A network technician has discovered a rogue access point placed under an empty cubicle desk. Which of the following should the technician perform to ensure another cannot be placed on the network?
answer B is correct. if you say to disable the unused port yeah that answer could be correct. But read the question properly, if u disable the unused port I would still be used to a rough router by connecting the router to my own open port on the switch. so prevent that from happening u can do both by the way but in this context I will have to go with answer B.
"Which of the following should the technician perform to ensure another cannot be placed on the network?"
It's not saying anything about rogue dhcp servers at all. And having dhcp guard would do nothing to prevent you from putting a rogue switch on your own open port. Locking down unused ports is the right answer in this context.
In the Comptia objectives for 007 under " Switch port protection" is listed:
-Spanning Tree
-Flood guard
-BPDU guard
-Root guard
-DHCP snooping. (DCHP guard is not listed)
Answer is Disable unused ports.
DHCP guard feature in Hyper-V
Since Windows Server 2012, Microsoft introduced a new feature in Hyper-V named DHCP guard. This feature allows virtualization administrators to control which virtual network cards are eligible to do a DHCP offer. This is a very useful feature as it provides a full control to administrators to prevent rogue DHCP servers in virtualized networks.
DHCP guard feature can be enabled or disabled on VM NICs.
https://social.technet.microsoft.com/wiki/contents/articles/25660.how-to-prevent-rogue-dhcp-servers-on-your-network.aspx.
The correct answer is A.
The question is asking about Rogue access points and how to prevent future issues with them. The Rogue AP was found in an empty cubicle.
Disabling unused ports would be your first step in preventing unauthorized devices from accessing the network.
A. Disable unused ports on switches - 1st Step
Device Hardening - Disable unused ports: IP ports that are not needed for devices also represent doors that could be used to sneak in. It is highly recommended that unused ports be disabled to increase security, along with device ports (both physical and virtual ports).
B. Enable DHCP guard to detect rogue servers -
First, the term "DHCP guard" was not found in 4 different Net+ textbooks. DHCP Snooping was briefly mentioned, and the purpose of this is to prevent rogue DHCP servers from offering IP addresses to DHCP clients.
C. Configure WPA2 on all access points
WPA2 is a Data Encryption Standard
D. Use TACACS+ authentication
is a set of security protocols designed to provide authentication, authorization, and accounting (AAA) of remote users.
After going thru questions again makes sense, especially when u focus on question.
"ensure another cannot be placed on the network" guess A would be correct if it said on switch...
Yes, A seems to be correct. Because the question hints at the EMPTY Cubical. Therefore, suggesting that if it is unused, then the port should be disabled.
The correct answer is B. Remember, DHCP guard is literally DHCP snooping. It helps in detecting any rogue DHCP traffic coming from ports not connected to the known DHCP server>
And since APs do DHCP as well, then this will prevent the introduction of a rogue DHCP (aka rogue AP) on the network
I believed the answer is A. Disable unused ports.
Firstly, the question is talking about rogue AP, not rogue DHCP server.
AP (or WAP) are devices that are plug into the network to provide wireless access to connect to the network. The devices still need to connect to the switches via a LAN cable. Turning off the unused ports does not means turning the ports on the AP, but rather turning off the unused ports on the switches.
In some companies, every wall outlet is being connected to the switches irregardless if the wall outlet had been in used. This is done mostly by the contractors who wired up the buildings and had to labelled each outlet to the patch panel on the equipment rack.
Rogue AP means connecting unauthorized AP to the wall outlet to provide uncontrolled wireless connection to the network. In most companies, authorized AP are being controlled and setup to use some form of connection/login control and encryption for users to connect to the AP and access the network. A rogue AP are not setup to provide such controls and encryption and thus are a Security Risk. Rogue AP allows anyone to connect to the network thru the rogue AP and still able to obtain IP from the actual DHCP server, and (depending on any further security prevention) access to company information. Another security issue is Rogue AP may imitate actual company AP and obtain login credentials. Also, actual company users may access thru the rogue AP and transmit information wirelessly without encryption and thus allowing MITM attack to obtain informations.
