
-Allows interworking between vendor equipment
-Single, standardized discovery protocol CORRECT ANSWER-Link Layer Discovery Protocol
(LLDP)
SW3(config)# int g 1/0/24
SW3(config-if)# no cdp enable
, Networking-Annex D-Lesson 2-Notes; Questions &
Answers
SW3(config-if)# no lldp enable CORRECT ANSWER-Disable CDP & LLDP Commands
Security feature that acts like a firewall between untrusted hosts and trusted DHCP servers.
. Validates DHCP messages received from untrusted sources and filters out invalid messages.
· Rate-limits DHCP traffic from trusted and untrusted sources.
· Builds and maintains a binding database, which contains information about untrusted hosts
with leased IP addresses.
· Utilizes a binding database to validate subsequent requests from untrusted hosts.
CORRECT ANSWER-DHCP Snooping
-Validates ARP packets in a network
-Intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings
-This capability protects the network from some man-in-the-middle attacks
-Determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a
trusted database, the DHCP snooping binding database CORRECT ANSWER-Dynamic ARP
Inspection (DAI)
SW3(config)# ip dhcp snooping
SW3(config)# ip dhcp snooping vlan 10,20,30
SW3(config)# Exit
SW3(config)# interface fastethernet (Port Number)
Answers
SW3(config)# int g 1/0/1
SW3(config-if)# sw mode access
SW3(config-if)# sw access vlan 10
SW3(config-if)# sw nonegotiate
SW3(config-if)# no shut
SW3(config)#int g 0/2
SW3(config-if)# sw mode trunk
SW3(config-if)# sw trunk native vlan 50
SW3(config-if)# sw nonegotiate
SW3(config-if)# no shut CORRECT ANSWER-Do Not Allow Negotiations Commands
Provides a mechanism for the management system to automatically learn about devices
connected to the network. Network devices periodically advertise their own information to a
multicast address on the network CORRECT ANSWER-Cisco Discovery Protocol (CDP)
-Allows interworking between vendor equipment
-Single, standardized discovery protocol CORRECT ANSWER-Link Layer Discovery Protocol
(LLDP)
SW3(config)# int g 1/0/24
SW3(config-if)# no cdp enable
, Networking-Annex D-Lesson 2-Notes; Questions &
Answers
SW3(config-if)# no lldp enable CORRECT ANSWER-Disable CDP & LLDP Commands
Security feature that acts like a firewall between untrusted hosts and trusted DHCP servers.
. Validates DHCP messages received from untrusted sources and filters out invalid messages.
· Rate-limits DHCP traffic from trusted and untrusted sources.
· Builds and maintains a binding database, which contains information about untrusted hosts
with leased IP addresses.
· Utilizes a binding database to validate subsequent requests from untrusted hosts.
CORRECT ANSWER-DHCP Snooping
-Validates ARP packets in a network
-Intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings
-This capability protects the network from some man-in-the-middle attacks
-Determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a
trusted database, the DHCP snooping binding database CORRECT ANSWER-Dynamic ARP
Inspection (DAI)
SW3(config)# ip dhcp snooping
SW3(config)# ip dhcp snooping vlan 10,20,30
SW3(config)# Exit
SW3(config)# interface fastethernet (Port Number)
