Its B, reference from Omar Santos Guide:
Port security limits the number of MAC addresses learned on a port and "protects against malicious applications that may send thousands of frames into the network, each with a different bogus MAC address" to exhaust the switch’s MAC address table
"This also protects against malicious applications that may be sending thousands of frames
into the network, with a different bogus MAC address for each frame, as the user tries to
exhaust the limits of the dynamic MAC address table on the switch, which might cause the
switch to forward all frames to all ports within a VLAN so that the attacker can begin to
sniff all packets. This is referred to as a CAM table overflow attack. Content-addressable
memory (CAM) is a fancy way to refer to the MAC address table on the switch.
Port security also prevents the client from depleting DHCP server resources, which could
have been done by sending thousands of DHCP requests, each using a different source MAC
address. DHCP spoofing attacks take place when devices purposely attempt to generate
enough DHCP requests to exhaust the number of IP addresses allocated to a DHCP pool."
it's B or D. i think DHCP spoofing is more dangerous. I'm in favor of B
A. Incorrect : a vlan hopping attack is prevented by not using vlan 1 as the default vlan and configure the user facing ports as access ports. Port security not needed here.
B. Incorrect : port-security will not verify if the mac addresses it sees are spoofed or not (this is Dynamic ARP Inspection job).
C. Incorrect : although an attacker can send big amount of data to clog the port it is connected to to its maximum bandwidth, the other ports will still work correctly.
D. Correct : by sending multiple frames with different mac addresses, the attacker can fill the mac adress table to its maximum capacity. The switch won't be able to register mac addresses of legitimate traffic and will treat legitimate traffic as unknown unicast traffic and flood it just like broadcast traffic. The attacker will then be able to eavesdrop.
Port security won't stop spoofing. The allowed mac address on a port can be spoofed by an attacker and the switch will allow access.
However if an attacker is on a particular vlan they wont be able to 'hop' to a different vlan as the ports in question will have port security and only allowed specific mac addresses.
In my opinion it should be B, butt this is what the OCG books says:
"Sniffing or eavesdropping: An attacker is listening in on the network traffic of others.
This could be done in a switched environment, where the attacker has implemented
a content-addressable memory (CAM) table overflow, causing the switch to forward
all frames to all other ports in the same VLAN. To protect against this, you can
use switch port security on the switches to limit the MAC addresses that could be
injected on any single port. In general, if traffic is encrypted as it is transported across
the network, either natively or by a VPN, that is a good countermeasure against
eavesdropping."
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ton99
6 months agohouhou12322
6 months, 2 weeks agoHappy_Shepherd26
6 months, 2 weeks agoSurfside92
6 months, 3 weeks agoBubu3k
9 months, 4 weeks agoRododendron2
11 months, 3 weeks agoCCNPWILL
1 year, 6 months agosmprr2
1 year, 7 months agoitemba36
1 year, 10 months agoums008
1 year, 10 months ago