PrepAway - Latest Free Exam Questions & Answers

Which of the following would BEST address this desire?

An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and
network security, the administrator desires to provide network access for this group only. Which of the
following would BEST address this desire?

PrepAway - Latest Free Exam Questions & Answers

A.
Install a proxy server between the users’ computers and the switch to filter inbound network traffic.

B.
Block commonly used ports and forward them to higher and unused port numbers.

C.
Configure the switch to allow only traffic from computers based upon their physical address.

D.
Install host-based intrusion detection software to monitor incoming DHCP Discover requests.

Explanation:
Configuring the switch to allow only traffic from computers based upon their physical address is known as
MAC filtering. The physical address is known as the MAC address. Every network adapter has a unique
MAC address hardcoded into the adapter.
You can configure the ports of a switch to allow connections from computers with specific MAC addresses
only and block all other MAC addresses.MAC filtering is commonly used in wireless networks but is considered insecure because a MAC address
can be spoofed. However, in a wired network, it is more secure because it would be more difficult for a
rogue computer to sniff a MAC address.
Incorrect Answers:
A: A proxy server is often used to filter web traffic. It is not used in port security or to restrict which
computers can connect to a network.
B: You should not block commonly used ports. This would just stop common applications and protocols
working. It would not restrict which computers can connect to a network.
D: DHCP Discover requests are part of the DHCP process. A DHCP client will send out a DHCP Discover
request to locate a DHCP server. All computers on the network receive the DHCP Discover request
because it is a broadcast packet but all computers (except the DHCP server) will just drop the packet.
Blocking DHCP Discover requests will not restrict which computers can connect to a network.

http://alliedtelesis.com/manuals/awplusv212weba/mac_address_Port_security.html


Leave a Reply