SY0-701 · Question #325
SY0-701 Question #325: Real Exam Question with Answer & Explanation
The correct answer is B: Port security. Port security is the best mitigation technique for preventing an attacker from flooding the MAC address table of network switches. Port security can limit the number of MAC addresses learned on a port, preventing an attacker from overwhelming the switch's MAC table (a form of MAC
Question
A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?
Options
- ALoad balancer
- BPort security
- CIPS
- DNGFW
Explanation
Port security is the best mitigation technique for preventing an attacker from flooding the MAC address table of network switches. Port security can limit the number of MAC addresses learned on a port, preventing an attacker from overwhelming the switch's MAC table (a form of MAC flooding attack). When the allowed number of MAC addresses is exceeded, port security can block additional devices or trigger alerts. Load balancer distributes network traffic but does not address MAC flooding attacks. IPS (Intrusion Prevention System) detects and prevents attacks but isn't specifically designed for MAC flooding mitigation. NGFW (Next-Generation Firewall) offers advanced traffic inspection but is not directly involved in MAC table security.
Community Discussion
No community discussion yet for this question.