Implementing Secure Configuration for Residence Hall Network
Question
Students at a residence hall are reporting Internet connectivity issues.
The university's network administrator configured the residence hall's network to provide public IP addresses to all connected devices, but many student devices are receiving private IP addresses due to rogue devices.
The network administrator verifies the residence hall's network is correctly configured and contacts the security administrator for help.
Which of the following configurations should the security administrator suggest for implementation?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The issue reported by the students suggests that rogue devices are interfering with the network's ability to properly assign public IP addresses to all devices. This is likely due to unauthorized devices such as wireless access points being connected to the network.
To prevent rogue devices from interfering with the network, the security administrator should suggest the implementation of DHCP snooping. DHCP snooping is a security feature that is commonly used to prevent unauthorized DHCP servers on the network from assigning IP addresses to clients.
When DHCP snooping is enabled, the switch or router will intercept all DHCP packets that are sent over the network. It will then compare the information contained in these packets against a list of trusted DHCP servers that have been authorized by the network administrator. If a DHCP packet is received from an untrusted source, the switch or router will discard the packet.
DHCP snooping also provides protection against DHCP spoofing attacks. These types of attacks involve an attacker sending false DHCP packets to the network in an attempt to assign fake IP addresses to clients. When DHCP snooping is enabled, these types of attacks will be detected and prevented.
Router ACLs (Answer A) are not directly related to the issue at hand and are more commonly used to filter traffic based on specific criteria, such as IP addresses, ports, or protocols.
BPDU guard (Answer B) is a feature commonly used in spanning tree protocol (STP) to protect against the introduction of rogue switches into the network. While it can prevent unauthorized devices from connecting to the network, it does not address the DHCP issue at hand.
Flood guard (Answer C) is used to prevent network flooding caused by broadcast, multicast, or unicast packets. While it can help prevent network congestion, it does not address the DHCP issue at hand.
Therefore, the best option for the security administrator to suggest in this scenario is DHCP snooping (Answer D) to prevent rogue devices from interfering with the network's ability to assign public IP addresses.
