You are responsible for increasing the security within the Company LAN. Of the following
choices listed below, which is true regarding layer 2 security and mitigation techniques?
A.
Enable root guard to mitigate ARP address spoofing attacks.
B.
Configure DHCP spoofing to mitigate ARP address spoofing attacks.
C.
Configure PVLANs to mitigate MAC address flooding attacks.
D.
Enable root guard to mitigate DHCP spoofing attacks.
E.
Configure dynamic APR inspection (DAI) to mitigate IP address spoofing on DHCP
untrusted ports.
F.
Configure port security to mitigate MAC address flooding
G.
None of the other alternatives apply
Explanation:
Use the port security commands to mitigate MAC-spoofing attacks. The port security
command provides the capability to specify the MAC address of the system connected to a
particular port. The command also provides the ability to specify an action to take if a portsecurity violation occurs. However, as with the CAM table-overflow attack mitigation,
specifying a MAC address on every port is an unmanageable solution. Hold-down timers in
the interface configuration menu can be used to mitigate ARP spoofing attacks by setting the
length of time an entry will stay in the ARP cache.
http://www.javvin.com/networksecurity/NetworkSecurity.html