試験N10-008J トピック1 問題150 スレッド

* Port security is a feature that allows switches to limit the number of MAC addresses that can be learned on a switchport, and to take action if an unauthorized MAC address is detected12.
* Port security can prevent rogue devices from connecting to the network and potentially launching attacks such as MAC spoofing, ARP poisoning, or VLAN hopping13.
* Port security can be configured to either drop packets from unauthorized MAC addresses (protect or restrict mode), or to shut down the port completely (shutdown mode)12.
* Port security can also be configured to use sticky MAC addresses, which are dynamically learned and stored in the running configuration, or to use static MAC addresses, which are manually entered and stored in the startup configuration12.
* Port security is a best practice for securing switchports that provide end user access, especially in public or untrusted areas, where rogue devices can be easily plugged in13.
* Spanning Tree Protocol (STP) is a network protocol that prevents loops in a switched network by disabling redundant links and creating a loop-free logical topology45.
* STP is not a control that would address the risk of rogue devices connecting to the network, as it does not limit the MAC addresses or the VLANs that can be learned on a switchport45.
* Deactivating STP on network interfaces that are facing public areas would not only be ineffective, but also counterproductive, as it would create the possibility of loops and broadcast storms if multiple devices are connected to the same switchport45.
* Neighbor Resolution Protocol (NRP) is not a valid term in networking. The closest term is Neighbor Discovery Protocol (NDP), which is an IPv6 protocol that performs functions such as address resolution, router discovery, prefix discovery, and neighbor unreachability detection67.
* NDP is not a control that would address the risk of rogue devices connecting to the network, as it does not limit the MAC addresses or the VLANs that can be learned on a switchport67.
* Disabling NDP in the Layer 2 devices would not only be ineffective, but also detrimental, as it would impair the IPv6 communication and functionality on the network67.
* Port tagging is a technique that adds a VLAN identifier (VID) to an Ethernet frame, indicating which VLAN it belongs to89.
* Port tagging is used to allow multiple VLANs to share the same physical link, such as a trunk port between switches, or a link to a device that supports VLAN tagging, such as a router or a server89.
* Port tagging is not a control that would address the risk of rogue devices connecting to the network, as it does not limit the MAC addresses or the VLANs that can be learned on a switchport89.
* Ensuring port tagging is in place for network interfaces in guest areas would not only be ineffective, but also unnecessary, as guest devices usually do not support VLAN tagging, and would only need access to a single VLAN89.
References:
* Port Security in Computer Network
* Understanding VLAN tagging and untagging of ports
* Spanning Tree Protocol
* Spanning Tree Protocol - CompTIA Network+ N10-007 - 1.3
* Spanning Tree Protocol - N10-008 CompTIA Network+ : 2.3
* Neighbor Discovery Protocol - NDP Overview
* Neighbor Discovery Protocol (NDP) - what is it?
* CompTIA Network+ domain #2: network implementation [2022 update]
* CompTIA Network+ Certification Exam Objectives