A network manager is configuring switches in IDFs to ensure unauthorized client computers are not connecting to a secure wired network. Which of the following is the network manager MOST likely performing?
ACL are on routers or multi-layer Switch, on comptia exams if they say "switch" there talking about layer 2 only and you can't add ACL on a Layer 2 switch.
The ACLs could be added on router and in doing so, this would help prevent access to this new switch. It doesn't say that they are creating ACLs on the layer 2 switch.
The question is not about what is (or is not) the best option. The "compTIA question" is what is the manager "MOST likely doing". Again, it is "compTIA question" in "compTIA reality" and the answer is "Disabling unneeded switchports". That is the basic. Do not overthink it with scenarios "attacker can unplug blablabla" - that is not the issue. This is basic exam, from basic knowledge that you as a future network specialist have to know - unneeded ports have to be turned off. Period.
PS: Updated chatGPT4 & bing both say it is.... (suprise!) A. Disabling unneeded switchports.
There are MAC ACls like those involved in MAC filtering. An ACL is an Access Control List that would tell the switch that only authorised devices are allowed to connect. This however may be more time consuming than just disabling unused switchports but an ACL would be a certain way as someone could remove a device from plug in to that port.
C. Configuring DHCP snooping
Chatty GPT says to prevent unauthorized client computers from connecting to a secure wired network, the network manager is most likely configuring DHCP snooping. DHCP snooping is a security feature used on network switches to mitigate various types of attacks, such as rogue DHCP servers or unauthorized devices trying to obtain IP addresses from the network.
Microsoft Bing AI selects (A):
"The network manager is most likely performing the following action: Disabling unneeded switchports. This is a simple method that many administrators use to help secure the network from unauthorized access. By disabling all unused ports on a switch, it can prevent unauthorized client computers from connecting to a secure wired network.
Option B (Changing the default VLAN) is incorrect because changing the default VLAN does not prevent unauthorized client computers from connecting to a secure wired network.
Option C (Configuring DHCP snooping) is incorrect because DHCP snooping is used to prevent rogue DHCP servers from being introduced into a network.
Option D (Writing ACLs to prevent access to the switch) is incorrect because ACLs are used to control traffic flow through networks and not to prevent unauthorized client computers from connecting to a secure wired network."
The question says "Computer Clients", meaning such computers have already connected to the switch and accessing other resources and that "Secured Wired Connection" is off-limits resource!
Correct answer is B. Default VLAN is being changed. Such a situation happens when Guests (or clients) need to have Internet access. But they shouldn't have access to secure internal resources. The Switch lets unrecognised MAC addresses have Internet access only.
The network manager is most likely performing the task of implementing port security on the switches in the Intermediate Distribution Frames (IDFs). Port security is a feature commonly used in network switches to control access to the network by limiting the devices that can connect to individual switch ports.
By configuring port security, the network manager can enforce restrictions on the MAC (Media Access Control) addresses allowed to connect to specific switch ports. This prevents unauthorized client computers or devices from gaining access to the secure wired network.
Typically, the network manager would configure port security to allow only authorized MAC addresses to connect to each switch port. If an unauthorized device attempts to connect, the switch can take actions such as shutting down the port, generating an alert, or applying other security measures to protect the network.
The answer is A via Chat GPT:
The network manager is most likely performing the task of disabling unneeded switchports to prevent unauthorized client computers from connecting to the secure wired network.
Disabling unneeded switchports means shutting down or administratively disabling switchports that are not in use or not intended for client connections. By doing so, the network manager effectively prevents unauthorized devices from being able to physically connect to the network through those disabled switchports.
This is a common practice to enhance network security and prevent unauthorized access. By disabling switchports that are not in use or not authorized for client connections, the network manager reduces the attack surface and limits the potential entry points for unauthorized devices.
A. Most likely answer. A network manager doesn't need to go to an IDF just to secure unauthorized access. Mgr could do that from anywhere in the network. Net mgr is possibly unplugging/disabling unnecessary/unused ports.
D. Second answer if, net mgr was in an MDF connected to the core switches/L3 switches/routers and applying ACL to the whole network.
I choose A just because it seems like the mgr is just configuring/disabling ports only on the switch in the IDF
Reading this question again. I think the answer is D. Client computers are known to the network, ACLs can be added so any client computers, not authorized, will be denied access to certain parts of the network. Basically, these computers are already connected, they just need to have the right permission.
Anyone saying you can't add ACL to L2 switches is somewhat wrong. You can add VLAN ACL to the network to permit/deny devices.
ACLs are not used for port security in this case. 802.1X should have been a good option. Disabling unused ports is also a way, but then not foolproof. This is not an exam written by experienced people, so choose dumbly
A network manager is MOST likely performing the following action to ensure unauthorized client computers are not connecting to a secure wired network: Disabling unneeded switchports. By disabling unneeded switchports, the network manager can prevent unauthorized access to the secure wired network by controlling which device can connect to which switchport.
Another common security measure that the network manager could be performing is Configuring DHCP snooping. DHCP snooping is used to prevent unauthorized DHCP servers from handing out IP addresses to clients on the network. This helps to prevent rogue devices from connecting to the network and potentially compromising the security of the network.
Disabling unneeded switchports, doesn't directly prevent unauthorized clients from connecting to the secure wired network. Hence enabling DHCP snooping is a better solution.
If you copy and paste this question on chatGPT you get this answer:
"It sounds like the network manager is implementing security measures to prevent unauthorized access to a secure wired network. Specifically, they are configuring switches in Intermediate Distribution Frames (IDFs) to prevent unauthorized client computers from connecting to the network.
This is most likely being done by using access control lists (ACLs) or implementing 802.1X authentication on the switches. By doing this, only authorized computers with the correct credentials will be able to access the network.
The network manager is taking these steps to ensure the security of the network and prevent unauthorized access, which could potentially lead to data breaches or other security incidents."
This section is not available anymore. Please use the main Exam Page.N10-008 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
wbear
Highly Voted 2 years, 1 month agomagicbr3
1 year, 10 months agoTimfdklfajlksdjlakf
10 months, 4 weeks agoDumbTIA
Highly Voted 1 year, 8 months agofamco
1 year, 7 months agoprincedarcy
Most Recent 1 year agoosmaster
1 year, 1 month agoBrenner22
10 months, 2 weeks agoMitchF
1 year, 2 months agoMotaki
1 year, 2 months agoJuliana1017
1 year, 3 months agoSanat123
1 year, 4 months agoYelib
1 year, 4 months agoAli3ngazer
1 year, 6 months ago1stAid
1 year, 7 months ago1stAid
1 year, 6 months agofamco
1 year, 7 months agoLordGNTWK
1 year, 8 months agoMelzTheArtist
1 year, 9 months agoJakeCharles
1 year, 9 months agoTomSawyer
1 year, 9 months agoTomSawyer
1 year, 9 months ago233Matis
1 year, 9 months ago