nerdexam
GIAC

GCED · Question #96

GCED Question #96: Real Exam Question with Answer & Explanation

The correct answer is D. A MAC Flood attack. Both BPDU Guard and Root Guard are used to prevent a new switch from becoming the Root They are very similar but use different mechanisms. Rootguard allows devices to use STP, but if they send superior BDPUs (i.e. they attempt to become the Root Bridge), Root Guard disables the p

Question

Analyze the screenshot below. Which of the following attacks can be mitigated by these configuration settings?

Exhibit

GCED question #96 exhibit

Options

  • AA Denial-of-Service attack using network broadcasts
  • BA Replay attack
  • CAn IP masquerading attack
  • DA MAC Flood attack

Explanation

Both BPDU Guard and Root Guard are used to prevent a new switch from becoming the Root They are very similar but use different mechanisms. Rootguard allows devices to use STP, but if they send superior BDPUs (i.e. they attempt to become the Root Bridge), Root Guard disables the port until the offending BPDUs cease. Recovery is automatic. If Portfast is enabled on a port, BPDU Guard will disable the port if a BPDU is received. The port stays disabled until it is manually re-enabled. Devices behind such ports cannot use STP, as the port would be disabled as soon as they send BPDUs (which is the default behavior of switches).

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCED Practice