A network was down for several hours due to a contractor entering the premises and plugging
both ends of a network cable into adjacent network jacks. Which of the following would have
prevented the network outage? (Select Two)
A.
Port security
B.
Loop Protection
C.
Implicit deny
D.
Log analysis
E.
Mac Filtering
F.
Flood Guards
A and B
1
0
Port security in IT can mean the physical control of all connection points, the management of TCP and User Datagram Protocol (UDP) ports, or Port knocking.
Loop protection is the resolving of a transmission pathway that repeats itself. It includes the use of Spanning Tree Protocol (STP) for Ethernet and the IP header TTL value.
Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied access by default.
Log analysis is used for reviewing audit trails and log files for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern. This helps to detect unauthorized access after it has occurred.
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP (Wireless Access Point) to block access to all unauthorized devices.
Flood guards are used to prevent network flooding attacks such as DoS, SYN floods, ping floods etc.
The correct answer is A and F.
0
0
First of all, I apologize to everyone reading my post and therefore choosing A and F. The correct answer is B and F, not A and F. Let me explain:
Port security is based on MAC address. There is NO MAC address of a piece of network cable. How’s Port Security work when NO MAC address involved?
As I stated previous time, STP is to help preventing the loop. Please click on the following link for more detail information.
http://serverfault.com/questions/366072/what-happens-when-you-plug-two-sides-of-a-cable-to-a-single-networking-device
1
0
1. Loop protection is clearly correct. Ideally STP is running and this would not happen–but it guards against broadcast storms.
2. Flood guard is more problematic for me. This is normally a firewall activity and designed for protecting against SYN DDoS attacks.
Log analysis and Implicit deny are just stupid here.
Switch ports do have MAC addresses. Those addresses are not used in normal traffic. However, if the switch does originate the traffic, the MAC address of the port is used. If I connect two switches together on a set of ports, would they learn the MAC of the other switch.
So, if I limit the port to a specific MAC and it gets connected to another port on the same switch, it would shut down.
As frustrating as I found this question to be, I would have to go with A & B.
2
0
I chose A & B
1
1