Unlock hundreds more features
Save your Quiz to the Dashboard
View and Export Results
Use AI to Create Quizzes and Analyse Results

OR
Sign inSign in with Facebook
Sign inSign in with Google
Quizzes > High School Quizzes > Technology

11.6.4 Switch Security Practice Quiz

Boost Your Switch Security Configuration Skills Today

Difficulty: Moderate
Grade: Grade 12
Study OutcomesCheat Sheet
Colorful paper art promoting a trivia quiz on network switch security for students.

What is port security in a network switch?
It enables remote access to the network.
It restricts unauthorized devices by limiting MAC addresses on the port.
It increases the port speed for high traffic.
It automatically configures VLANs.
Port security involves restricting port usage by limiting the number of MAC addresses that can access the port. This prevents unauthorized devices from connecting to the network.
Which command is commonly used to enable port security on a switch port?
configure secure-interface
switchport port-security
enable security-port
port secure-enable
The command 'switchport port-security' is the widely used syntax to enable port security on many network switches. It locks down the port by limiting the number of valid MAC addresses.
What does MAC address filtering on a switch help prevent?
Software bugs in operating systems.
Unauthorized devices from accessing the network by using unrecognized MAC addresses.
Network congestion by classifying traffic.
Faulty cables from being connected.
MAC address filtering restricts network access to only those devices with pre-approved MAC addresses. This helps prevent unauthorized devices from connecting to the network.
In switch security, what is a secure default measure on switch ports?
Allowing all traffic by default.
Configuring port security to limit the number of allowed MAC addresses.
Increasing port capacity.
Disabling encryption on management traffic.
A common secure default for switch ports is to enable port security, limiting the number of MAC addresses allowed. This reduces the risk of unauthorized access or attacks through unused or misconfigured ports.
Why is securing unused switch ports important?
To enhance data transfer speeds.
To prevent unauthorized access and reduce network vulnerabilities.
To improve port performance.
To enable remote configuration.
Unused switch ports can be entry points for unauthorized devices. Securing these ports minimizes the risk of unauthorized network access and potential security breaches.
Which security feature on a switch helps prevent loops and potential network attacks by disabling ports receiving unexpected BPDUs?
Storm Control
DHCP Snooping
Port Fast
BPDU Guard
BPDU Guard protects the network by shutting down the port if it receives unexpected Bridge Protocol Data Units. This prevents potential misconfigurations or unauthorized devices from disrupting the spanning-tree process.
How does VLAN configuration contribute to switch security?
By disabling interfering protocols.
By merging all devices into a single broadcast domain.
By increasing overall network speed.
By segmenting the network to limit broadcast domains.
VLAN configuration segments a network into smaller broadcast domains, thereby limiting the scope of traffic and potential security breaches. This isolation makes it harder for attackers to move laterally across the network.
What is the purpose of storm control in a switch environment?
To automatically update firmware.
To encrypt sensitive traffic.
To monitor and limit excess broadcast, multicast, or unicast traffic.
To block unauthorized wireless devices.
Storm control is a feature that monitors and limits excessive traffic, such as broadcast or multicast storms, which can overwhelm the network. This helps maintain optimal network performance and prevents potential disruptions.
Which security measure helps mitigate the risk of MAC flooding attacks on switches?
Increasing the port buffer size.
Activating QoS settings.
Port security with MAC address limiting.
SNMP monitoring.
MAC flooding attacks overload the switch's MAC address table. Limiting the number of MAC addresses learned on a port through port security effectively minimizes the risk of such flooding attacks.
How does IP Source Guard enhance switch security?
It encrypts all IP traffic.
It filters traffic based on IP-MAC bindings.
It prioritizes voice data on the network.
It extends the switch port range.
IP Source Guard improves security by filtering incoming traffic based on established IP-to-MAC address bindings. This helps prevent IP spoofing and ensures that only authorized devices communicate on the network.
In the context of switch security, what is dynamic ARP inspection?
A method for rapid reconnection after disconnections.
A protocol to secure routing information.
A process that validates ARP packets against trusted bindings.
An automated update of ARP tables.
Dynamic ARP Inspection (DAI) verifies ARP packets on the network to ensure they match known IP-to-MAC address bindings. This validation helps prevent ARP spoofing, which is a common method for intercepting network traffic.
What role does DHCP snooping play in securing a switch?
It encrypts DHCP traffic to secure IP assignments.
It automatically updates firmware over DHCP.
It assigns static IP addresses to devices.
It filters untrusted DHCP messages and builds a binding table.
DHCP snooping works by filtering out untrusted DHCP messages and constructing a table binding IP addresses to MAC addresses. This prevents rogue DHCP servers from giving out invalid IP assignments.
Which management protocol is considered more secure for switch configuration and management?
SSH
Telnet
FTP
HTTP
SSH (Secure Shell) encrypts remote management sessions, making it far more secure than Telnet, which transmits information in plain text. This helps protect sensitive configuration data from potential interception.
How does 802.1X port-based authentication increase switch security?
It provides encryption for all network traffic.
It requires devices to authenticate before gaining network access.
It increases the speed of data transfer.
It automatically configures VLAN assignments.
802.1X enforces authentication at the network port level before any data is transmitted. This restricts network access to authenticated devices, thereby enhancing overall network security.
Which feature is essential for monitoring and logging security events on a switch?
Syslog
ICMP
FTP logging
RMON
Syslog is a standard protocol used for logging events from network devices, including security-related events. This logging is crucial for monitoring the network, troubleshooting, and performing forensic investigations.
What are the potential security risks if unused switch ports are left without any security configuration?
Device drivers might be compromised.
Unauthorized network access and potential attacks through unmonitored ports.
Increased network speed creates data loss risks.
The switch might overheat due to excessive traffic.
Unsecured unused switch ports can serve as weak points, allowing unauthorized devices to connect and potentially launch attacks. Securing these ports is vital to preserving network integrity.
How can administrators prevent VLAN hopping attacks on switches?
By enabling BPDU Guard on all ports.
By implementing proper VLAN tagging and avoiding use of the default VLAN on trunk ports.
By increasing the number of VLANs.
By disabling port security entirely.
VLAN hopping can be mitigated by properly configuring VLAN tagging and ensuring that trunk ports do not use the default VLAN. This prevents attackers from sending tagged packets into restricted VLANs.
In advanced switch security configurations, why is it important to secure the management plane separately?
Because it increases the bandwidth available for user data.
Because protecting management traffic prevents unauthorized remote access and control.
Because management traffic does not affect network security.
Because it decreases the load on the security hardware.
Securing the management plane ensures that the pathways used to configure and manage the switch are protected from interception and unauthorized access. This separation helps maintain the overall security of the network infrastructure.
Which configuration practice helps mitigate the risk of configuration tampering on a network switch?
Implementing role-based access control (RBAC) and secure remote access.
Allowing all users to have full configuration privileges.
Disabling authentication to speed up access.
Frequently changing VLAN IDs.
Role-based access control (RBAC) ensures that only authorized users can modify configurations, while secure remote access protocols protect against unauthorized changes. This combination significantly reduces the risk of configuration tampering.
What is the significance of securing trunk ports in a switch environment?
Securing trunk ports prevents unauthorized VLAN access and traffic interception between switches.
Securing trunk ports disables inter-VLAN routing.
Securing trunk ports improves the overall speed of the network.
Securing trunk ports increases the number of allowed VLANs.
Trunk ports carry traffic for multiple VLANs, making them vulnerable to unauthorized access if not properly secured. By securing trunk ports, administrators ensure that VLANs remain isolated and that sensitive traffic is protected during inter-switch communication.
0
{"name":"What is port security in a network switch?", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"What is port security in a network switch?, Which command is commonly used to enable port security on a switch port?, What does MAC address filtering on a switch help prevent?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}

