What is the Cisco preferred countermeasure to mitigate CAM overflows?
A.
Port security
B.
Dynamic port security
C.
IP source guard
D.
Root guard
What is the Cisco preferred countermeasure to mitigate CAM overflows?
What is the Cisco preferred countermeasure to mitigate CAM overflows?
A.
Port security
B.
Dynamic port security
C.
IP source guard
D.
Root guard
B:
The CAM table overflow attack can be mitigated by configuring port security on the switch. This option provides for either the specification of the MAC addresses on a particular switch port or the specification of the number of MAC addresses that can be learned by a switch port. When an invalid MAC address is detected on the port, the switch can either block the offending MAC address or shut down the port. The specification of MAC addresses on switch ports is far too unmanageable a solution for a production environment. A limit of the number of MAC addresses on a switch port is manageable. A more administratively scalable solution is the implementation of dynamic port security at the switch. In order to implement dynamic port security, specify a maximum number of MAC addresses that will be learned.
Note: Port security can also be used, but the question asked for the preferred way.