Filter
Top Products
640 - 607
Leading the way in IT testing and certification tools, www.testking.com
- 137 -
A. Bridge between management and sites.
B. Routers to provide the most secure segmentation.
C. A hub to provide the ease of management and a satisfactory alternative for the network security.
D. An Ethernet switch to secure separation through programming the access list of each port of the switch.
Answer: B.
Explanation:
Routers provide better separation, dividing the segments into both separate collision and broadcast domains, and
provide access lists for controlling security.
Incorrect Answers:
A, C, D are Layer 2 devices which breaks up the collision domains, but is still one broadcast domain. Security
and filtering within these devices are primitive (although switching is a little more advanced). Any filtering that
can be done at layer 2 is primitive and requires a lot of administrative effort.
Steve McQuerry. Interconnecting Cisco Network Devices. (Cisco Press: 2000) pages 18-28.
Q. 222
How does a bridge function?
A. It maintains a table of the IP address of the host connected to its internet segment
B. It passes packets outside of its network segment if its IP address cannot be found on its table.
C. It looks up the frames destination in its address table and sends the frame towards the destination.
D. It maintains the table of the data link layer and network layer addresses for the host connected to its
network segment.
Answer: C.
Explanation:
A transparent bridge stores information in memory in what is called a “forwarding table”. The forwarding table
lists each end station (from which the bridge has heard a frame within a particular time period) and the segment
on which it resides. When a bridge hears a frame on the network, it views the destination address and compares
it to the forwarding table to determine whether to filter, flood or copy the frame into another segment.
Incorrect Answers:
A is incorrect; the forwarding table does not contain a list of IP address. Rather it contains a list of devices that
it is connect to and on which segment each device resides.
B is incorrect; if the destination device is unknown to the bridge, the bridge forwards the frame to all segments
except the one on which it was received. This process is known as flooding.
D is incorrect; the device maintains a list of the data link layer addresses for host connected to its network
segment.