Study Outcomes

  1. Define fundamental concepts and protocols for securing network switches.
  2. Identify potential vulnerabilities and threats in switch configurations.
  3. Apply best practices to configure secure settings on network switches.
  4. Analyze security configurations to troubleshoot and resolve issues.
  5. Evaluate the effectiveness of implemented security measures on network infrastructure.

11.6.4 Module Quiz: Switch Security Config Cheat Sheet

  1. Change Default Credentials - You wouldn't leave your front door key under a doormat, so don't stick with factory usernames and passwords! Swap those boring defaults for strong, unique credentials to keep unauthorized looky‑loos at bay. A solid password is your first line of defense against network intruders. zunairmajeed.medium.com
    2. zunairmajeed.medium.com
  2. Enable Port Security - Think of port security as your switch's bouncer: it only lets known devices into the party. By limiting the number of MAC addresses per port, you slam the door on crashers and rogue gadgets. It's simple, effective, and a must‑have for a secure network. thenetworkstack.com
    3. thenetworkstack.com
  3. Update Firmware Regularly - Keep your switch's firmware fresher than your playlist! Regular updates patch security holes, boost performance, and add nifty features. Set a calendar reminder so you never miss an important release. cisa.gov
    4. cisa.gov
  4. Implement VLAN Segmentation - VLANs are like private VIP rooms for your most sensitive data. By grouping traffic logically, you reduce the risk of unauthorized snooping or lateral attacks. It's an easy way to keep corporate secrets away from general network chatter. community.cisco.com
    5. community.cisco.com
  5. Secure Remote Access - Disable dusty, outdated remote protocols and roll out secure options like SSH or a VPN instead. Encrypting management sessions stops eavesdroppers cold. It's like speaking in code so only you and your switch understand! thenetworkstack.com
    6. thenetworkstack.com
  6. Monitor Switch Activity - Become a network detective by reviewing logs and watching for odd behavior. Early warning signs - like strange login attempts - can help you stop attacks before they spread. Consistent monitoring is your superpower for spotting trouble. sdmmag.com
    7. sdmmag.com
  7. Disable Unused Ports - Open ports are like unlocked windows - invite trouble if left unattended. Shut down any ports you don't need to cut off unauthorized entry points. It's a quick tweak that packs a big security punch. cliffsnotes.com
    8. cliffsnotes.com
  8. Deploy Access Control Lists (ACLs) - ACLs let you play traffic cop, defining exactly what traffic is welcome on your switch. By crafting clear allow‑and‑deny rules, you keep unwanted data out and mission‑critical flows in. ACLs are like your network's personal bouncer roster. sdmmag.com
    9. sdmmag.com
  9. Implement 802.1X Authentication - Give every device its VIP pass by enforcing user‑based authentication on switch ports. 802.1X ensures only authorized gadgets can connect, stopping imposters in their tracks. It's the network equivalent of a high‑security checkpoint. climbtheladder.com
    10. climbtheladder.com
  10. Enable Spanning Tree Protocol (STP) Protections - Guard against STP attacks with features like BPDU Guard and Root Guard. These protections keep malicious or misconfigured switches from seizing control of your topology. Think of it as locking down the network's traffic flow blueprint. community.cisco.com
    11. community.cisco.com
Make a Quiz (FREE) Copy & Edit This Quiz Create a Quiz with AI

Technology Quizzes

Powered by: Quiz Maker