思科认证考试
DHCP snooping on Cisco Nexus 1000V Series Switches acts like a firewall between untrusted hosts and trusted DHCP servers by doing which of these? ()A、 validates DHCP messages received from untrusted sources and filters out invalid response messages from D
题目
DHCP snooping on Cisco Nexus 1000V Series Switches acts like a firewall between untrusted hosts and trusted DHCP servers by doing which of these? ()
- A、 validates DHCP messages received from untrusted sources and filters out invalid response messages from DHCP servers
- B、 intercepts all ARP requests and responses on untrusted ports
- C、 builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses
- D、 uses the DHCP snooping binding database to validate subsequent requests from untrusted hosts
- E、 limits IP traffic on an interface to only those sources that have an IP-MAC address binding table entry or static IP source entry
参考答案和解析
相似问题和答案
第1题:
A.MAC学习速率限制
B. DHCP Snooping信任端口
C.DHCP速率限制
D.ARP速率限制
第2题:
A.DHCP Snooping绑定表分为动态绑定表和静态绑定表
B.DHCP Snooping区分信任端口和非信任端口,对非信任端口,不处理DHCP Reply报文
C.静态绑定表在报文入端口手工输入,也可以手工设置表项老化时间
D.在二层上应用DHCP Snooping时,不配置Option82功能也可以获得绑定表所需的接口信息
第3题:
A.配置Trusted/Untrusted接口。
B.限制交换机接口上允许学习到的最多MAC地址数目。
C.开启DHCP snooping检查DHCP REQUEST报文中CHADDR字段的功能。
D.在交换机上配置DHCP snooping与DAI或IPSG进行联动。
第4题:
Which of the following types of attacks does DHCP snooping prevent?(Choose all that apply.)()
- A、Attacker sends multiple DHCP requests flooding DHCP server
- B、Attacker connects rogue server initiating DHCP requests
- C、Attacker connects rogue server replying to DHCP requests
- D、Attacker sends DHCP jam signal causing DHCP server to crash
- E、Attacker sends gratuitous ARP replies, thereby jamming the DHCP server
- F、Attacker sends unsolicited DHCP replies, thereby jamming the DHCP server
正确答案:A,C
第5题:
ARP-CHECK功能检查ARP报文合法性的来源有()
- A、IP+MAC的端口安全
- B、DHCP Snooping+IP Sourceguard
- C、dot1x授权
- D、DHCP Snooping表
正确答案:A,B,C
第6题:
As a network administrator, you issue the interface auto qos voip cisco-phone command on a port in an edge network. It is possible for a Cisco Catalyst switch to check if a Cisco IP Phone is directly attached to that port by:()
A. using DHCP snooping
B. snooping the incoming 802.1Q VLAN tag
C. using CDP
D. snooping the CoS marking on the incoming frames
第7题:
某公司的网络拓扑结构如图3-1所示。其中的DHCP server安装的Linux系统。
【问题2】(6分)
若内部网络PC1上用户私自安装了dhcp服务器,则可能导致内网的用户无法获得正确的地址。要解决这个问题,可以在交换机上开启 (6) 功能,通过这种方式将交换机的(7)即接口设置为(8)接口。
(6)备选答案:
A、dhcp snooping B、dhcp relay C、dhcp discover D、dhcp unicast
(8)备选答案:
A、trust B、untrust C、dmz D、snooping
第8题:
A.配置GigabitEthernet0/0/1接口为信任接口。
B.如果GigabitEthernet0/0/1接口收到的DHCF请求报文中,没有OPTION82的SUBOPTION1信息,则设备会生成OPTION82,并插入到报文中
C.开启DHCP Snooping配置可以用来防止DHCP server仿冒者攻击。
D.开启DHCP Snooping配置可以用来防止ARP欺骗攻击
第9题:
Which is the result of enabling IP Source Guard on an untrusted switch port that does not have DHCP snooping enabled?()
- A、DHCP requests will be switched in the software, which may result in lengthy response times.
- B、The switch will run out of ACL hardware resources.
- C、All DHCP requests will pass through the switch untested.
- D、The DHCP server reply will be dropped and the client will not be able to obtain an IP address.
正确答案:D
第10题:
When you enter the interface command auto qos voip cisco-phone on a port at the edge of a network,how does the Cisco Catalyst switch detect if a Cisco IP Phone is connected to the port?()
- A、by snooping the CoS marking on the incoming frames
- B、by using RTP hello messages between the switch port and the Cisco IP Phone
- C、by using CDP
- D、by using DHCP snooping
- E、by snooping the incoming 802.1Q VLAN tag
正确答案:C