nerdexam
ExamsSY0-301Questions#792
CompTIA

SY0-301 · Question #792

SY0-301 Question #792: Real Exam Question with Answer & Explanation

The correct answer is C: Configure the switch to allow only traffic from computers based upon their physical address.. This describes MAC address filtering (port security) on the switch. Every network interface card (NIC) has a unique physical (MAC) address burned in at the hardware level. By configuring the switch to only forward frames from known, authorized MAC addresses, the administrator ens

Question

An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?

Options

  • AInstall a proxy server between the users' computers and the switch to filter inbound network traffic.
  • BBlock commonly used ports and forward them to higher and unused port numbers.
  • CConfigure the switch to allow only traffic from computers based upon their physical address.
  • DInstall host-based intrusion detection software to monitor incoming DHCP Discover requests.

Explanation

This describes MAC address filtering (port security) on the switch. Every network interface card (NIC) has a unique physical (MAC) address burned in at the hardware level. By configuring the switch to only forward frames from known, authorized MAC addresses, the administrator ensures that only the approved computers on that subnet can communicate on the network. This is a Layer 2 control that directly addresses the requirement. A proxy server (A) filters content, not access by computer identity. Port blocking/forwarding (B) is security through obscurity and does not restrict by machine identity. Host-based IDS monitoring DHCP requests (D) is a detection tool, not an access control mechanism.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice