Port Security

5 minutes 5 Questions

Port Security is a feature that allows network administrators to restrict the use of physical or virtual ports on a switch or other network devices to authorized users or devices only. It helps in preventing unauthorized access, MAC address flooding, and other security breaches. Port security can b…

A Complete Guide to Port Security for CompTIA Network+

Port Security is an important concept under Network Access Control for the CompTIA Network+ examination.

Importance: In a network, every data communication takes place through a port. Port Security allows administrators to restrict access to these ports, preventing unauthorized access and threats such as MAC flooding. It is crucial to ensure the integrity and safety of the data passing through.

What is Port Security?: Port Security is a feature on a network switch that allows the switch to restrict access on a per-port basis. Depending on the configuration, when a violation occurs, the port can either restrict traffic, shut down, or send an alert.

How it works: Port Security works by assigning a unique MAC address to each port on the switch. Only devices with the assigned MAC address can access the network through that port. If an unauthorized device tries to connect, the port security feature identifies the violation and takes the appropriate action.

Exam Tips: Answering Questions on Port Security:
1. Understand the basic configuration commands: Various questions can ask you to identify or write commands to configure port security on a switch.
2. Know the actions on violation: Comprehend what happens when port security encounters a violation. The port can either restrict, shut down, or protect.
3. Identify scenarios: Be able to identify if a certain scenario can benefit from port security, and justify your reasoning.
4. Understand MAC Address limitation: Get familiar with the fact that only one MAC address can be assigned to a port, which restricts access to only one device.

By focusing on these areas, you'll be able to confidently answer exam questions related to Port Security.

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

CompTIA Network+ - Port Security Example Questions

Test your knowledge of Port Security

Question 1

A network administrator has noticed an excessive amount of unauthorized devices connecting to the network switch. Which port security feature should be implemented?

NAT Port triggering DHCP snooping MAC address filtering

Correct Answer: MAC address filtering

The best port security feature to implement when there is an excessive amount of unauthorized devices connecting to the network switch is MAC address filtering. This feature allows control over which devices are allowed to connect to the network based on their MAC addresses. Since every device has a unique MAC address, it will allow the administrator to either Allow or Deny a device's access to the network based on its MAC address. On the other hand, Port triggering and NAT are not used for limiting access to a network. They are used for forwarding network traffic and translating network addresses respectively. DHCP Snooping also isn't the optimal solution here, because although it can stop unauthorized DHCP servers from giving out IP addresses, it doesn't prevent devices from connecting to the network.

Question 2

After implementing port security on a switch, an employee reports that their device is not able to connect to the Internet. Assuming the settings below are applied, what is the reason for the issue? {"Maximum allowed MAC addresses": 1, "Sticky MAC": True}

The port is disabled The Internet service is down The switch is full The employee is using a different device

Correct Answer: The employee is using a different device

In this scenario, port security on the switch has been implemented with a maximum of one allowed MAC address and Sticky MAC enabled. This means the switch port will only allow the first MAC address it encounters, and remember it even if the device is unplugged. So, if the employee is trying to connect a different device (with a different MAC address) than the one the switch port has already learned, it will not be allowed to connect. The other answers are incorrect because: 'The switch is full' is incorrect because the problem is about a limit on the number of MAC addresses per port, not the total switch capacity. 'The Internet service is down' is wrong because it is an assumption and the text implies the problem is on the local network switch. 'The port is disabled' is wrong because the text does not state this and again, the problem lies with multiple devices trying to access the same port which has MAC address security.

Question 3

An administrator has set up a switch with MAC address filtering. One of the employees accidentally spilled coffee on their laptop, and it was damaged beyond repair. The employee received a new laptop but cannot access the network. What must be done?

Change the port security mode Update the MAC address filter list Replace the damaged Ethernet cable Enable port forwarding

Correct Answer: Update the MAC address filter list

The best course of action in this situation is to update the MAC address filter list on the switch. When the administrator set up MAC address filtering, they essentially created a list of allowed devices based on their MAC addresses - unique identifiers for network interfaces. When the employee's laptop was replaced, the new laptop's MAC address was not on the pre-set list, which is why access was denied. The other options are not the correct solution because the inability to connect to the network is not due to physical damage to an Ethernet cable or incorrect settings such as port security mode or port forwarding. Therefore, the MAC address filter list needs to be updated to include the MAC address of the new laptop.

🎓 Unlock Premium Access

CompTIA Network+ + ALL Certifications

🎓 Access to ALL Certifications: Study for any certification on our platform with one subscription
3164 Superior-grade CompTIA Network+ practice questions
Unlimited practice tests across all certifications
Detailed explanations for every question
CompTIA Network+: 5 full exams plus all other certification exams
100% Satisfaction Guaranteed: Full refund if unsatisfied
Risk-Free: 7-day free trial with all premium features!

Start Your Free 7-Day Trial