Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network?

Which security measure is best used to limit the success of a reconnaissance attack from within a campus area network?

• Implement restrictions on the use of ICMP echo-reply messages.
• Implement a firewall at the edge of the network.
• Implement access lists on the border router.
• Implement encryption for sensitive traffic.

Explanation: The implementation of an access list may provide extra security by permitting denying a flow of traffic, but it will not provide a direct response to limit the success of the attack. The implementation of a firewall on the network edge may prevent reconnaissance attacks from the Internet, but attacks within the local network are not prevented. By implementing restrictions on the sending of ICMP echo-reply messages within a local network, devices may not respond to ping messages, but port scans are not prevented and clear-text data sent on the network are still vulnerable. The best security measure is to encrypt as much network traffic as possible, both user data and network management traffic.

Exam with this question: CCNA Security Final Exam Answers
Exam with this question: Modules 1 - 4: Securing Networks Group Exam Answers
Exam with this question: Network Security Checkpoint Exam Answers