CH 14
You are the network administrator for a city library. Throughout the library are several groups of computers that provide public access to the Internet. Supervision of these computers has been difficult. You've had problems with patrons bringing personal laptops into the library and disconnecting the network cables from the library computers to connect their laptops to the Internet. The library computers are in groups of four. Each group of four computers is connected to a hub that is connected to the library network through an access port on a switch. You want to restrict access to the network so only the library computers are permitted connectivity to the Internet. What can you do?
Configure port security on the switch
A network switch detects a DHCP frame on the LAN that appears to have come from a DHCP server that is not located on the local network. In fact, it appears to have originated from outside the organization's firewall. As a result, the switch drops the DHCP message from that server. Which security feature was enabled on the switch to accomplish this?
DHCP Snooping
A network switch is configured to perform the following validation checks on its ports: • All ARP requests and responses are intercepted. • Each intercepted request is verified to ensure that it has a valid IPtoMAC address binding. • If the packet has a valid binding, the switch forwards the packet to the appropriate destination. • If the packet has an invalid binding, the switch drops the ARP packet. What security feature was enabled on the switch to accomplish this?
Dynamic ARP Inspection
Match the Network Access Protection (NAP) component on the left with its description on the right.
Generates a Statement of Health (SoH) that reports the client configuration for health requirements. -NAP Client Runs the System Health Validator (SHV) -NAP Server Is the connection point for clients to the network. -Enforcement Server (ES) Contain resources accessible to noncompliant computers on the limitedaccess network. -Remediation Server
Match the port security MAC address type on the left with its description on the right.
MAC address manually identified as an allowed address SecureConfigured MAC address that has been learned and allowed by the switch SecureDynamic MAC address that is manually configured or dynamically learned that is saved in the config file SecureSticky
Members of the Sales team use laptops to connect to the company network. While traveling they connect their laptops to the Internet through airport and hotel networks. You are concerned that these computers will pick up viruses that could spread to your private network. You would like to implement a solution that prevents the laptops from connecting to your network unless antivirus software and the latest operating system patches have been installed. Which solution should you use?
NAC
You are in the process of implementing a Network Access Protection (NAP) infrastructure to increase your network's security. You are currently configuring the remediation network that noncompliant clients will connect to in order to become compliant. The remediation network needs to be isolated from the secure network. Which should you implement to do this?
Network segmentation
You manage a network that uses switches. In the lobby of your building are three RJ45 ports connected to a switch. You want to make sure that visitors cannot plug in their computers to the free network jacks and connect to the network. However, employees who plug into those same jacks should be able to connect to the network. What feature should you configure?
Port authentication
Which type of security uses MAC addresses to identity devices that are allowed or denied a connection to a switch?
Port security
You have a company network with a single switch. All devices connect to the network through the switch.You want to control which devices will be able to connect to your network. For devices that do not have the latest operating system patches, you want to prevent access to all network devices except for a special server that holds the patches that the computers need to download. Which of the following components will be part of your solution? (Select two.)
Remediation servers 802.1x authentication
Your company is a small startup that has leased office space in a building shared by other businesses. All businesses share a common network infrastructure. A single switch connects all devices in the building to the router that provides Internet access. You would like to make sure that your computers are isolated from computers used by other companies. Which feature should you request to have implemented?
VLAN
In which of the following situations would you use port security?
You want to restrict the devices that could connect through a switch port.