CompTIA Security Plus Mock Test Q621

An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?

A. Install a proxy server between the users’ computers and the switch to filter inbound network traffic.
B. Block commonly used ports and forward them to higher and unused port numbers.
C. Configure the switch to allow only traffic from computers based upon their physical address.
D. Install host-based intrusion detection software to monitor incoming DHCP Discover requests.


Correct Answer: C
Section: Threats and Vulnerabilities

Explanation:
Configuring the switch to allow only traffic from computers based upon their physical address is known as MAC filtering. The physical address is known as the MAC address. Every network adapter has a unique MAC address hardcoded into the adapter.
You can configure the ports of a switch to allow connections from computers with specific MAC addresses only and block all other MAC addresses.
MAC filtering is commonly used in wireless networks but is considered insecure because a MAC address can be spoofed. However, in a wired network, it is more secure because it would be more difficult for a rogue computer to sniff a MAC address.

Incorrect Answers:
A: A proxy server is often used to filter web traffic. It is not used in port security or to restrict which computers can connect to a network.
B: You should not block commonly used ports. This would just stop common applications and protocols working. It would not restrict which computers can connect to a network.
D: DHCP Discover requests are part of the DHCP process. A DHCP client will send out a DHCP Discover request to locate a DHCP server. All computers on the network receive the DHCP Discover request because it is a broadcast packet but all computers (except the DHCP server) will just drop the packet. Blocking DHCP Discover requests will not restrict which computers can connect to a network.

References:
http://alliedtelesis.com/manuals/awplusv212weba/mac_address_Port_security.html