A network architect is designing a solution for a customer who wants better security on edge ports. Recently, an unauthorized individual was able to connect a snooping device to an open port (in other words, to a switch port that is active but not connected to a customer device). The customer wants to prevent this from happening again. However, the customer wants to avoid implementing 802.1X on ports because the IT staff is not prepared to deploy and manage such a solution.
What is the simplest way to minimize the risk of another unauthorized connection without adding a lot of management overhead?
A. Place opens ports in a VLAN that is not carried on uplinks.
B. Implement MAC lockdown (as opposed to MAC authentication) on all open ports.
C. Apply MAC authentication to the open ports and allow only known MAC addresses
D. Apply dynamic port access control lists (ACLs) to open ports.
|
Download Printable PDF. VALID exam to help you PASS. |
 |