What is switch port security and how does it mitigate ARP spoofing and MAC flooding?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Network Operations Management Test with multiple choice questions, each with explanations. Assess your knowledge on protocols, backup strategies, and operational management. Enhance your readiness for the exam!

Multiple Choice

What is switch port security and how does it mitigate ARP spoofing and MAC flooding?

Explanation:
Port security on a switch controls which devices can send frames on a port by limiting the number of MAC addresses learned on that port. This directly tackles MAC flooding: if an attacker tries to flood the switch with many fake MAC addresses, the CAM table would fill up, causing erratic behavior or the switch to broadcast to all ports. By enforcing a limit, the switch stops learning new addresses after the threshold is reached, and it can be configured to take a protective action (like restrict or shut down the port) when a violation occurs. This keeps the switch’s forwarding decisions based on a known set of devices, making it harder for an attacker to leverage a flooded CAM table to intercept traffic or to facilitate ARP spoofing. Static or trusted MAC addresses can be added so only specific devices are allowed to use a port, further strengthening protection. The other options describe actions that port security does not perform: it does not change the switch’s own MAC address, it does not blanket-block all traffic on a port by default, and it does not rely on inspecting ARP packets to prevent spoofing.

Port security on a switch controls which devices can send frames on a port by limiting the number of MAC addresses learned on that port. This directly tackles MAC flooding: if an attacker tries to flood the switch with many fake MAC addresses, the CAM table would fill up, causing erratic behavior or the switch to broadcast to all ports. By enforcing a limit, the switch stops learning new addresses after the threshold is reached, and it can be configured to take a protective action (like restrict or shut down the port) when a violation occurs. This keeps the switch’s forwarding decisions based on a known set of devices, making it harder for an attacker to leverage a flooded CAM table to intercept traffic or to facilitate ARP spoofing.

Static or trusted MAC addresses can be added so only specific devices are allowed to use a port, further strengthening protection. The other options describe actions that port security does not perform: it does not change the switch’s own MAC address, it does not blanket-block all traffic on a port by default, and it does not rely on inspecting ARP packets to prevent spoofing.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy