CAS-003 · Question #630
CAS-003 Question #630: Real Exam Question with Answer & Explanation
The correct answer is E: Switch and router ARP tables. Without a NAC solution, switch and router ARP tables are the most reliable real-time source for enumerating all actively connected devices, enabling a script to flag personal devices that do not match the corporate serial-number naming convention.
Question
Options
- ARecursive DNS logs
- BDHCP logs
- CAD authentication logs
- DRADIUS logs
- ESwitch and router ARP tables
Explanation
Without a NAC solution, switch and router ARP tables are the most reliable real-time source for enumerating all actively connected devices, enabling a script to flag personal devices that do not match the corporate serial-number naming convention.
Common mistakes.
- A. Recursive DNS logs capture domain query traffic but do not provide a real-time inventory of all connected devices or a reliable way to distinguish corporate from personal device identities.
- B. DHCP logs record historical hostname-to-IP lease assignments and may not reflect devices currently on the network, nor do they capture personal devices that use manually configured static IPs.
- C. Active Directory authentication logs only contain records for domain-joined corporate devices; personal devices typically do not authenticate against AD and would be entirely invisible in those logs.
- D. RADIUS logs require an existing 802.1x and RADIUS infrastructure for network access control, which the question explicitly states the organization does not have.
Concept tested. ARP table-based rogue device identification on unmanaged networks
Reference. https://www.cisco.com/c/en/us/support/docs/ip/address-resolution-protocol-arp/13718-5.html
Community Discussion
No community discussion yet for this question.