Which two countermeasures can mitigate STP root bridge attacks?

seenagapeSeptember 12, 2015

Which two countermeasures can mitigate STP root bridge attacks? (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
root guard

B.
BPDU filtering

C.
Layer 2 PDU rate limiter

D.
BPDU guard

Explanation:
The BPDU guard feature is designed to allow network designers to keep the active network
topology predictable. BPDU guard is used to protect the switched network from the problems that
may be caused by the receipt of BPDUs on ports that should not be receiving them. The receipt of
unexpected BPDUs may be accidental or may be part of an unauthorized attempt to add a switch
to the network. BPDU guard is best deployed toward user-facing ports to prevent rogue switch
network extensions by an attacker.
The root guard feature of Cisco switches is designed to provide a way to enforce the placement of
root bridges in the network. Root guard limits the switch ports out of which the root bridge may be
negotiated. If a root-guard-enabled port receives BPDUs that are superior to those that the current
root bridge is sending, then that port is moved to a root-inconsistent state, which is effectively
equal to an STP listening state, and no data traffic is forwarded across that port.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Cisco Exam Questions

Free Cisco Study Guide

Which two countermeasures can mitigate STP root bridge attacks?

Leave a Reply Cancel reply