nerdexam
ExamsCAS-003Questions#655
CompTIA

CAS-003 · Question #655

CAS-003 Question #655: Real Exam Question with Answer & Explanation

The correct answer is A: Implement switchport security. The output likely reveals multiple MAC addresses appearing on a single switch port, which is a hallmark of a MAC flooding attack or an unauthorized hub/switch connected to the guest network. Switchport security allows an administrator to restrict the number of valid MAC addresses

Question

A security administrator is performing an audit of a local network used by company guests and executes a series of commands that generates the following output: Which of the following actions should the security administrator take to BEST mitigate the issue that transpires from the above information?

Exhibit

CAS-003 question #655 exhibit

Options

  • AImplement switchport security
  • BImplement 802 1X
  • CEnforce static ARP mappings using GPO
  • DEnable unicast RPF

Explanation

The output likely reveals multiple MAC addresses appearing on a single switch port, which is a hallmark of a MAC flooding attack or an unauthorized hub/switch connected to the guest network. Switchport security allows an administrator to restrict the number of valid MAC addresses on a port and define actions (shutdown, restrict, protect) when a violation occurs, directly countering this threat. 802.1X (B) enforces authentication before network access but does not limit MAC addresses per port. Enforcing static ARP mappings via GPO (C) mitigates ARP poisoning but applies to domain-joined systems, not a guest network. Unicast RPF (D) prevents IP address spoofing at the routing layer, not MAC-level switching attacks.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice