Demo Edition
CERT MAGIC
Securing Networks with Cisco Routers & Switches
Exam: 642-502
642-502
1
http://www.certmagic.com
QUESTION: 1
A new Company switch has been installed and you wish to secure it. Which Cisco
Catalyst IOS command can be used to mitigate a CAM table overflow attack?
A. switch(config-if)# port-security maximum 1
B. switch(config)# switchport port-security
C. switch(config-if)# port-security
D. switch(config-if)# switchport port-security maximum 1
E. switch(config-if)# switchport access
F. switch(config-if)# access maximum 1
Answer: D
Explanation:
Enabling and Configuring Port Security: Beginning in privileged EXEC mode, follow
these steps to restrict input to an interface by limiting and identifying MAC addresses
of the stations allowed to access the port:
To ensure that only a single station's MAC address is allowed on a given port, specify
the value of the "switchport port-security maximum" command to 1. This will
safeguard against CAM overflow attacks.
Reference:
http://www.cisco.com/en/US/products/hw/switches/ps5206/products_configuration_gui
de_chapter09186a00801
QUESTION: 2
SIMULATIONThe following diagram displays a portion of the Company network:
642-502
2
http://www.certmagic.com
You work for the Company, which has a server connected to their infrastructure
through a switch named Houston. Although Company uses VLANs for security, an
attacker is trying to overflow the CAM table by sending out spoofed MAC addresses
through a port on the same switch as the server. Your task is to configure the switch to
protect the switch from a CAM table overflow attack. For purposes of this test, we will
assume that the attacker is plugged into port Fa0/12. The topology is pictured in the
exhibit. The enable password for the switch is Company. The following passwords
have been assigned to the Houston switch: Console passwords: california VTY lines
0-4 password: city Enable passwords: Company Start the simulation by clicking on the
host.
Answer:
Switch1(config)# interface fastethernet0/12
Swi