Pass Cisco CCNP 300-115 Exam in First Attempt Guaranteed!
Get 100% Real Exam Questions, Accurate & Verified Answers As Seen in the Real Exam!
30 Days Free Updates, Instant Download!
PrepAway Cisco CCNP Switch Certification Practice Test Questions Part 5 300-115 Exam
Which security measures will be taken to avoid Rogue DHCP server?
- A. DHCP Snooping
- B. Port security
- C. BPDU guard
- D. Rootguard guard
- E. Port fast
DHCP snooping is a feature through which we can avoid DHCP clients to get connected to rogue DHCP server that gets installed accidently into the network. For ex. Let’s say we have a DHCP client looking for a DHCP server. It sends a broadcast traffic (DHCP Discovery) in the network and if there is any DHCP server available in the network then it is going to respond to that DHCP Discovery message by sending a DHCP offer. The client then accepts that offer and sends a DHCP request and in return the DHCP server will send a DHCP acknowledgement to register the client in its database. This is what generally happens in a normal scenario.
Now let’s say that we have a DHCP server 1 in the network and accidently we install a rogue DHCP server in the network and we name it DHCP server 2. If there is a client that sends the DHCP discovery message in the network and both the DHCP server responds but the rogue DHCP server 2 responds before the authentic one then the client will register with the rogue DHCP server and will get either blackholed or disconnected from the network. This is where DHCP snooping comes into the picture. There are multiple activities that are performed by the DHCP snooping to avoid this situation.
- 1. Every DHCP message is validated and filtered out.
- 2. It keeps a track on the traffic coming from trusted or rogue sources
- 3. It keeps a database of rogue or untrusted hosts in its database with the leased ip address.
- 4. Once the database is in place, all further requests are validated using this database.
B. Port security is a layer two traffic control feature on Cisco Catalyst switches. This makes possible for an administrator to configure individual switch ports for the purpose to allow only a specified number of source MAC addresses that are ingressing the port. One can also configure dynamic learning of MAC addresses on the port. An action can be defined on the port using the port security. Violation happens when the maximum number of secure mac address is reached and if any unidentified MAC address is identified on the port then port security takes action and applies the configured violation mode.
C. BPDU guard is necessary to prevent loops by moving a non-trunking port into an errdisable state in case if a BPDU is received on that port. By default BPDU guards are disabled however it is recommended on all ports on which port fast feature has been enabled.
D. Rootguard: Rootguard protects the STP topology attack of replacing the original root bridge with the rogue one. The port on any interface will be disabled by BPDU fast if BPDU is received. It is enabled on the designated ports of root switch. So in case if those designated ports listen to the superior BPDU, then that port should be put in inconsistent state.
E. If PortFast is enabled on the switch, then instead of going through the listening, learning, and forwarding states -spanning tree places ports in the forwarding state should be done immediately, The portfast feature is enabled at port level and this port can be a physical one or a logical one.
Cisco CCNP Certification Exam 300-115 Practice Tests
- CCNP Practice Test 1
- CCNP Practice Test 2
- CCNP Practice Test 3
- CCNP Practice Test 4
- CCNP Practice Test 5
- CCNP Practice Test 6
- CCNP Practice Test 7
- CCNP Practice Test 8
- CCNP Practice Test 9
- CCNP Practice Test 10
About 300-115 Exam
The Cisco 300-115 exam is the second of three tests that an individual should pass in order to obtain the Cisco Certified Network Professional (CCNP) Routing and Switching and Cisco Certified Design Professional (CCDP) credentials.
The Cisco 300-115 SWITCH exam is made up of 30-40 questions. The multiple-choice questions require you to give multiple answers. There are also scenario-based questions, fill-in-the-blank, and drag and drop. The duration of the test is 120 minutes. It is available in English and Japanese. Currently, there is no passing score that has been published by Cisco. The purpose of this certification exam is to test one’s capability to plan, configure, verify, implement, and troubleshoot complicated LAN switching solutions in an enterprise setting. These solutions are for enterprises that operate with the Cisco Enterprise Campus Architecture. In addition, the test covers largely secure WLANs and VLANs integration.
The topics of the 300-115 exam act as guidelines for the candidates, so that they know what to focus on in their training. Although the content of the test may change and other related topics may be added, these are the general topics you can expect to find in this exam:
The study resources for the 300-115 exam should be Cisco-approved in the sense that they should be official study guides or other Cisco partner learning materials. It is a good idea to visit the Cisco Press website.