DRAG DROP
An engineer is configuring an encrypted password for the enable command on a router where the local user database has already been configured. Drag and drop the configuration commands from the left into the correct sequence on the right. Not all commands are used.
Select and Place:

Which function is performed by DHCP snooping?

A. listens to multicast traffic for packet forwarding
B. rate-limits certain traffic
C. propagates VLAN information between switches
D. provides DDoS mitigation

Which security program element involves installing badge readers on data-center doors to allow workers to enter and exit based on their job roles?

A. physical access control
B. biometrics
C. role-based access control
D. multifactor authentication

Which two protocols must be disabled to increase security for management connections to a Wireless LAN Controller? (Choose two.)

A. HTTPS
B. SSH
C. HTTP
D. Telnet
E. TFTP

Refer to the exhibit. A network administrator has been tasked with securing VTY access to a router. Which access-list entry accomplishes this task?

A. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq telnet
B. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq scp
C. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq https
D. access-list 101 permit tcp 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255 eq ssh

When a WLAN with WPA2 PSK is configured in the Wireless LAN Controller GUI, which format is supported?

A. decimal
B. ASCII
C. unicode
D. base64

A network administrator must configure SSH for remote access to router R1. The requirement is to use a public and private key pair to encrypt management traffic to and from the connecting client. Which configuration, when applied, meets the requirements?

A. R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate ec keysize 1024
B. R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate ec keysize 2048
C. R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key encrypt rsa name myKey
D. R1#enable
R1#configure terminal
R1(config)#ip domain-name cisco.com
R1(config)#crypto key generate rsa modulus 1024

Where does a switch maintain DHCP snooping information?

A. In the CAM table
B. In the frame forwarding database
C. In the MAC address table
D. In the binding database

What is a practice that protects a network from VLAN hopping attacks?

A. Enable dynamic ARP inspection
B. Configure an ACL to prevent traffic from changing VLANs
C. Change native VLAN to an unused VLAN ID
D. Implement port security on internet-facing VLANs

A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap?

A. switchport port-security violation access
B. switchport port-security violation protect
C. switchport port-security violation restrict
D. switchport port-security violation shutdown