SY0-301 · Question #792
An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which
The correct answer is C. Configure the switch to allow only traffic from computers based upon their physical address.. This describes MAC address filtering (port security) on the switch. Every network interface card (NIC) has a unique physical (MAC) address burned in at the hardware level. By configuring the switch to only forward frames from known, authorized MAC addresses, the administrator ens
Question
An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?
Options
- AInstall a proxy server between the users' computers and the switch to filter inbound network traffic.
- BBlock commonly used ports and forward them to higher and unused port numbers.
- CConfigure the switch to allow only traffic from computers based upon their physical address.
- DInstall host-based intrusion detection software to monitor incoming DHCP Discover requests.
How the community answered
(46 responses)- A7% (3)
- B4% (2)
- C87% (40)
- D2% (1)
Explanation
This describes MAC address filtering (port security) on the switch. Every network interface card (NIC) has a unique physical (MAC) address burned in at the hardware level. By configuring the switch to only forward frames from known, authorized MAC addresses, the administrator ensures that only the approved computers on that subnet can communicate on the network. This is a Layer 2 control that directly addresses the requirement. A proxy server (A) filters content, not access by computer identity. Port blocking/forwarding (B) is security through obscurity and does not restrict by machine identity. Host-based IDS monitoring DHCP requests (D) is a detection tool, not an access control mechanism.
Topics
Community Discussion
No community discussion yet for this question.