CompTIA Security+ (SY0-701) — Question 272
A recent penetration test identified that an attacker could flood the MAC address table of network switches. Which of the following would best mitigate this type of attack?
Answer options
- A. Load balancer
- B. Port security
- C. IPS
- D. NGFW
Correct answer: B
Explanation
Port security is the most effective method to mitigate MAC address table flooding, as it limits the number of MAC addresses that can be learned on a switch port. Load balancers, IPS, and NGFWs do not specifically address the MAC address table issue, making them less suitable for this particular attack vector.