Exam SY0-601 topic 1 question 247 discussion

NEED FOR PING SWEEP Ping sweep is used for various purposes, such as improving and maintaining network security. It can also be used to: Discover active IP addresses on the network Ensure IP addresses on the network match the documentation Detect rogue devices connected to the network

If it is a small office "B. Physically check each system. " should be done, as it seems to be the most accurate.

Why is option "C" not obvious? I have an unknown device in my network, and I have already determined that something is wrong. My natural reaction will be to deny access to any device that is UNKNOWN. That's the sore thumb. The user will reach out to me if they can't work. That's better than going around to physically inspect systems or check their Mac addresses, and it is just safer. A ping sweep will just tell me that two devices are off. How does that help me detect which device's MAC address has been spoofed?

hint "small business" = Physically check

A (ping sweep) makes most sense for the FIRST thing to do. Both C&D would affect availability, right off. B would be the SECOND thing to do (it also affects availability - having to go to each machine).

why I need the ping sweep while the photo contain the mac and the IP

'D' is absolutely wrong. MAC Filtering doesn't do anything in a MAC Spoofing situation. SOHO is in the 4-10 machine range. And you'd find out right quick if Chuckle-Head George (the Office Clown) is the one who renamed his laptop while it offline.

B. Physically check each system They provided a hint "small business..."

Its definitely b

B. Physically check each system Running a ping sweep isn't actually going to help you resolve the problem. But if you verify the MAC address of each authorized device you can then apply Mac filtering to allow only the authorized devices. But in order to identify the MAC address for each device you need to physically check each device.

CompTIA doing CompTIA things. MAC address = physical address. Small business, very few devices. Go check each device physically...

While ping sweep would be effective at showing what devices are on the network, we already have that information. We already suspect someone is spoofing a MAC address. What would be the point of getting that information again? It's also a small office, physical inspection wouldnt take long and you could rule out which devices are which

A is the correct answer and here is why: If MAC filtering has already been applied (which is the case on the image provided) and you suspect a rogue system is spoofing MAC addresses, the NEXT best step to further detect and address the issue without impacting availability is: B. Conduct a ping sweep. Conducting a ping sweep involves scanning the network to identify active devices by sending ICMP (Internet Control Message Protocol) ping requests to a range of IP addresses. This can help you identify devices that are currently active on the network, even if they are not authorized or if their MAC addresses have been spoofed. Therefore A is the best option.

"small Business" is the key word

Apparently this table is not the only info the admin has because this table doesn't give enough info about a mac spoofing or a rogue device on the network, let's do a ping sweep, it only takes 30 seconds and it will not hurt anything.

5c time! a systems administrator of a small business determines(not suspects, he has determined, to me that implies he knows) someone (unknown device) is spoofing the MAC address of an authorized device (known device). A ping sweep will not give you more info than you already have, you know the know the IPs and MACs at play here (Identify - which has already been done) The next step is to contain which IMO would be apply mac filtering, this would block all comms on the unknown device, even if its IP changed I would then Physically check each system, there are only 4 so this is not a massive task Deny internet access to the "UNKNOWN" hostname - guessing this would be done via IP as Firewalls are layer 3 devices generally and dont work with MAC addresses, and could potentially impact availability... These questions are so stupid

Why Not C. If it shows as unknown I would just kick it off and if it is legitimate someone that works there will approach you and say this is not connecting. Mac filtering is already on or they wouldn't have to spoof the MAC