{"id":645,"date":"2022-08-13T09:47:08","date_gmt":"2022-08-13T08:47:08","guid":{"rendered":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/cisco-certified-network-associate-200-301-ccna-question633\/"},"modified":"2022-08-13T09:47:08","modified_gmt":"2022-08-13T08:47:08","slug":"cisco-certified-network-associate-200-301-ccna-question633","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/cisco-certified-network-associate-200-301-ccna-question633\/","title":{"rendered":"Cisco Certified Network Associate (200-301 CCNA) &#8211; Question633"},"content":{"rendered":"<div class=\"question\">DRAG DROP<br \/>\nDrag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right.<br \/>\nSelect and Place:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full\" src=\"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-content\/uploads\/exam\/0633-0000.jpg\" \/><\/div>\n<p><\/p>\n<style> .hidden-div{ display:none } <\/style>\n<p>\t\t\t\t\t\t\t<button onclick=\"getElementById('hidden-div').style.display = 'block'\"> Show Answer <\/button> <button onclick=\"getElementById('hidden-div').style.display = 'none'\">Hide Answer<\/button><\/p>\n<div class=\"hidden-div\" id=\"hidden-div\"><span style=\"\"><\/p>\n<div class=\"answer\">Correct Answer: <strong>[img 0633-0001.jpg]<\/strong><\/div>\n<p><strong>Explanation:<\/strong> <\/p>\n<div class=\"explanation\">\nExplanation:<br \/>\nDouble-Tagging attack:<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full\" src=\"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-content\/uploads\/exam\/0633-0003.jpg\" \/><br \/>\nIn this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the native VLAN of the trunk port (VLAN 10 in this case), and the second matches the VLAN of a host it wants to attack (VLAN 20).<br \/>\nWhen the packet from the attacker reaches Switch A, Switch A only sees the first VLAN 10 and it matches with its native VLAN 10 so this VLAN tag is removed. Switch A forwards the frame out all links with the same native VLAN 10. Switch B receives the frame with an tag of VLAN 20 so it removes this tag and forwards out to the Victim computer.<br \/>\nNote: This attack only works if the trunk (between two switches) has the same native VLAN as the attacker.<br \/>\nTo mitigate this type of attack, you can use VLAN access control lists (VACLs, which applies to all traffic within a VLAN. We can use VACL to drop attacker traffic to specific victims\/servers) or implement Private VLANs.<br \/>\nARP attack (like ARP poisoning\/spoofing) is a type of attack in which a malicious actor sends falsified ARP messages over a local area network as ARP allows a gratuitous reply from a host even if an ARP request was not received. This results in the linking of an attacker&#8217;s MAC address with the IP address of a legitimate computer or server on the network. This is an attack based on ARP which is at Layer 2. Dynamic ARP inspection (DAI) is a security feature that validates ARP packets in a network which can be used to mitigate this type of attack.<\/div>\n<p><\/strong><\/span> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>DRAG DROP Drag and drop the threat-mitigation techniques from the left onto the types of threat or attack they mitigate on the right. Select and Place: Show Answer Hide Answer Correct Answer: [img 0633-0001.jpg] Explanation: Explanation: Double-Tagging attack: In this attack, the attacking computer generates frames with two 802.1Q tags. The first tag matches the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[9,642],"class_list":["post-645","post","type-post","status-publish","format-standard","hentry","category-cisco-certified-network-associate-200-301-ccna","tag-cisco-certified-network-associate-200-301-ccna","tag-question-633"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/posts\/645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/comments?post=645"}],"version-history":[{"count":0,"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/posts\/645\/revisions"}],"wp:attachment":[{"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/media?parent=645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/categories?post=645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exampracticetests.com\/Cisco\/CCNA\/200-301\/wp-json\/wp\/v2\/tags?post=645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}