What is switch port security and how does it mitigate ARP spoofing and MAC flooding?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Network Operations Test. Explore management, protocols, and backup strategies with comprehensive questions and detailed explanations. Prepare for success!

Multiple Choice

What is switch port security and how does it mitigate ARP spoofing and MAC flooding?

Explanation:
Port security on a switch controls which devices can send frames on a port by limiting the number of MAC addresses learned on that port. This directly tackles MAC flooding: if an attacker tries to flood the switch with many fake MAC addresses, the CAM table would fill up, causing erratic behavior or the switch to broadcast to all ports. By enforcing a limit, the switch stops learning new addresses after the threshold is reached, and it can be configured to take a protective action (like restrict or shut down the port) when a violation occurs. This keeps the switch’s forwarding decisions based on a known set of devices, making it harder for an attacker to leverage a flooded CAM table to intercept traffic or to facilitate ARP spoofing. Static or trusted MAC addresses can be added so only specific devices are allowed to use a port, further strengthening protection. The other options describe actions that port security does not perform: it does not change the switch’s own MAC address, it does not blanket-block all traffic on a port by default, and it does not rely on inspecting ARP packets to prevent spoofing.

Port security on a switch controls which devices can send frames on a port by limiting the number of MAC addresses learned on that port. This directly tackles MAC flooding: if an attacker tries to flood the switch with many fake MAC addresses, the CAM table would fill up, causing erratic behavior or the switch to broadcast to all ports. By enforcing a limit, the switch stops learning new addresses after the threshold is reached, and it can be configured to take a protective action (like restrict or shut down the port) when a violation occurs. This keeps the switch’s forwarding decisions based on a known set of devices, making it harder for an attacker to leverage a flooded CAM table to intercept traffic or to facilitate ARP spoofing.

Static or trusted MAC addresses can be added so only specific devices are allowed to use a port, further strengthening protection. The other options describe actions that port security does not perform: it does not change the switch’s own MAC address, it does not blanket-block all traffic on a port by default, and it does not rely on inspecting ARP packets to prevent spoofing.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy