ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A logistics company recently replaced its access-layer hubs with Layer 3 switches. Corporate policy mandates that only the company-issued handheld scanners connected to switch interfaces Gi1/0/1-Gi1/0/24 are allowed to send frames, and any unauthorized device must be blocked automatically without manual intervention. Each port services exactly one scanner, and scanners use static IP addresses. Which switch feature will best satisfy the requirement while demanding the least ongoing administrative effort?
Configure port security on interfaces Gi1/0/1-Gi1/0/24 to allow only one learned or statically defined MAC address and set the violation action to shutdown.
Enable BPDU Guard on interfaces Gi1/0/1-Gi1/0/24.
Enable Dynamic ARP Inspection on interfaces Gi1/0/1-Gi1/0/24.
Apply an outbound standard IPv4 ACL to each interface that permits only the scanners' IP addresses.
Port security lets an administrator specify how many and which source MAC addresses are accepted on a switch interface. When the configured limit is exceeded or an unexpected MAC address appears, the switch can automatically shut the port, effectively blocking the unauthorized device. Because each access port hosts a single known scanner, setting the maximum to one learned or statically assigned MAC address meets the policy with almost no day-to-day maintenance. Dynamic ARP Inspection validates ARP traffic but does not stop a device from sending other Layer 2 frames. An outbound IPv4 ACL would have to be maintained for every possible scanner IP and can be bypassed by spoofing a permitted address. BPDU Guard protects against rogue switches sending STP BPDUs; it does not restrict end-station access. Therefore, enabling port security with a single allowed MAC address per port is the most effective and low-maintenance solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is port security on a Layer 3 switch?
Open an interactive chat with Bash
Why is Dynamic ARP Inspection not suitable for blocking unauthorized devices?
Open an interactive chat with Bash
What is BPDU Guard, and why isn’t it appropriate in this scenario?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Network and Communication Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .