Exam SY0-701 topic 1 question 473 discussion

MAC filtering is a network access control mechanism that allows or blocks devices based on their Media Access Control (MAC) addresses. By implementing MAC filtering, the network can restrict access to authorized devices only, preventing an unauthorized laptop from connecting and conducting scans, even if it is physically plugged into a network port.

Certification (i.e., 802.1X or certificate-based authentication) is indeed the most effective way to ensure that unauthorized devices, like a laptop plugged into an employee’s phone port, cannot access the network without proper authentication. 802.1X is a network access control protocol that requires devices to authenticate before gaining network access, preventing unauthorized access even if the device is physically plugged into the port MAC filtering: While this can limit access to devices with specific MAC addresses, it's less secure because MAC addresses can be easily spoofed. However, it's a supplementary measure that could be useful in tandem with other controls like 802.1X.

MAC filtering can be done by mobile (based on the mobile device, e.g., an Android phone is usually available) setting or MDM with the company application.

This should be certification, as the attacker can spoof the phones MAC address, by deploying certification with 802.1x there is greater security than MAC filtering.

Network segmentation divides the physical network into logical subnets isolated from each other. If an unauthorized user connects to the network port of an employee's phone, he will be within the employee network segment. Because of the segmentation, he will not have direct access to the network segment where the database servers reside. Even if he were to perform a network scan, he would see only the devices in his own segment, not the database servers.

The correct answer is: B. Segmentation Explanation: Segmentation involves dividing a network into smaller, isolated sub-networks or segments. By segmenting the network, you can control which devices or users have access to specific parts of the network. In this case, segmentation would prevent an unauthorized user from accessing sensitive parts of the network (such as the database servers) even if they plug their laptop into a network port. The unauthorized laptop would be placed on a segment of the network that does not have access to critical resources, thereby preventing scans and unauthorized access.

Certification (i.e., using 802.1X or certificate-based authentication) is the most effective way to ensure that simply plugging a laptop into a phone port will not grant unauthorized network access. The switch will refuse to pass traffic until the device proves it has valid authentication—effectively stopping casual plug-ins and scans in their tracks.