What two catalyst switch security features will prevent further violations?

300-208 0 Comments

A malicious user gained network access by spoofing printer connections that were authorized using MAB on four different switch ports at the same time.

What two catalyst switch security features will prevent further violations? (Choose two)
A . DHCP Snooping
B . 802.1AE MacSec
C . Port security
D . IP Device tracking
E . Dynamic ARP inspection
F . Private VLANs

Answer: A, E

Explanation:

https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/identity-based-networking-services/

config_guide_c17-663759.html

DHCP snooping is fully compatible with MAB and should be enabled as a best practice.

Dynamic Address Resolution Protocol (ARP) Inspection (DAI) is fully compatible with MAB and should be enabled as a best practice.

In general, Cisco does not recommend enabling port security when MAB is also enabled.

Since MAB enforces a single MAC address per port (or per VLAN when multidomain authentication is

configured for IP telephony), port security is largely redundant and may in some cases interfere with the expected operation of MAB.

Latest 300-208 Dumps Valid Version with 433 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download 300-208 PDF     300-208 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments