Exam SY0-701 topic 1 question 473 discussion

Network segmentation divides the physical network into logical subnets isolated from each other. If an unauthorized user connects to the network port of an employee's phone, he will be within the employee network segment. Because of the segmentation, he will not have direct access to the network segment where the database servers reside. Even if he were to perform a network scan, he would see only the devices in his own segment, not the database servers.

The correct answer is: B. Segmentation Explanation: Segmentation involves dividing a network into smaller, isolated sub-networks or segments. By segmenting the network, you can control which devices or users have access to specific parts of the network. In this case, segmentation would prevent an unauthorized user from accessing sensitive parts of the network (such as the database servers) even if they plug their laptop into a network port. The unauthorized laptop would be placed on a segment of the network that does not have access to critical resources, thereby preventing scans and unauthorized access.

Certification (i.e., using 802.1X or certificate-based authentication) is the most effective way to ensure that simply plugging a laptop into a phone port will not grant unauthorized network access. The switch will refuse to pass traffic until the device proves it has valid authentication—effectively stopping casual plug-ins and scans in their tracks.

MAC filtering is a network access control mechanism that allows or blocks devices based on their Media Access Control (MAC) addresses. By implementing MAC filtering, the network can restrict access to authorized devices only, preventing an unauthorized laptop from connecting and conducting scans, even if it is physically plugged into a network port.