Rogue DHCP server when plugged into a network will create issues with the IP addresses of devices in the network which are set to obtain IP from DHCP. When the devices are trying to renew IP, they may get the different kind of IP from the rogue DHCP server instead of actual DHCP server (depending on which DHCP server response faster), thus, losing connectivity to the actual network they are in. This is where DHCP guard/guarding/snooping came in. DHCP guard prevents rogue DHCP server from messing up the IPs of devices in the network. But it does not prevent rogue AP.
The basic of security policy to securing company network is to switch off unused ports on the switches that does not have anything connected to the corresponding wall outlets. (Some companies goes as far as plugging the LAN cables from the corresponding ports for unused ports.
The arguements of unplugging a person own computer to plug in rogue devices is kind of dragging the questions and answers too much. Then there will be more scenarios and possibilities needed to add to the multiple choice answers.
DHCP guarding configures Unifi switches to restrict DHCP servers to the IP's listed. This can prevent malicious or accidental DHCP servers (someone plugging their router into a LAN port and causing clients to join their network) Recommend enabling and including the Gateway for the network as a trusted DHCP server.Dec 14, 2018
I’m stilling going with A. Because if the port is shutdown anit nothing gonna happen.
I also think it is A.
Am looking at this from this point of view, a rogue access point can be any access point not supplied by the company and used to access the network. Let's say an employee, who is frustrated by the low wireless signal on his floor, brings his personal access point from home and connects it to the company switch port (conveniently available in the vacant cubicle next to him), because he finds it convenient and not necessarily for malicious purposes. This access point is found and (presumably) removed, which opens up the port. Now the technician need to ensure that "another" cannot be placed on the network.
I would think that the easiest way is to just disable unused ports on the switch?
Holy crap, I didn't even see the phrase "access point". You're correct. You can't disable a port for an AP. They are so tricky! So it has to be B, then yes?
First, enabling DHCP snooping doesn't restrict an AP from coming up. If it tried to be a DHCP Server it would restrict that, but wouldn't stop the otherwise normal operation of an AP. Second, DHCP "Guard" is not a valid command on any switches I know of, Cisco, Juniper, Arista, etc... To be correct, would have to be DHCP Snooping. In light of the incorrect syntax and irrelevancy of bringing an AP online which is the point of the question as written, I believe B cannot be right. As written, A is the only correct answer. I doubt the Q or A's are accurate in this case. Keep in mind, exam dumps are mostly created by test takers' "memory". So the questions are most likely not exact, nor are the answers always correct. Use them for what they are, do not memorize answers, verify and research what you don't know and you'll do great on the exam!
DHCP guard is a new property in Server 2012 Hyper-V that you can configure for each network adapter in a virtual machine (VM). When DHCP guard is enabled, it prevents a VM from acting as a DHCP server. If a VM attempts to send a packet that indicates it's a DHCP server, the packet will automatically be dropped.
This section is not available anymore. Please use the main Exam Page.N10-007 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hafizpus
Highly Voted 4 years, 11 months agojason24
Highly Voted 4 years, 10 months ago[Removed]
Most Recent 2 years, 12 months agomanueltov
3 years, 1 month agotokaxar738
3 years, 4 months agoStonetales987
3 years, 5 months ago[Removed]
3 years, 5 months agoKC88
3 years, 8 months agoBinarySoldier
4 years, 1 month agoPeteeer
4 years, 1 month agoeR1csg
4 years, 2 months agoeR1csg
4 years, 2 months agoeR1csg
4 years, 2 months agoeR1csg
4 years, 2 months agoeR1csg
4 years, 2 months agodarkxeno
4 years, 2 months agoNeela
4 years, 4 months agocdewet
4 years, 4 months agoswatian
4 years, 2 months agoSoldier
4 years, 5 months agoTedTheAtheist
4 years, 4 months agoKLT316
4 years, 7 months agoostralo
4 years, 7 months ago