Home » Cisco » 210-260 v.2 » What is the Cisco preferred countermeasure to mitigate CAM overflows?
What is the Cisco preferred countermeasure to mitigate CAM overflows?
A. Port security
B. Dynamic port security
C. IP source guard
D. Root guard
Correct Answer: B
Explanation/Reference:
Port Security on a Cisco switch enables you to control how the switch port handles the learning and storing of MAC addresses on a per-interface basis. The main use of this command is to set a limit to the maximum number of concurrent
MAC addresses that can be learned and allocated to the individual switch port.
Reference: http://www.ciscopress.com/articles/article.asp?p=1681033&seqNum=2
The CAM table overflow attack can be mitigated by configuring port security on the switch. This option provides for either the specification of the MAC addresses on a particular switch port or the specification of the number of MAC addresses that can be learned by a switch port. When an invalid MAC address is detected on the port, the switch can either block the offending MAC address or shut down the port. The specification of MAC addresses on switch ports is far too unmanageable a solution for a production environment. A limit of the number of MAC addresses on a switch port is manageable. A more administratively scalable solution is the implementation of dynamic port security at the switch. In order to implement dynamic port security, specify a maximum number of MAC addresses that will be learned.
Note: Port security can also be used, but the question asked for the preferred way.
It’s A, there isn’t any dynamic port security. It’s just Port Security
B. Dynamic Port Security
A. Port security…