You have a conference room with an open network port that is used by employees to connect to the network. You are concerned about rogue switches being connected to this port. Which two features should you enable on your switch to limit access to this port? (Choose two.)
A. DHCP snooping
B. dynamic ARP inspection
C. MAC limiting
D. 802.1X
|
Download Printable PDF. VALID exam to help you PASS. |
 |
C,D is the correct answer
802.1X Authentication—Provides network access control. Supplicants (hosts) are authenticated when they initially connect to a LAN. Authenticating supplicants before they receive an IP address from a DHCP server prevents unauthorized supplicants from gaining access to the LAN. EX Series switches support Extensible Authentication Protocol (EAP) methods, including EAP-MD5, EAP-TLS, EAP-TTLS, and EAP-PEAP.
MAC limiting—Protects against flooding of the Ethernet switching table (also known as the MAC forwarding table or Layer 2 forwarding table). You can enable MAC limiting on an interface.
I’m a cisco engineer and have configured switches for a while and limiting a port to 2 MAC addresses is the most used solution. Also to have total control of what is being connected to the network, you would want to configure 802.1X.
What has DHCP Snooping or arp inspection got to do with preventing rogue switches from being connected to the network? NOTHING, IMO.
If you think otherwise, please put an explanation why to back up your reason.
then why are you here when you are a cisco engineer?