Question 258 - N10-008 discussion

Disabling unneeded switchports is a securitybest practice that prevents unauthorized devices from connecting to the network andpotentially compromising its integrity or confidentiality. By disabling the switchports that arenot in use, the network manager reduces the attack surface and the risk of rogue devices, suchas laptops, printers, or cameras, from accessing the network. Disabling unneeded switchports

can also prevent MAC flooding attacks, which occur when an attacker sends a large number ofspoofed MAC addresses to a switch, causing it to overflow its MAC address table and forwardall traffic to all ports, effectively turning the switch into a hub. To disable a switchport, thenetwork manager can use the commandswitchport mode shutdownon the interfaceconfiguration mode of the switch. Changing the default VLAN, configuring DHCP snooping, andwriting ACLs are also security measures that can be applied to switches, but they are not themost likely ones in this scenario. Changing the default VLAN can prevent VLAN hopping attacks,which occur when an attacker sends frames with double 802.1Q tags to a switch, causing it toforward the frames to another VLAN. Configuring DHCP snooping can prevent DHCP spoofingattacks, which occur when an attacker sets up a rogue DHCP server on the network and offersfake IP addresses and gateway information to unsuspecting clients, redirecting their traffic tothe attacker's device. Writing ACLs can prevent unauthorized access to the switch or thenetwork resources, by filtering traffic based on source and destination IP addresses, ports,protocols, or other criteria.Reference: Network + N10-008 practice exam Flashcards | QuizletNetwork+ N10-008 Practice Test | CertBlaster | Free CompTIA Network+ Practice Test