Security breaches can occur at any layer of the OSI model. At Layer 2, some of the common breaches are MAC address spoofing, ARP spoofing, Denial of Service (DoS) attacks against a DHCP server, and VLAN hopping.
Hence, MACSec protects against ARP & MAC Spoofing.
IP source guard is a security feature that prevents IP spoofing attacks by filtering traffic based on the source IP addresses in the IP header. It ensures that the source IP addresses in the incoming packets are legitimate and associated with the correct interfaces. IP source guard does not have any impact on encryption performance and operates at the network layer (Layer 3) of the OSI model.
MACsec does not provide any protection for the IP layer or above, which means that it does not prevent attacks such as IP spoofing, denial-of-service, or application-level exploits.
https://www.linkedin.com/advice/0/what-pros-cons-using-macsec-lan-wan-security-skills-lan-wan#:~:text=Moreover%2C%20MACsec%20does%20not%20provide%20any%20protection%20for,such%20as%20IP%20spoofing%2C%20denial-of-service%2C%20or%20application-level%20exploits.
Actually, if the question is referring to mac address spoofing, then yes 'A' is correct. They should clarify if IP address anti spoofing or mac address spoofing. At Layer 2, some of the common breaches are MAC address spoofing, ARP spoofing, Denial of Service (DoS) attacks against a DHCP server, and VLAN hopping.
https://www.cisco.com/c/en/us/td/docs/iosxr/cisco8000/security/70x/b-system-security-cg-cisco8000-70x/configuring-macsec.html
Also, macsec is not limited by packet size - MACsec supports line-rate encryption performance (100 Gbps+), regardless of the MTU and packet size
https://www.cisco.com/c/dam/en/us/td/docs/solutions/Enterprise/Security/MACsec/WP-High-Speed-WAN-Encrypt-MACsec.pdf
A is Wrong. MACsec also cannot protect against malicious layer 3 traffic coming from a different network interface, on a machine connected to multiple LANs. For example, attacks that rely on forcing traffic to leave from other interfaces, using ARP spoofing or IP redirects, cannot be prevented using MACsec alone.
Bis the ans. IP source guard is a security feature that helps prevent IP spoofing attacks by allowing only packets with valid source IP addresses to pass through a network device. It uses a combination of source IP address filtering and DHCP snooping to determine the validity of the source IP address.
per Cisco documentation:
Security breaches can occur at any layer of the OSI model. At Layer 2, some of the common breaches are
MAC address spoofing, ARP spoofing, Denial of Service (DoS) attacks against a DHCP server, and VLAN
hopping.
MACSec secures data on physical media, making it impossible for data to be compromised at higher layers
B. IP Source Guard is a security feature that restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database and IP source bindings. It does not provide encryption.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.400-007 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
4f873c4
1 month, 3 weeks agoblurain
9 months, 1 week agoRollizo
9 months, 3 weeks agodvthakore
11 months, 1 week agoRollizo
9 months, 3 weeks agoJ_W
1 year, 5 months agobdp123
1 year, 5 months agobdp123
1 year, 5 months agobdp123
1 year, 5 months agoRollizo
9 months, 3 weeks agoCastleMagic
1 year, 7 months agobiddid2
1 year, 7 months agogcpengineer
1 year, 8 months agoying162
1 year, 8 months agoying162
1 year, 9 months agoying162
1 year, 8 months agomarkmark1983
1 year, 9 months agoSFXY
1 year, 5 months ago