CompTIA Security+ Question J-54

A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.
Which of the following will BEST mitigate the risk if implemented on the switches?

A. Spanning tree
B. Flood guards
C. Access control lists
D. Syn flood

Answer: A

Explanation:
Spanning Tree is designed to eliminate network ‘loops’ from incorrect cabling between switches. Imagine two switches named switch 1 and switch 2 with two network cables connecting the switches. This would cause a network loop. A network loop between two switches can cause a ‘broadcast storm’ where a broadcast packet is sent out of all ports on switch 1 which includes two links to switch 2. The broadcast packet is then sent out of all ports on switch 2 which includes links back to switch 1. The broadcast packet will be sent out of all ports on switch 1 again which includes two links to switch 2 and so on thus flooding the network with broadcast traffic. The Spanning-Tree Protocol (STP) was created to overcome the problems of transparent bridging in redundant networks. The purpose of STP is to avoid and eliminate loops in the network by negotiating a loop-free path through a root bridge. This is done by determining where there are loops in the network and blocking links that are redundant. Spanning-Tree Protocol executes an algorithm called the Spanning-Tree Algorithm (STA). In order to find redundant links, STA will choose a reference point called a Root Bridge, and then determines all the available paths to that reference point. If it finds a redundant path, it chooses for the best path to forward and for all other redundant paths to block. This effectively severs the redundant links within the network. All switches participating in STP gather information on other switches in the network through an exchange of data messages. These messages are referred to as Bridge Protocol Data Units (BPDUs). The exchange of BPDUs in a switched environment will result in the election of a root switch for the stable spanning-tree network topology, election of designated switch for every switched segment, and the removal of loops in the switched network by placing redundant switch ports in a backup state.

CompTIA Security+ Question F-72

Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).

A. Virtual switch
B. NAT
C. System partitioning
D. Access-list
E. Disable spanning tree
F. VLAN

Answer: A,F

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. A virtual switch is a software application that allows communication between virtual machines. A combination of the two would best satisfy the question.

CompTIA Security+ Question A-16

At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?

A. Configure an access list.
B. Configure spanning tree protocol.
C. Configure port security.
D. Configure loop protection.

Answer: C

Explanation:
Port security in IT can mean several things. It can mean the physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. This can be accomplished by locking down the wiring closet and server vaults and then disconnecting the workstation run from the patch panel (or punch-down block) that leads to a room’s wall jack. Any unneeded or unused wall jacks can (and should) be physically disabled in this manner. Another option is to use a smart patch panel that can monitor the MAC address of any device connected to each and every wall port across a building and detect not just when a new device is connected to an empty port, but also when a valid device is disconnected or replaced by an invalid device.

CompTIA Network+ Question C-100

Which of the following protocols were designed to avoid loops on a Layer 2 network? (Select TWO)

A. OSPF
B. RIPv2
C. 802.1q
D. Spanning tree
E. 802.1d
F. QoS

Correct Answer: DE

CompTIA Network+ Question C-70

A network technician discovers an issue with spanning tree on the core switch. Which of the following troubleshooting steps should the network technician perform NEXT to resolve the issue?

A. Test a theory to determine the cause
B. Escalate to a senior technician
C. Identify the symptoms
D. Establish a theory of probable cause
E. Establish a plan of action

Correct Answer: D

CompTIA Network+ Question B-97

A technician is setting up a new network and wants to create redundant paths through the network. Which of the following should be implemented to prevent performance degradation?

A. Port mirroring
B. Spanning tree
C. ARP inspection
D. VLAN

Correct Answer: B

Explanation:
The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops, or the need for manual enabling/disabling of these backup links.

CompTIA Network+ Question B-81

The network administrator is configuring a switch port for a file server with a dual NIC. The file server needs to be configured for redundancy and both ports on the NIC need to be combined for maximum throughput. Which of the following features on the switch should the network administrator use?

A. BPDU
B. LACP
C. Spanning tree
D. Load balancing

Correct Answer: B

CompTIA Network+ Question A-88

There is a network looping problem after installing some switches. The switch vendor suggested the use of 802.1d. Which of the following is the MOST probable reason the vendor made this suggestion?

A. It is a rapid version of spanning tree that uses BPDU to detect problems
B. It is a regular version of port mirroring that uses hellow packets to detect loops
C. It is a simple version of spanning tree that uses BPDU to detect problems
D. It is a rapid version of port mirroring that uses BPDU to detect problems

Correct Answer: A

CompTIA A+ Core 2 Question I-52

A technician, Peter, has a wired switch in a conference room for guests. In which of the following ways could Peter restrict the network to only six devices at a time, with minimum management effort? (Select TWO).

A. Disable the extra Ethernet ports on the switch
B. Configure DHCP for six addresses maximum
C. Enable Spanning Tree protocol
D. Create an access control list for each new PC
E. Configure DNS to only resolve six IP addresses F: Add each guest to the MAC filter list

Correct Answer: AB