A network technician has detected a personal computer that has been physically connected to the
corporate network. Which of the following commands would the network technician use to locate
this unauthorized computer and determine the interface it is connected to?
A.
nbtstat –a
B.
show mac address-table
C.
show interface status
D.
show ip access-list
E.
nslookup hostname
Explanation:
Answer: B. Show mac address-table can be used on a Cisco switch to display MAC addresses, interfaces, ethernet interface slot number, port number, and VLAN ID. The administrator would log into the switch which is reporting a rogue PC and run this command then be able to walk directly to the jack associated with that port (assuming the tech has a map of which switch port is associated with which wall jack).
Answer A is not the best answer because nbtstat -a displays the NetBIOS name of a specific remote computer. The rogue PC would not have a registered NetBIOS name on this network and so it would not help at all.
Answer C is not the best answer because show interfaces status will not show a mapping of MAC to IP addresses or switch ports necessary to find the wall-jack where the computer is plugged into.
Answer D is not the best answer because this relates to showing ACLs for a specific IPv4 address which would not be helpful in locating where the rogue PC is physically plugged into the network.
Answer E is not the best answer because nslookup hostname relates to finding a hostname of a computer by looking in the local DNS with the IP address. This is not helpful because the rogue PC does not have an IP address or hostname entry in the DNS.