Which two countermeasures can mitigate MAC spoofing attacks? (Choose two.)
A.
IP source guard
B.
port security
C.
root guard
D.
BPDU guard
Explanation:
Use the port security feature to mitigate MAC spoofing attacks. Port security provides the
capability to specify the MAC address of the system connected to a particular port. This also
provides the ability to specify an action to take if a port security violation occurs.
IP source guard is a security feature that filters traffic based on the DHCP snooping binding
database and on manually configured IP source bindings in order to restrict IP traffic on nonrouted Layer 2 interfaces. You can use IP source guard to prevent traffic attacks caused when a
host tries to use the IP address of its neighbor. IP source guard prevents IP/MAC spoofing
Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-seriesswitches/72846-layer2-secftrs-catl3fixed.html#ipsourceguard