🃏 Security Flashcards

Q: What are the three port security violation modes?

A: Protect (silent drop), Restrict (drop + log), Shutdown (err-disable port, default).

Q: What does DHCP snooping protect against?

A: Rogue DHCP servers. Untrusted ports drop DHCP server messages (OFFER, ACK). Builds a binding table.

Q: What is DAI and what does it use?

A: Dynamic ARP Inspection validates ARP packets using the DHCP snooping binding table to prevent ARP spoofing.

Q: What port does TACACS+ use?

A: TCP port 49.

Q: What ports does RADIUS use?

A: UDP 1812 (authentication) and UDP 1813 (accounting).

Q: What is 802.1X?

A: Port-based Network Access Control. Three roles: supplicant (client), authenticator (switch), authentication server (RADIUS).

Q: What is the difference between WPA2 and WPA3?

A: WPA3 uses SAE (stronger handshake), provides forward secrecy, and protects against offline dictionary attacks. WPA2 uses PSK/4-way handshake.

Q: What is a site-to-site VPN?

A: An IPsec tunnel that encrypts traffic between two networks (e.g., headquarters and branch office) over the public internet.

Q: What does the "implicit deny" in an ACL mean?

A: Any traffic not explicitly permitted by an ACL rule is automatically denied (dropped).

Q: Where should you place an extended ACL?

A: As close to the source as possible to prevent unwanted traffic from crossing the network.