Switch(config-if)# switchport access vlan 21 From the configuration shown, what can be determined? (VLAN Access map with a “mac access list” can also be used to filter MAC). To protect against this type of attack, port security feature can be used to limit and allow specific MAC to access the port -> F is correct. The attacker can listen to these broadcast packets and capture sensitive data. Now the switch acts like a hub, in which all incoming packets are broadcast out on all ports instead of just to the correct destination port as normal operation. This makes the switch learn the MAC addresses until its memory is used up. MAC flooding attack is a technique in which the attacker floods the switch with packets, each containing different source MAC address. It is not used to mitigate MAC address flooding attacks -> C is not correct.ĭAI should be used to mitigate ARP Spoofing attack in which the attacker fakes its MAC as the destination MAC to receive traffic intended for valid destination -> E is not correct. PVLAN is often used to protect devices on a common VLAN, give them more separation even though they are on the same VLAN. Root guard is used to mitigate Spanning-tree compromises, not ARP address spoofing -> A and D are not correct.ĭHCP spoofing is mitigated by DHCP snooping -> B is not correct. The host with address 0000.0000.000b is removed from the secure address list after 300 seconds. Interface FastEthemet0/2 is a voice VLAN port.Į. The sticky secure MAC addresses are treated as static secure MAC addresses after the running configuration is saved to the startup configuration and the switch is restarted.ĭ. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds of inactivity.Ĭ. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthemet0/2 into error disabled state.ī. Switchport port-security mac-address sticky 0000.0000.5050Ī.
Switchport port-security mac-address sticky 0000.0000.4141 Switchport port-security mac-address 0000.0000.000b
Switchport port-security mac-address sticky Based on the running configuration that is shown for interface FastEthemet0/2, what two conclusions can be deduced? (Choose two)