Question 1: Test Software Practice Test for Cisco

Posted on
Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

1) Objective: Implement Layer 2 security
SubObjective: Utilize Cisco IOS and Cat OS commands to mitigate Layer 2 attacks

 

What should you do to mitigate a MAC spoofing attack? (Choose two.)

 

A. use port-security command on the switch
B. use hold-down timers
C. avoid using private VLANs
D. use DHCP spoofing prevention method

Answer:
A. use port-security command on the switch
B. use hold-down timers

 

Tutorial:
The use of port-security Cisco IOS commands and hold-down timers can mitigate a MAC spoofing attack. The interface configuration command switchport port-securitymac-address mac-address [vlan {vlan-id| {access| voice}}] configures a secure MAC address on a switch interface. This command can also be used to define the maximum number of secure MAC address.

 

Hold-time specifies the period for which an Address Resolution Protocol (ARP) entry will remain in the ARP cache. The hold-down timer is also used with the private VLANs to provide enhanced security against MAC spoofing attacks. A switch port in a private VLAN can only communicate to other switch ports in the same private VLAN.

 

The DHCP spoofing prevention method is not a valid method for mitigating a MAC spoofing attack. The correct name is Dynamic Host Control Protocol (DHCP) snooping. DHCP snooping filters un-trusted DHCP messages using a DHCP snooping binding database. A DHCP snooping binding database is also referred to as a DHCP snooping binding table.

 

Reference:
CCSP SNRS Exam Certification Guide, Chapter 14: Mitigating Layer 2 Attacks, Mitigating MAC Address Spoofing Attacks, p. 292

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: