CCNA 2 V7 MODULES 10 - 13: L2
SECURITY AND WLANS EXAM 100%
SOLVED 2025
,Which Layer 2 attack will result in legitimate users not getting valid IP addresses?
A. ARP spoofing
B. DHCP starvation
C. IP address spoofing
D. MAC address flooding - ANSWERB. DHCP starvation
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address
table overflow?
A. Disable DTP.
B. Disable STP.
C. Enable port security.
D. Place unused ports in an unused VLAN. - ANSWERC. Enable port security.
Which three Cisco products focus on endpoint security solutions? (Choose three.)
A. IPS Sensor Appliance
B. Web Security Appliance
C. Email Security Appliance
D. SSL/IPsec VPN Appliance
E. Adaptive Security Appliance
F. NAC Appliance - ANSWERB. Web Security Appliance
C. Email Security Appliance
F. NAC Appliance
True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the
supplicant.
T. True
F. False - ANSWERT. True
Which authentication method stores usernames and passwords in the router and is
ideal for small networks?
A. server-based AAA over TACACS+
B. local AAA over RADIUS
C. server-based AAA
D. local AAA over TACACS+
E. local AAA
F. server-based AAA over RADIUS - ANSWERE. local AAA
What represents a best practice concerning discovery protocols such as CDP and LLDP
on network devices?
A. Enable CDP on edge devices, and enable LLDP on interior devices.
B. Use the open standard LLDP rather than CDP.
, C. Use the default router settings for CDP and LLDP.
D. Disable both protocols on all interfaces where they are not required. - ANSWERD.
Disable both protocols on all interfaces where they are not required.
Which protocol should be used to mitigate the vulnerability of using Telnet to remotely
manage network devices?
A. SNMP
B. TFTP
C. SSH
D. SCP - ANSWERC. SSH
Which statement describes the behavior of a switch when the MAC address table is
full?
A. It treats frames as unknown unicast and floods all incoming frames to all ports on the
switch.
B. It treats frames as unknown unicast and floods all incoming frames to all ports across
multiple switches.
C. It treats frames as unknown unicast and floods all incoming frames to all ports within
the local VLAN.
D. It treats frames as unknown unicast and floods all incoming frames to all ports within
the collision domain. - ANSWERC. It treats frames as unknown unicast and floods all
incoming frames to all ports within the local VLAN.
What device is considered a supplicant during the 802.1X authentication process?
A. the router that is serving as the default gateway
B. the authentication server that is performing client authentication
C. the client that is requesting authentication
D. the switch that is controlling network access - ANSWERC. the client that is
requesting authentication
Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP
phone and PC work properly. Which switch configuration would be most appropriate for
port Fa0/2 if the network administrator has the following goals?
No one is allowed to disconnect the IP phone or the PC and connect some other wired
device. If a different device is connected, port Fa0/2 is shut down.
The switch should automatically detect the MAC address of the IP phone and the PC
and add those addresses to the running configuration.
A. SWA(config-if)# switchport port-securitySWA(config-if)# switchport port-security mac-
address sticky
B. SWA(config-if)# switchport port-securitySWA(config-if)# switchport port-security
maximum 2SWA(config-if)# switchport port-security mac-address stickySWA(config-if)#
switchport port-security violation restrict
C. SWA(config-if)# switchport port-security mac-address stickySWA(config-if)#
switchport por - ANSWERD. SWA(config-if)# switchport port-securitySWA(config-if)#
switchport port-security maximum 2SWA(config-if)# switchport port-security mac-
address sticky
SECURITY AND WLANS EXAM 100%
SOLVED 2025
,Which Layer 2 attack will result in legitimate users not getting valid IP addresses?
A. ARP spoofing
B. DHCP starvation
C. IP address spoofing
D. MAC address flooding - ANSWERB. DHCP starvation
What mitigation plan is best for thwarting a DoS attack that is creating a MAC address
table overflow?
A. Disable DTP.
B. Disable STP.
C. Enable port security.
D. Place unused ports in an unused VLAN. - ANSWERC. Enable port security.
Which three Cisco products focus on endpoint security solutions? (Choose three.)
A. IPS Sensor Appliance
B. Web Security Appliance
C. Email Security Appliance
D. SSL/IPsec VPN Appliance
E. Adaptive Security Appliance
F. NAC Appliance - ANSWERB. Web Security Appliance
C. Email Security Appliance
F. NAC Appliance
True or False?
In the 802.1X standard, the client attempting to access the network is referred to as the
supplicant.
T. True
F. False - ANSWERT. True
Which authentication method stores usernames and passwords in the router and is
ideal for small networks?
A. server-based AAA over TACACS+
B. local AAA over RADIUS
C. server-based AAA
D. local AAA over TACACS+
E. local AAA
F. server-based AAA over RADIUS - ANSWERE. local AAA
What represents a best practice concerning discovery protocols such as CDP and LLDP
on network devices?
A. Enable CDP on edge devices, and enable LLDP on interior devices.
B. Use the open standard LLDP rather than CDP.
, C. Use the default router settings for CDP and LLDP.
D. Disable both protocols on all interfaces where they are not required. - ANSWERD.
Disable both protocols on all interfaces where they are not required.
Which protocol should be used to mitigate the vulnerability of using Telnet to remotely
manage network devices?
A. SNMP
B. TFTP
C. SSH
D. SCP - ANSWERC. SSH
Which statement describes the behavior of a switch when the MAC address table is
full?
A. It treats frames as unknown unicast and floods all incoming frames to all ports on the
switch.
B. It treats frames as unknown unicast and floods all incoming frames to all ports across
multiple switches.
C. It treats frames as unknown unicast and floods all incoming frames to all ports within
the local VLAN.
D. It treats frames as unknown unicast and floods all incoming frames to all ports within
the collision domain. - ANSWERC. It treats frames as unknown unicast and floods all
incoming frames to all ports within the local VLAN.
What device is considered a supplicant during the 802.1X authentication process?
A. the router that is serving as the default gateway
B. the authentication server that is performing client authentication
C. the client that is requesting authentication
D. the switch that is controlling network access - ANSWERC. the client that is
requesting authentication
Refer to the exhibit. Port Fa0/2 has already been configured appropriately. The IP
phone and PC work properly. Which switch configuration would be most appropriate for
port Fa0/2 if the network administrator has the following goals?
No one is allowed to disconnect the IP phone or the PC and connect some other wired
device. If a different device is connected, port Fa0/2 is shut down.
The switch should automatically detect the MAC address of the IP phone and the PC
and add those addresses to the running configuration.
A. SWA(config-if)# switchport port-securitySWA(config-if)# switchport port-security mac-
address sticky
B. SWA(config-if)# switchport port-securitySWA(config-if)# switchport port-security
maximum 2SWA(config-if)# switchport port-security mac-address stickySWA(config-if)#
switchport port-security violation restrict
C. SWA(config-if)# switchport port-security mac-address stickySWA(config-if)#
switchport por - ANSWERD. SWA(config-if)# switchport port-securitySWA(config-if)#
switchport port-security maximum 2SWA(config-if)# switchport port-security mac-
address sticky
